Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ctfmon.lnk lsass.exe BKA-Trojaner

ctfmon.lnk lsass.exe BKA-Trojaner


Plagegeister aller Art und deren Bekämpfung: ctfmon.lnk lsass.exe BKA-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 20.11.2012, 13:21   #1
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Hallo
Beim Absurfen von diversen Seiten hatte ich plötzlich diese ominöse BKA-Meldung von wegen 100.-EUR zahlen usw...

Ich hab dann eure Seite gefunden und bereits zuvor mit MalwareByte Antimalware einen Scan gemacht. Jetzt grad eben auch mit OTL.

Für eure Hilfe im Voraus schonmal vielen Dank!

Hier sind meine Logs:
Malwarebyte
Zitat:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nomane :: PC-1 [Administrator]

Schutz: Aktiviert

20.11.2012 03:35:53
mbam-log-2012-11-20 (10-09-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1004561
Laufzeit: 2 Stunde(n), 38 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4024 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\Users\nomane\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\nomane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1467c59f-4b5e6313 (Spyware.Zbot) -> Keine Aktion durchgeführt.
C:\Users\nomane\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\nomane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
OTL
Zitat:
OTL logfile created on: 20.11.2012 13:08:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nomane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 75,43% Memory free
16,00 Gb Paging File | 14,05 Gb Available in Paging File | 87,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,01 Gb Total Space | 8,39 Gb Free Space | 8,39% Space Free | Partition Type: NTFS
Drive D: | 880,00 Gb Total Space | 10,63 Gb Free Space | 1,21% Space Free | Partition Type: NTFS
Drive E: | 883,01 Gb Total Space | 413,82 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive M: | 14,83 Gb Total Space | 14,81 Gb Free Space | 99,88% Space Free | Partition Type: FAT32

Computer Name: PC-1 | User Name: nomane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.20 03:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nomane\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.20 02:48:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.03.02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.03.01 22:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.11.15 14:18:44 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\nomane\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011.08.24 02:13:43 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2010.11.26 23:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.11.26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.03.11 12:29:52 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe
PRC - [2009.12.19 01:06:00 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.04 22:49:19 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.08.04 22:49:16 | 012,081,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ecd2692064fb5298ccdb5ce7d4a692c2\System.Web.ni.dll
MOD - [2012.08.04 22:49:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll
MOD - [2012.08.04 22:25:11 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.08.04 22:25:10 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.08.04 22:25:06 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.08.04 22:25:04 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.08.04 22:25:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.08.04 22:25:03 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.08.04 22:25:01 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.08.04 22:25:00 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.08.04 22:24:56 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.30 12:50:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 14:07:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.05.15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.11.18 02:06:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2011.09.02 05:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 05:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 02:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2010.11.26 23:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.25 18:53:50 | 002,155,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 12:29:52 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe -- (AxiomAudioDevMon)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.19 01:06:00 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.10.0)
SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.04.11 22:11:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.27 00:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011.12.19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011.12.19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011.12.19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011.12.19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.06.27 14:18:54 | 000,276,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.23 18:17:36 | 000,025,144 | ---- | M] (Evoluent) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)
DRV:64bit: - [2010.06.23 18:17:36 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV:64bit: - [2010.05.15 19:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.03.11 12:29:48 | 000,137,736 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioAxiom.sys -- (AXIOM)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2007.08.31 13:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007.06.21 16:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007.06.21 16:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007.06.21 16:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007.01.17 13:32:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder2.sys -- (Spyder2)
DRV:64bit: - [2006.12.13 10:34:04 | 000,253,568 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bender64.sys -- (BENDER)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.03.27 00:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.09.02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/12/08 13:36:45] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 02:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 EF 4F 4A 94 C1 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.9.2.0
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nomane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nomane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.09.03 01:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.20 02:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 21:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.30 12:50:51 | 000,000,000 | ---D | M]

[2011.01.31 23:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\Extensions
[2011.01.31 23:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.01 01:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\Firefox\Profiles\yzphwc9b.default\extensions
[2012.09.18 11:56:15 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\nomane\AppData\Roaming\mozilla\Firefox\Profiles\yzphwc9b.default\extensions\foxmarks@kei.com
[2012.04.25 11:04:32 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\nomane\AppData\Roaming\mozilla\Firefox\Profiles\yzphwc9b.default\extensions\maps@ovi.com
[2012.11.01 01:09:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.03 01:31:15 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.25 11:00:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.05 15:40:50 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\maps@ovi.com\plugins\package.XPI
[2012.10.27 21:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.20 02:48:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.27 21:38:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.20 02:48:47 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.25 01:30:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 01:10:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 01:30:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 01:30:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 01:30:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 01:30:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.10.17 14:35:02 | 000,436,522 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15020 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\nomane\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD38D201-154C-4CC1-894B-1246869B5A11}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.20 12:29:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nomane\Desktop\OTL.exe
[2012.11.20 03:35:05 | 000,000,000 | ---D | C] -- C:\Users\nomane\AppData\Local\Programs
[2012.11.20 03:28:14 | 000,000,000 | ---D | C] -- C:\Users\nomane\AppData\Roaming\Malwarebytes
[2012.11.20 03:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.20 03:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 03:28:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.20 03:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.06 02:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.11.05 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\nomane\AppData\Local\ElevatedDiagnostics
[2012.11.05 19:24:09 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMXLMAU.DLL
[2012.11.05 19:22:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.11.05 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6200 series
[2012.11.05 19:22:14 | 000,373,248 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AUL.dll
[2012.11.05 19:22:14 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AUL.dll
[2012.11.05 19:22:14 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AUC.dll
[2012.11.05 19:22:14 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AUU.dll
[2012.11.05 19:22:14 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AUI.dll
[2012.11.05 19:22:14 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2012.11.05 19:22:14 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2012.11.05 19:22:04 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
[2012.11.05 19:22:02 | 000,256,000 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUAU.DLL
[2012.11.05 19:22:02 | 000,098,304 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC_AUO.dll
[2012.11.05 19:21:54 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.10.30 12:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.27 21:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.20 13:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 13:02:34 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 13:02:34 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 13:01:44 | 002,610,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 13:01:44 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 13:01:44 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 13:01:44 | 000,391,798 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.11.20 13:01:44 | 000,374,696 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012.11.20 13:01:44 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 13:01:44 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 13:01:44 | 000,118,730 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012.11.20 13:01:44 | 000,113,816 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.11.20 12:56:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.20 12:55:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.20 12:55:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 12:54:59 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 12:54:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1403786494-3412025529-4002163157-1001UA.job
[2012.11.20 12:53:55 | 000,000,188 | ---- | M] () -- C:\Users\nomane\defogger_reenable
[2012.11.20 12:50:40 | 000,302,592 | ---- | M] () -- C:\Users\nomane\Desktop\csk9ncv3.exe
[2012.11.20 12:48:56 | 000,050,477 | ---- | M] () -- C:\Users\nomane\Desktop\Defogger.exe
[2012.11.20 03:45:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.20 03:28:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.20 03:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nomane\Desktop\OTL.exe
[2012.11.20 02:42:52 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.15 17:54:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1403786494-3412025529-4002163157-1001Core.job
[2012.11.12 13:43:07 | 000,098,304 | ---- | M] () -- C:\Users\nomane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.20 12:53:55 | 000,000,188 | ---- | C] () -- C:\Users\nomane\defogger_reenable
[2012.11.20 12:50:25 | 000,302,592 | ---- | C] () -- C:\Users\nomane\Desktop\csk9ncv3.exe
[2012.11.20 12:48:48 | 000,050,477 | ---- | C] () -- C:\Users\nomane\Desktop\Defogger.exe
[2012.11.20 03:28:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.20 02:42:13 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.05 19:22:14 | 000,068,352 | ---- | C] () -- C:\Windows\SysWow64\CNC1755D.TBL
[2012.11.05 19:22:14 | 000,068,352 | ---- | C] () -- C:\Windows\SysNative\CNC1755D.TBL
[2012.11.04 21:26:33 | 009,495,015 | ---- | C] () -- C:\Users\nomane\Desktop\11 - Chopin - Konzert in e-moll - 3.Satz (2009).mp3
[2012.11.04 21:26:33 | 009,342,878 | ---- | C] () -- C:\Users\nomane\Desktop\11 - Chopin - Konzert in e-moll - 2.Satz (2009).mp3
[2012.11.04 21:26:32 | 019,358,016 | ---- | C] () -- C:\Users\nomane\Desktop\11 - Chopin - Konzert in e-moll - 1.Satz (2009).mp3
[2012.09.19 13:16:12 | 000,000,012 | ---- | C] () -- C:\Windows\Recorder.dat
[2012.09.19 13:12:00 | 000,000,173 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\default.rss
[2012.09.18 23:12:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.06.14 12:05:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.16 13:47:29 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2012.03.15 16:16:49 | 000,707,354 | ---- | C] () -- C:\Windows\unins001.exe
[2012.03.15 16:16:49 | 000,001,062 | ---- | C] () -- C:\Windows\unins001.dat
[2011.12.21 22:07:10 | 000,000,218 | ---- | C] () -- C:\Users\nomane\.recently-used.xbel
[2011.12.15 23:39:58 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.21 12:35:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.17 14:57:00 | 000,001,825 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.06 10:16:13 | 000,000,022 | -HS- | C] () -- C:\Users\nomane\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.09.08 11:09:37 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2011.07.13 10:38:51 | 002,579,620 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.27 14:25:03 | 000,000,036 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.06.20 11:02:46 | 000,000,132 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.06.20 01:01:38 | 000,000,132 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.06.15 11:52:06 | 000,000,132 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.06.14 22:22:30 | 000,000,000 | ---- | C] () -- C:\Windows\graphedt.INI
[2011.06.06 01:43:12 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.06 01:36:34 | 000,000,444 | ---- | C] () -- C:\Windows\cedocida.ini
[2011.06.05 11:46:37 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.06.05 11:46:37 | 000,004,873 | ---- | C] () -- C:\Windows\unins000.dat
[2011.06.05 03:55:09 | 000,130,560 | ---- | C] () -- C:\Windows\SysWow64\cedocida.dll
[2011.06.02 02:21:10 | 000,007,601 | ---- | C] () -- C:\Users\nomane\AppData\Local\Resmon.ResmonCfg
[2011.05.27 16:53:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2011.05.25 23:08:14 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011.05.06 10:01:19 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2011.05.04 10:58:30 | 000,000,361 | ---- | C] () -- C:\Windows\asfbinwin.INI
[2011.02.17 01:27:31 | 000,000,073 | ---- | C] () -- C:\Windows\M3UCreator.ini
[2011.02.11 13:09:56 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011.02.07 14:59:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.02.03 00:18:58 | 000,000,942 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\coreavc.ini
[2011.02.02 03:39:45 | 000,098,304 | ---- | C] () -- C:\Users\nomane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.01 22:17:57 | 000,001,024 | ---- | C] () -- C:\Users\nomane\.rnd

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.12.09 12:55:10 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\.anki
[2012.10.30 23:54:22 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Ableton
[2011.09.29 10:59:00 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\BDREBUILDER
[2012.02.29 01:54:38 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.17 11:11:22 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\com.unitedinternet.ums.sms-mms-manager
[2011.07.25 12:38:22 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Compile_AHK
[2012.10.16 03:35:56 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\DAEMON Tools Lite
[2012.02.28 14:10:10 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\EAC
[2012.09.18 14:55:33 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\foobar2000
[2011.05.09 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Foxit Software
[2011.02.04 03:11:32 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\GARMIN
[2011.02.04 02:40:56 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\GeoSetter
[2011.12.21 21:24:23 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\gtk-2.0
[2011.02.01 12:24:54 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\IrfanView
[2011.06.15 14:57:29 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Mael
[2012.08.21 12:30:25 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Mirillis
[2011.02.01 13:05:40 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\mkvtoolnix
[2011.12.15 23:45:47 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\ML
[2011.08.10 01:57:22 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Nitroplus
[2012.03.22 00:25:09 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Notepad++
[2011.02.01 00:14:15 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\OpenOffice.org
[2012.03.19 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Opera
[2011.02.02 13:44:24 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\PDF Writer
[2012.01.10 17:49:48 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Propellerhead Software
[2011.11.16 13:41:58 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\ProtectDISC
[2011.05.15 22:09:12 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Publish Providers
[2011.12.27 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011.12.12 14:46:46 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Samsung
[2011.11.15 14:18:29 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\SanDisk
[2011.07.25 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Softplicity
[2012.01.02 03:02:07 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Sony
[2011.05.25 23:10:14 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.09.28 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Stereoscopic Player
[2011.01.31 23:43:30 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\SupRip
[2012.02.10 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\TeamViewer
[2012.06.11 04:47:32 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\The Creative Assembly
[2011.01.31 23:54:34 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Thunderbird
[2012.04.17 12:15:55 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Vision Videogames
[2011.05.15 22:29:02 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Waves Audio
[2012.04.19 01:23:32 | 000,000,000 | ---D | M] -- C:\Users\nomane\AppData\Roaming\Z-Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 1321 bytes -> C:\ProgramData\Microsoft:33AcTZ4fuoqnyEmD7
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:PSZyhJsBHJOBO9tCg6Zjk

< End of report >
OTL-Extras
Zitat:
OTL Extras logfile created on: 20.11.2012 12:30:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nomane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 6,39 Gb Available Physical Memory | 79,93% Memory free
16,00 Gb Paging File | 14,37 Gb Available in Paging File | 89,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,01 Gb Total Space | 8,39 Gb Free Space | 8,39% Space Free | Partition Type: NTFS
Drive D: | 880,00 Gb Total Space | 10,63 Gb Free Space | 1,21% Space Free | Partition Type: NTFS
Drive E: | 883,01 Gb Total Space | 413,82 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive H: | 4,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive M: | 14,83 Gb Total Space | 14,81 Gb Free Space | 99,88% Space Free | Partition Type: FAT32

Computer Name: PC-1 | User Name: nomane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*isabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*isabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029B87A6-9C4A-40E7-B08D-149EC6D37C98}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{02F3DD71-6716-4846-B81F-67B96047FD9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{07051F31-EAA3-4B62-AEFA-9FF7E5AD6FE7}" = lport=445 | protocol=6 | dir=in | app=system |
"{11A4AA2D-9417-4188-BC48-4AC21DDBE45E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B937AFC-5B30-49B5-A540-2563024755D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{2E62E83D-3492-43E4-8FD3-00FE5FDE149B}" = rport=137 | protocol=17 | dir=out | app=system |
"{39C9BB28-3E64-4D72-9256-DD9D78A5801E}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C3C4318-CC5F-4EBA-9FFD-394116984BD7}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
"{478B9556-84CB-4C85-B6C4-9980DB3A4D2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{48018997-FF7B-48CD-8EEC-3DDAD722FF0C}" = lport=137 | protocol=17 | dir=in | app=system |
"{56339765-AC72-4F02-9F65-E5BD0D49389B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{623A20DD-175F-41EE-99E0-7053133DB27D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8B467ADA-C8A4-493F-996A-682918E4DE14}" = lport=10243 | protocol=6 | dir=in | app=system |
"{906491E3-DB83-4286-BED3-B4C6CC81374A}" = lport=139 | protocol=6 | dir=in | app=system |
"{96845F3C-C96B-4183-83CC-01E8E39D1D61}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACA61564-A6F1-4A82-A43B-A1A825D1697D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACEE4AFB-CC06-434A-B833-CC565DC4F4D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B17C0ECE-BC01-42F0-8FF1-420DE53B16F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B75DB40D-98EF-4E97-B982-D016D40D7F17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC67A9CF-B18D-4881-B2AA-BE45822FDA5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C501D579-D49A-4785-AA19-3EE44F513A76}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB86575D-7748-496A-8A87-02B224DC1FA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DFFB135D-7288-4555-A18D-E9FEB80688BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7132E71-6FB8-459E-AECE-E4DE2FF3D1D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDF133A-D852-47B3-A52E-906B79A73C30}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF3FB870-FEF1-4D66-878B-FFAF56F95A80}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B85DE7E-C66B-4EB9-AB2C-6D51FC52ACD8}" = protocol=6 | dir=out | app=system |
"{256E4694-33F0-4C54-B08D-F583257A8AD2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{2A5BA49B-C8E5-4707-B3F2-6F275227E563}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{2F30F933-2C68-4189-AC2F-1D9A01C30697}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F426983-F419-4A31-8377-EF74051097D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3147BBD9-BFB5-4FC8-B135-7A55F4E218FE}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{396C4596-E386-4B66-B59E-DB9CBA939F4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B1AFEB0-2A1E-41E6-B048-6D99DF6678B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D611F8F-EB41-4592-9A19-D1E4417E64B8}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{44C2F466-477F-43F0-9FCD-D5231E97C514}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{44E21C11-B543-43E4-B84C-30B371E04719}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{46F2CAC7-177B-4AFC-8116-41E4EFC926E9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{49AFDCA5-7D7C-41AB-9993-C758AC6613F4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{4C8A2256-7B11-492B-88A1-8C939BC26593}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{4E1834A7-102E-4E20-8D2F-EE584293E614}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D037A22-DD3D-471D-A1C6-7A4F0321B86E}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{65395326-A4E7-4465-9101-4C577EBBF8F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{658A7441-0189-4E97-90E3-512AE08FB852}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A563585-D7DA-4C3C-B360-20EFA1D3188E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{70F0BE49-9E1E-4E7A-8AAF-F469DE8DB5D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{71CD13AC-94DB-41C6-AF4D-7F2E06ADD15D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{74CA9EE4-FC59-447E-9367-E0BE9A83505B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{81BBB18D-2CDB-49FA-8DC5-EDD9D4565E0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{906562C5-66D4-40D5-8B34-9721F986653E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{975A3DD5-E31E-4DE9-8812-7C3EE7E476A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{9F40DEC1-EA7C-4FE6-ABDA-68CFE8B42396}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A67EC312-7E8D-4947-98E3-1D85CC44E011}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AA5B5AF0-6380-496C-B8E3-D5EC41FD3700}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AD74B165-8908-4240-A14E-FCE1A2D7E23C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADF7BB87-8D28-4A71-ADBD-C4B699062572}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B1999B42-A90F-49CB-9574-5573221E2F10}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{B4DFC0EB-E7DB-4C5C-AD6B-9A3DC90D1723}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BF0D8821-07D4-43E0-9C2F-E8BDA4612BAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5F8C48F-8BF0-4ABB-8D7D-501356CAB3E8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D00B7BF8-81A2-443F-B95F-6C04C8862864}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D92C405A-841C-4B57-BFEE-54C27E7ED098}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{E538C1DF-D818-472B-9A1D-7B84386D625E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC483F02-DDB1-4207-AF5E-9424D7BA3F4E}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{EF714913-C2C6-4861-B4EB-C7243692EA5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC52AF94-3FAC-4087-A348-CBCE78DFC0F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{0C031C2A-D915-44CC-B4FC-4A96F10D7CEC}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe |
"TCP Query User{1F54DCB2-E3A8-4ED5-B3B9-DD1920C1193D}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe |
"TCP Query User{334088D9-0D85-4968-815F-154DAAF89C36}D:\_installed\ingdoms of amalur\reckoning.exe" = protocol=6 | dir=in | app=d:\_installed\ingdoms of amalur\reckoning.exe |
"TCP Query User{37921E3A-6FD1-4696-AC80-9F5A02E29470}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{3AE14392-0036-4751-BCB1-C94020C632FF}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{428CF933-1FD9-4E84-9F78-2D62135C145D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{740DF9EA-3C19-436F-A1A8-D8FF408F0492}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{755A698C-E202-4848-9B62-C7624A6C3945}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{78B298D2-983B-4069-91AB-29980E49EF61}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe |
"TCP Query User{7ABE34BF-0B9B-4D2A-8389-9CE3E5D793AC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{99FBDBC7-270F-492F-B40B-3A48AAC3EB70}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C1674337-9433-47D9-BDB9-FE5F947CE068}D:\_installed\borderlands goty edition\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\_installed\borderlands goty edition\binaries\borderlands.exe |
"TCP Query User{C473E74A-5283-4709-B210-4E076DC5B45B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F09FB9ED-4186-414C-BD24-275DA31EEBD3}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe |
"UDP Query User{107C1BC1-06BE-4127-9180-D7A95735AAEB}D:\_installed\ingdoms of amalur\reckoning.exe" = protocol=17 | dir=in | app=d:\_installed\ingdoms of amalur\reckoning.exe |
"UDP Query User{2505406F-F742-48C2-AAA8-9969D06189C2}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{30FAB1A1-8210-48F1-AFC0-4B1F607399C3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{41159487-D316-4D3D-B455-30B7A8B8452E}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{54B82C9D-2429-4814-A600-E4C72B7A6825}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe |
"UDP Query User{6BCCD628-06D8-432B-956F-F6CAC1D52FC8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{7B8EC450-39CE-48E1-83EF-E24295BB024B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{827A61A3-7CFB-472B-9267-818A5116E16F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{8DCFB6BE-E5F3-4139-B9F9-C2785F88BC8C}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe |
"UDP Query User{97E596F9-7546-4C70-AEB4-6232576E2A63}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B3F1D923-D1DA-4798-A219-C9563B27943C}D:\_installed\borderlands goty edition\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\_installed\borderlands goty edition\binaries\borderlands.exe |
"UDP Query User{C661650D-B845-4788-AE93-8B20636C8168}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe |
"UDP Query User{C897A93B-6484-4F42-AC33-90762C74F5F3}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe |
"UDP Query User{CDEE3839-95B2-4519-A1B6-1728AB73156E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{15231FFA-7E2E-4289-9A9D-A87D158FA62E}" = M-Audio Axiom Driver 1.1.2 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agent Ransack (64-bit)_is1" = Agent Ransack 2010 (64-bit)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
"CCleaner" = CCleaner
"cedocida" = Cedocida DV Codec (32 Bit and 64 Bit)
"Defraggler" = Defraggler
"jEdit_is1" = jEdit 4.5.0
"MediaInfo" = MediaInfo 0.7.41
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0379CF3E-BED6-474C-AE96-D07E8D7763AC}_is1" = Simple CSS 2.1
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D8A817D-597C-49A6-B90F-7D67C0D7B276}" = Enosoft DV Processor - Unlicensed
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1825AC97-DAFA-1360-D159-431A10716F41}" = GMX SMS-Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.1.4235
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F34E931-7BEA-4BC6-8286-4197EC77EF34}" = Garmin TOPO Deutschland 2012 Pro
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5236C5F0-9539-49DB-829A-D2C964F455D3}" = Ableton Live 8
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{567396A8-B892-455B-907D-463B09E28D46}" = M-Audio Axiom DirectLink for Reason 1.0.0 (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6f1823b2-1f59-4c39-bcc7-3827224b0c12}" = Nero 9
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B4A6011-BB10-4918-B561-3F6CF5712B37}" = Splash Lite
"{8CD2E489-03F4-4AC0-8B68-D8C7DFE731DD}" = Stereoscopic Player
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95E1E18E-CB4B-4E33-986C-F5667F718C19}_is1" = Kingdoms of Amalur Reckoning Version v1.0
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.25)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllSync_is1" = AllSync
"AnyDVD" = AnyDVD
"AutoHotkey" = AutoHotkey 1.1.00.01
"avast" = avast! Free Antivirus
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.4.2
"Borderlands-u-GOTY_is1" = Borderlands GOTY Edition
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8 Qt_is1" = DVDFab 8.1.2.0 (15/09/2011) Qt
"ffdshow_is1" = ffdshow v1.1.3866 [2011-05-30]
"foobar2000" = foobar2000 v1.1.15
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"GeoSetter_is1" = GeoSetter 3.4.16
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0
"HaaliMkx" = Haali Media Splitter
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"M3U-List Creator V1.3_is1" = M3U-List Creator V1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MeGUI" = MeGUI (remove only)
"MKVtoolnix" = MKVtoolnix 4.9.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDVD" = Softwarenetz MyDVD
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PhotoME_is1" = PhotoME
"Poker Players Paradise 1.1" = Poker Players Paradise
"quicktime_lite_is1" = QT Lite 4.1.0
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 15.0" = RealPlayer
"ReNamer_is1" = ReNamer
"SciTE4AutoHotkey" = SciTE4AutoHotkey v3 beta 5
"SMPlayer" = SMPlayer 0.6.9
"Spyder2PRO" = Spyder2PRO
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 7" = TeamViewer 7
"The Elder Scrolls V™ SKYRIM Creation Kit_is1" = The Elder Scrolls V™ SKYRIM Creation Kit
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"The Elder Scrolls V™ SKYRIM ModManager_is1" = The Elder Scrolls V™ SKYRIM ModManager
"The Elder Scrolls V™ SKYRIM Script Extender (SKSE)_is1" = The Elder Scrolls V™ SKYRIM (SKSE)
"The Elder Scrolls V™ SKYRIM SkyUI_is1" = The Elder Scrolls V™ SKYRIM SkyUI
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit)
"UndeletePlus™_is1" = UndeletePlus™ 3.0.0.602
"VLC media player" = VLC media player 2.0.2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Waves Mercury Bundle" = Waves Mercury Bundle
"WinGDB3" = WinGDB3 3.2
"WinRAR archiver" = WinRAR Archivierer
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.7.7
"xp-AntiSpy" = xp-AntiSpy 3.97-10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.11.2012 19:41:39 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description =

Error - 16.11.2012 10:50:24 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description =

Error - 19.11.2012 04:40:44 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description =

Error - 20.11.2012 01:35:08 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Die abhängige
Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.11.2012 01:36:24 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Die abhängige
Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.11.2012 01:36:51 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.11.2012 01:37:06 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Die abhängige
Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 20.11.2012 01:41:33 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description =

Error - 20.11.2012 05:10:41 | Computer Name = PC-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0x00000000 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x758 Startzeit der fehlerhaften Anwendung: 0x01cdc6c171fc51c8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 27807f3b-32f2-11e2-8404-e0cb4ebac77f

Error - 20.11.2012 07:29:19 | Computer Name = PC-1 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\_download\esetsmartinstaller_deu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Media Center Events ]
Error - 25.02.2011 20:45:02 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:45:02 - Fehler beim Herstellen der Internetverbindung. 01:45:02
- Serververbindung konnte nicht hergestellt werden..

Error - 25.02.2011 20:45:35 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:45:31 - Fehler beim Herstellen der Internetverbindung. 01:45:31
- Serververbindung konnte nicht hergestellt werden..

Error - 02.03.2011 20:14:19 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:14:19 - Fehler beim Herstellen der Internetverbindung. 01:14:19
- Serververbindung konnte nicht hergestellt werden..

Error - 02.03.2011 20:14:52 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:14:48 - Fehler beim Herstellen der Internetverbindung. 01:14:48
- Serververbindung konnte nicht hergestellt werden..

Error - 02.12.2011 06:59:54 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 11:59:53 - Fehler beim Herstellen der Internetverbindung. 11:59:54
- Serververbindung konnte nicht hergestellt werden..

Error - 02.12.2011 07:00:27 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 12:00:23 - Fehler beim Herstellen der Internetverbindung. 12:00:23
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 19.11.2012 21:52:39 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 19.11.2012 21:52:39 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 20.11.2012 05:14:52 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 20.11.2012 05:14:52 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 20.11.2012 05:15:02 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 20.11.2012 05:15:02 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 20.11.2012 07:29:40 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 20.11.2012 07:29:40 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 20.11.2012 07:29:51 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 20.11.2012 07:29:51 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description =


< End of report >

Alt 20.11.2012, 18:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________
Alt 21.11.2012, 00:42   #3
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Hallo cosinus
Danke für die nette Begrüßung und natürlich deine Hilfe

Vorweg eine kurze Frage: Soll ich meine Kiste wieder ans Netz hängen um z.B. die Scanner zu aktualisieren? Momentan (seit direkt nach dem Popup) ist sie komplett getrennt und ich lade alles von einem anderen PC per USB-Stick rüber.

Hier sind die Logs
------------------
Bei aswMBR ist er immer bei einer Datei hängen geblieben, deswegen hab ich den Test nochmal mit "none" bei AV-Scan gemacht. Hab dennoch auch für den ersten Test ein Log:

AV-SCAN = "none"
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-20 23:53:10
-----------------------------
23:53:10.340    OS Version: Windows x64 6.1.7601 Service Pack 1
23:53:10.340    Number of processors: 4 586 0x403
23:53:10.340    ComputerName: PC-1  UserName: 
23:53:11.541    Initialize success
23:53:14.973    AVAST engine defs: 12111901
23:53:21.198    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:53:21.198    Disk 0 Vendor: WDC_WD2002FYPS-02W3B0 04.01G01 Size: 1907729MB BusType: 3
23:53:21.369    Disk 0 MBR read successfully
23:53:21.385    Disk 0 MBR scan
23:53:21.385    Disk 0 Windows 7 default MBR code
23:53:21.400    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102407 MB offset 2048
23:53:21.400    Disk 0 Partition - 00     0F Extended LBA           1805320 MB offset 209731584
23:53:21.463    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       901120 MB offset 209733632
23:53:21.478    Disk 0 Partition - 00     05     Extended            904199 MB offset 2055227392
23:53:21.525    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       904198 MB offset 2055229440
23:53:21.603    Disk 0 scanning C:\Windows\system32\drivers
23:53:32.664    Service scanning
23:53:43.662    Modules scanning
23:53:43.677    Disk 0 trace - called modules:
23:53:43.755    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
23:53:43.755    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af2060]
23:53:43.771    3 CLASSPNP.SYS[fffff880018f543f] -> nt!IofCallDriver -> [0xfffffa8006b2b520]
23:53:43.771    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006b29680]
23:53:43.771    Scan finished successfully
23:54:15.938    Disk 0 MBR has been saved successfully to "M:\MBR.dat"
23:54:15.969    The log file has been saved successfully to "M:\aswMBR.txt"
AV-SCAN = Quickscan
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-20 23:54:26
-----------------------------
23:54:26.702    OS Version: Windows x64 6.1.7601 Service Pack 1
23:54:26.702    Number of processors: 4 586 0x403
23:54:26.702    ComputerName: PC-1  UserName: 
23:54:28.059    Initialize success
23:54:31.476    AVAST engine defs: 12111901
23:54:34.346    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
23:54:34.346    Disk 0 Vendor: WDC_WD2002FYPS-02W3B0 04.01G01 Size: 1907729MB BusType: 3
23:54:34.487    Disk 0 MBR read successfully
23:54:34.487    Disk 0 MBR scan
23:54:34.487    Disk 0 Windows 7 default MBR code
23:54:34.487    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102407 MB offset 2048
23:54:34.487    Disk 0 Partition - 00     0F Extended LBA           1805320 MB offset 209731584
23:54:34.533    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       901120 MB offset 209733632
23:54:34.549    Disk 0 Partition - 00     05     Extended            904199 MB offset 2055227392
23:54:34.596    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       904198 MB offset 2055229440
23:54:34.658    Disk 0 scanning C:\Windows\system32\drivers
23:55:15.078    Service scanning
23:55:25.811    Modules scanning
23:55:25.826    Disk 0 trace - called modules:
23:55:25.904    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
23:55:25.904    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af2060]
23:55:25.920    3 CLASSPNP.SYS[fffff880018f543f] -> nt!IofCallDriver -> [0xfffffa8006b2b520]
23:55:25.920    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006b29680]
23:55:27.152    AVAST engine scan C:\Windows
23:56:08.726    AVAST engine scan C:\Windows\system32
23:58:23.511    AVAST engine scan C:\Windows\system32\drivers
23:58:33.526    AVAST engine scan C:\Users\nomane
00:06:08.735    AVAST engine scan C:\ProgramData
00:11:47.723    Disk 0 MBR has been saved successfully to "M:\MBR.dat"
00:11:47.739    The log file has been saved successfully to "M:\aswMBR2.txt"
tdsskiller
Code:
ATTFilter
00:12:16.0396 4304  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:12:16.0396 4304  ============================================================
00:12:16.0396 4304  Current date / time: 2012/11/21 00:12:16.0396
00:12:16.0396 4304  SystemInfo:
00:12:16.0396 4304  
00:12:16.0396 4304  OS Version: 6.1.7601 ServicePack: 1.0
00:12:16.0396 4304  Product type: Workstation
00:12:16.0396 4304  ComputerName: PC-1
00:12:16.0396 4304  UserName: nomane
00:12:16.0396 4304  Windows directory: C:\Windows
00:12:16.0396 4304  System windows directory: C:\Windows
00:12:16.0396 4304  Running under WOW64
00:12:16.0396 4304  Processor architecture: Intel x64
00:12:16.0396 4304  Number of processors: 4
00:12:16.0396 4304  Page size: 0x1000
00:12:16.0396 4304  Boot type: Normal boot
00:12:16.0396 4304  ============================================================
00:12:17.0223 4304  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:12:17.0379 4304  Drive \Device\Harddisk3\DR3 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:12:17.0394 4304  ============================================================
00:12:17.0394 4304  \Device\Harddisk0\DR0:
00:12:17.0394 4304  MBR partitions:
00:12:17.0394 4304  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC803800
00:12:17.0394 4304  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC804800, BlocksNum 0x6E000000
00:12:17.0410 4304  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7A805000, BlocksNum 0x6E603000
00:12:17.0410 4304  \Device\Harddisk3\DR3:
00:12:17.0410 4304  MBR partitions:
00:12:17.0410 4304  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
00:12:17.0410 4304  ============================================================
00:12:17.0457 4304  C: <-> \Device\Harddisk0\DR0\Partition1
00:12:17.0504 4304  D: <-> \Device\Harddisk0\DR0\Partition2
00:12:17.0550 4304  E: <-> \Device\Harddisk0\DR0\Partition3
00:12:17.0550 4304  ============================================================
00:12:17.0550 4304  Initialize success
00:12:17.0550 4304  ============================================================
00:12:42.0900 3004  ============================================================
00:12:42.0900 3004  Scan started
00:12:42.0900 3004  Mode: Manual; SigCheck; TDLFS; 
00:12:42.0900 3004  ============================================================
00:12:43.0977 3004  ================ Scan system memory ========================
00:12:43.0977 3004  System memory - ok
00:12:43.0977 3004  ================ Scan services =============================
00:12:44.0117 3004  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
00:12:44.0211 3004  1394ohci - ok
00:12:44.0242 3004  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
00:12:44.0304 3004  61883 - ok
00:12:44.0414 3004  [ D5934C8B21C2BBBDD259B691DEFE33BA ] ABBYY.Licensing.FineReader.Corporate.10.0 C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
00:12:44.0445 3004  ABBYY.Licensing.FineReader.Corporate.10.0 - ok
00:12:44.0460 3004  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:12:44.0476 3004  ACPI - ok
00:12:44.0476 3004  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:12:44.0523 3004  AcpiPmi - ok
00:12:44.0585 3004  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:12:44.0616 3004  AdobeARMservice - ok
00:12:44.0710 3004  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:12:44.0741 3004  AdobeFlashPlayerUpdateSvc - ok
00:12:44.0772 3004  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:12:44.0788 3004  adp94xx - ok
00:12:44.0804 3004  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:12:44.0819 3004  adpahci - ok
00:12:44.0819 3004  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:12:44.0835 3004  adpu320 - ok
00:12:44.0866 3004  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:12:44.0991 3004  AeLookupSvc - ok
00:12:45.0022 3004  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:12:45.0084 3004  AFD - ok
00:12:45.0100 3004  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:12:45.0116 3004  agp440 - ok
00:12:45.0131 3004  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:12:45.0178 3004  ALG - ok
00:12:45.0194 3004  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:12:45.0209 3004  aliide - ok
00:12:45.0209 3004  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:12:45.0225 3004  amdide - ok
00:12:45.0225 3004  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:12:45.0272 3004  AmdK8 - ok
00:12:45.0287 3004  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:12:45.0318 3004  AmdPPM - ok
00:12:45.0334 3004  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:12:45.0350 3004  amdsata - ok
00:12:45.0365 3004  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:12:45.0381 3004  amdsbs - ok
00:12:45.0381 3004  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:12:45.0396 3004  amdxata - ok
00:12:45.0428 3004  [ 30682A098E12E2C85FA65518E1618195 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
00:12:45.0459 3004  AnyDVD - ok
00:12:45.0490 3004  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:12:45.0646 3004  AppID - ok
00:12:45.0646 3004  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:12:45.0708 3004  AppIDSvc - ok
00:12:45.0724 3004  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
00:12:45.0771 3004  Appinfo - ok
00:12:45.0802 3004  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:12:45.0849 3004  AppMgmt - ok
00:12:45.0864 3004  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:12:45.0880 3004  arc - ok
00:12:45.0896 3004  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:12:45.0911 3004  arcsas - ok
00:12:45.0989 3004  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:12:46.0020 3004  aspnet_state - ok
00:12:46.0036 3004  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
00:12:46.0052 3004  aswFsBlk - ok
00:12:46.0083 3004  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
00:12:46.0083 3004  aswMonFlt - ok
00:12:46.0114 3004  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
00:12:46.0145 3004  aswRdr - ok
00:12:46.0208 3004  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
00:12:46.0254 3004  aswSnx - ok
00:12:46.0270 3004  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
00:12:46.0286 3004  aswSP - ok
00:12:46.0286 3004  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
00:12:46.0301 3004  aswTdi - ok
00:12:46.0301 3004  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:12:46.0348 3004  AsyncMac - ok
00:12:46.0379 3004  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:12:46.0379 3004  atapi - ok
00:12:46.0426 3004  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:12:46.0504 3004  AudioEndpointBuilder - ok
00:12:46.0520 3004  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:12:46.0551 3004  AudioSrv - ok
00:12:46.0598 3004  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:12:46.0629 3004  avast! Antivirus - ok
00:12:46.0660 3004  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
00:12:46.0707 3004  Avc - ok
00:12:46.0754 3004  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:12:46.0847 3004  AxInstSV - ok
00:12:46.0878 3004  [ 87773F59A2F8C7DA3EB297223C79E049 ] AXIOM           C:\Windows\system32\DRIVERS\MAudioAxiom.sys
00:12:46.0878 3004  AXIOM - ok
00:12:46.0925 3004  [ 8917785AF3DFAABE173F7BF5E399A9EB ] AxiomAudioDevMon C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe
00:12:46.0988 3004  AxiomAudioDevMon - ok
00:12:47.0019 3004  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:12:47.0066 3004  b06bdrv - ok
00:12:47.0081 3004  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:12:47.0097 3004  b57nd60a - ok
00:12:47.0128 3004  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:12:47.0144 3004  BDESVC - ok
00:12:47.0159 3004  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:12:47.0206 3004  Beep - ok
00:12:47.0253 3004  [ D49BB4491C3620AC794B3AF65031C853 ] BENDER          C:\Windows\system32\drivers\bender64.sys
00:12:47.0300 3004  BENDER - ok
00:12:47.0362 3004  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:12:47.0456 3004  BFE - ok
00:12:47.0471 3004  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
00:12:47.0518 3004  BITS - ok
00:12:47.0518 3004  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:12:47.0534 3004  blbdrive - ok
00:12:47.0565 3004  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:12:47.0580 3004  bowser - ok
00:12:47.0596 3004  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:12:47.0643 3004  BrFiltLo - ok
00:12:47.0659 3004  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:12:47.0690 3004  BrFiltUp - ok
00:12:47.0705 3004  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:12:47.0721 3004  Browser - ok
00:12:47.0737 3004  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:12:47.0799 3004  Brserid - ok
00:12:47.0815 3004  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:12:47.0846 3004  BrSerWdm - ok
00:12:47.0861 3004  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:12:47.0877 3004  BrUsbMdm - ok
00:12:47.0877 3004  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:12:47.0893 3004  BrUsbSer - ok
00:12:47.0893 3004  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:12:47.0908 3004  BTHMODEM - ok
00:12:47.0924 3004  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:12:47.0955 3004  bthserv - ok
00:12:47.0986 3004  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:12:48.0002 3004  cdfs - ok
00:12:48.0017 3004  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:12:48.0080 3004  cdrom - ok
00:12:48.0095 3004  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:12:48.0173 3004  CertPropSvc - ok
00:12:48.0189 3004  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:12:48.0205 3004  circlass - ok
00:12:48.0220 3004  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:12:48.0236 3004  CLFS - ok
00:12:48.0345 3004  [ DB26C2BA2AC0AB6BE1CFA59F61CE22DA ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
00:12:48.0361 3004  CLHNServiceForPowerDVD - ok
00:12:48.0423 3004  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:12:48.0454 3004  clr_optimization_v2.0.50727_32 - ok
00:12:48.0485 3004  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:12:48.0517 3004  clr_optimization_v2.0.50727_64 - ok
00:12:48.0563 3004  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:12:48.0626 3004  clr_optimization_v4.0.30319_32 - ok
00:12:48.0641 3004  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:12:48.0657 3004  clr_optimization_v4.0.30319_64 - ok
00:12:48.0673 3004  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:12:48.0704 3004  CmBatt - ok
00:12:48.0704 3004  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:12:48.0719 3004  cmdide - ok
00:12:48.0751 3004  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:12:48.0797 3004  CNG - ok
00:12:48.0797 3004  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:12:48.0813 3004  Compbatt - ok
00:12:48.0813 3004  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:12:48.0844 3004  CompositeBus - ok
00:12:48.0860 3004  COMSysApp - ok
00:12:48.0875 3004  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:12:48.0875 3004  crcdisk - ok
00:12:48.0907 3004  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:12:48.0969 3004  CryptSvc - ok
00:12:49.0000 3004  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
00:12:49.0031 3004  CSC - ok
00:12:49.0063 3004  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
00:12:49.0094 3004  CscService - ok
00:12:49.0141 3004  [ E27D60E5A51EEDF9A57F5B69A9A6457D ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
00:12:49.0172 3004  CyberLink PowerDVD 11.0 Monitor Service - ok
00:12:49.0187 3004  [ 857943A77B06AC056771A3B12CD318DD ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
00:12:49.0203 3004  CyberLink PowerDVD 11.0 Service - ok
00:12:49.0250 3004  [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA    C:\Windows\system32\DRIVERS\emDevice64.sys
00:12:49.0297 3004  DCamUSBEMPIA - ok
00:12:49.0343 3004  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:12:49.0421 3004  DcomLaunch - ok
00:12:49.0468 3004  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:12:49.0515 3004  defragsvc - ok
00:12:49.0531 3004  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:12:49.0577 3004  DfsC - ok
00:12:49.0593 3004  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:12:49.0624 3004  Dhcp - ok
00:12:49.0624 3004  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:12:49.0655 3004  discache - ok
00:12:49.0671 3004  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:12:49.0687 3004  Disk - ok
00:12:49.0718 3004  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:12:49.0765 3004  Dnscache - ok
00:12:49.0780 3004  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:12:49.0811 3004  dot3svc - ok
00:12:49.0858 3004  [ B42ED0320C6E41102FDE0005154849BB ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
00:12:49.0905 3004  dot4 - ok
00:12:49.0921 3004  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
00:12:49.0936 3004  Dot4Print - ok
00:12:49.0952 3004  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
00:12:49.0967 3004  dot4usb - ok
00:12:49.0983 3004  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:12:50.0030 3004  DPS - ok
00:12:50.0061 3004  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:12:50.0077 3004  drmkaud - ok
00:12:50.0123 3004  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:12:50.0139 3004  dtsoftbus01 - ok
00:12:50.0170 3004  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:12:50.0201 3004  DXGKrnl - ok
00:12:50.0217 3004  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:12:50.0233 3004  EapHost - ok
00:12:50.0295 3004  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:12:50.0357 3004  ebdrv - ok
00:12:50.0389 3004  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:12:50.0435 3004  EFS - ok
00:12:50.0467 3004  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:12:50.0513 3004  ehRecvr - ok
00:12:50.0529 3004  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:12:50.0591 3004  ehSched - ok
00:12:50.0654 3004  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
00:12:50.0701 3004  ElbyCDIO - ok
00:12:50.0747 3004  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:12:50.0779 3004  elxstor - ok
00:12:50.0810 3004  [ 8543BB84CD5872CD1619183F5CBBE3F9 ] emAudio         C:\Windows\system32\drivers\emAudio64.sys
00:12:50.0841 3004  emAudio - ok
00:12:50.0857 3004  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:12:50.0872 3004  ErrDev - ok
00:12:50.0919 3004  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:12:50.0981 3004  EventSystem - ok
00:12:51.0013 3004  [ 618B2BC3E72A2FBDF2FA4A7350DE3695 ] EvoMouseDriverFilterHidUsb C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys
00:12:51.0013 3004  EvoMouseDriverFilterHidUsb - ok
00:12:51.0028 3004  [ EC0FE22EB2F3B32E046E01496B88D523 ] EvoMouseDriverMini C:\Windows\system32\drivers\EvoMouseDriverMini.sys
00:12:51.0044 3004  EvoMouseDriverMini - ok
00:12:51.0059 3004  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:12:51.0075 3004  exfat - ok
00:12:51.0091 3004  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:12:51.0122 3004  fastfat - ok
00:12:51.0153 3004  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:12:51.0184 3004  Fax - ok
00:12:51.0200 3004  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:12:51.0215 3004  fdc - ok
00:12:51.0231 3004  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:12:51.0309 3004  fdPHost - ok
00:12:51.0309 3004  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:12:51.0340 3004  FDResPub - ok
00:12:51.0371 3004  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:12:51.0371 3004  FileInfo - ok
00:12:51.0371 3004  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:12:51.0403 3004  Filetrace - ok
00:12:51.0434 3004  [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA    C:\Windows\system32\DRIVERS\emFilter64.sys
00:12:51.0449 3004  FiltUSBEMPIA - ok
00:12:51.0527 3004  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:12:51.0559 3004  FLEXnet Licensing Service - ok
00:12:51.0574 3004  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:12:51.0574 3004  flpydisk - ok
00:12:51.0605 3004  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:12:51.0652 3004  FltMgr - ok
00:12:51.0699 3004  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
00:12:51.0793 3004  FontCache - ok
00:12:51.0839 3004  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:12:51.0839 3004  FontCache3.0.0.0 - ok
00:12:51.0855 3004  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:12:51.0855 3004  FsDepends - ok
00:12:51.0871 3004  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:12:51.0886 3004  Fs_Rec - ok
00:12:51.0902 3004  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:12:51.0917 3004  fvevol - ok
00:12:51.0917 3004  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:12:51.0933 3004  gagp30kx - ok
00:12:51.0964 3004  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:12:52.0027 3004  gpsvc - ok
00:12:52.0042 3004  [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
00:12:52.0042 3004  grmnusb - ok
00:12:52.0089 3004  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:12:52.0120 3004  gupdate - ok
00:12:52.0151 3004  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:12:52.0183 3004  gupdatem - ok
00:12:52.0198 3004  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:12:52.0229 3004  hcw85cir - ok
00:12:52.0245 3004  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:12:52.0261 3004  HdAudAddService - ok
00:12:52.0276 3004  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:12:52.0292 3004  HDAudBus - ok
00:12:52.0292 3004  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:12:52.0307 3004  HidBatt - ok
00:12:52.0323 3004  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:12:52.0339 3004  HidBth - ok
00:12:52.0339 3004  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:12:52.0354 3004  HidIr - ok
00:12:52.0354 3004  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
00:12:52.0385 3004  hidserv - ok
00:12:52.0401 3004  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:12:52.0401 3004  HidUsb - ok
00:12:52.0432 3004  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:12:52.0463 3004  hkmsvc - ok
00:12:52.0495 3004  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:12:52.0541 3004  HomeGroupListener - ok
00:12:52.0573 3004  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:12:52.0619 3004  HomeGroupProvider - ok
00:12:52.0619 3004  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:12:52.0635 3004  HpSAMD - ok
00:12:52.0666 3004  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:12:52.0729 3004  HTTP - ok
00:12:52.0744 3004  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:12:52.0760 3004  hwpolicy - ok
00:12:52.0760 3004  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:12:52.0775 3004  i8042prt - ok
00:12:52.0791 3004  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:12:52.0807 3004  iaStorV - ok
00:12:52.0869 3004  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:12:52.0900 3004  IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:12:52.0900 3004  IDriverT - detected UnsignedFile.Multi.Generic (1)
00:12:52.0947 3004  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:12:52.0994 3004  idsvc - ok
00:12:52.0994 3004  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:12:53.0009 3004  iirsp - ok
00:12:53.0041 3004  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:12:53.0072 3004  IKEEXT - ok
00:12:53.0072 3004  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:12:53.0087 3004  intelide - ok
00:12:53.0087 3004  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:12:53.0103 3004  intelppm - ok
00:12:53.0134 3004  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:12:53.0150 3004  IPBusEnum - ok
00:12:53.0165 3004  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:12:53.0197 3004  IpFilterDriver - ok
00:12:53.0228 3004  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:12:53.0290 3004  iphlpsvc - ok
00:12:53.0306 3004  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:12:53.0321 3004  IPMIDRV - ok
00:12:53.0337 3004  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:12:53.0368 3004  IPNAT - ok
00:12:53.0384 3004  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:12:53.0446 3004  IRENUM - ok
00:12:53.0462 3004  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:12:53.0462 3004  isapnp - ok
00:12:53.0477 3004  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:12:53.0493 3004  iScsiPrt - ok
00:12:53.0509 3004  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:12:53.0524 3004  kbdclass - ok
00:12:53.0524 3004  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:12:53.0540 3004  kbdhid - ok
00:12:53.0555 3004  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:12:53.0571 3004  KeyIso - ok
00:12:53.0602 3004  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:12:53.0618 3004  KSecDD - ok
00:12:53.0633 3004  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:12:53.0649 3004  KSecPkg - ok
00:12:53.0649 3004  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:12:53.0680 3004  ksthunk - ok
00:12:53.0711 3004  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:12:53.0743 3004  KtmRm - ok
00:12:53.0758 3004  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:12:53.0789 3004  LanmanServer - ok
00:12:53.0805 3004  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:12:53.0836 3004  LanmanWorkstation - ok
00:12:53.0914 3004  [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:12:53.0945 3004  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:12:53.0945 3004  LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:12:53.0961 3004  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:12:54.0039 3004  lltdio - ok
00:12:54.0055 3004  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:12:54.0086 3004  lltdsvc - ok
00:12:54.0086 3004  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:12:54.0117 3004  lmhosts - ok
00:12:54.0133 3004  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:12:54.0148 3004  LSI_FC - ok
00:12:54.0164 3004  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:12:54.0164 3004  LSI_SAS - ok
00:12:54.0179 3004  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:12:54.0179 3004  LSI_SAS2 - ok
00:12:54.0195 3004  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:12:54.0211 3004  LSI_SCSI - ok
00:12:54.0211 3004  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:12:54.0242 3004  luafv - ok
00:12:54.0273 3004  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
00:12:54.0320 3004  MarvinBus - ok
00:12:54.0367 3004  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:12:54.0398 3004  MBAMProtector - ok
00:12:54.0476 3004  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:12:54.0507 3004  MBAMScheduler - ok
00:12:54.0569 3004  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:12:54.0585 3004  MBAMService - ok
00:12:54.0601 3004  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:12:54.0616 3004  Mcx2Svc - ok
00:12:54.0632 3004  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:12:54.0647 3004  megasas - ok
00:12:54.0663 3004  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:12:54.0679 3004  MegaSR - ok
00:12:54.0694 3004  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:12:54.0757 3004  MMCSS - ok
00:12:54.0757 3004  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:12:54.0788 3004  Modem - ok
00:12:54.0803 3004  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:12:54.0850 3004  monitor - ok
00:12:54.0881 3004  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:12:54.0913 3004  mouclass - ok
00:12:54.0913 3004  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:12:54.0944 3004  mouhid - ok
00:12:54.0975 3004  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:12:55.0006 3004  mountmgr - ok
00:12:55.0037 3004  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:12:55.0069 3004  MozillaMaintenance - ok
00:12:55.0100 3004  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:12:55.0131 3004  mpio - ok
00:12:55.0131 3004  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:12:55.0162 3004  mpsdrv - ok
00:12:55.0193 3004  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:12:55.0225 3004  MpsSvc - ok
00:12:55.0240 3004  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:12:55.0256 3004  MRxDAV - ok
00:12:55.0287 3004  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:12:55.0318 3004  mrxsmb - ok
00:12:55.0349 3004  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:12:55.0365 3004  mrxsmb10 - ok
00:12:55.0381 3004  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:12:55.0396 3004  mrxsmb20 - ok
00:12:55.0412 3004  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:12:55.0427 3004  msahci - ok
00:12:55.0427 3004  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:12:55.0443 3004  msdsm - ok
00:12:55.0443 3004  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:12:55.0474 3004  MSDTC - ok
00:12:55.0521 3004  [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
00:12:55.0552 3004  MSDV - ok
00:12:55.0568 3004  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:12:55.0599 3004  Msfs - ok
00:12:55.0599 3004  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:12:55.0630 3004  mshidkmdf - ok
00:12:55.0661 3004  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:12:55.0661 3004  msisadrv - ok
00:12:55.0677 3004  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:12:55.0708 3004  MSiSCSI - ok
00:12:55.0724 3004  msiserver - ok
00:12:55.0724 3004  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:12:55.0755 3004  MSKSSRV - ok
00:12:55.0771 3004  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:12:55.0833 3004  MSPCLOCK - ok
00:12:55.0833 3004  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:12:55.0864 3004  MSPQM - ok
00:12:55.0895 3004  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:12:55.0942 3004  MsRPC - ok
00:12:55.0958 3004  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:12:55.0973 3004  mssmbios - ok
00:12:55.0973 3004  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:12:56.0020 3004  MSTEE - ok
00:12:56.0020 3004  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:12:56.0036 3004  MTConfig - ok
00:12:56.0051 3004  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
00:12:56.0098 3004  MTsensor - ok
00:12:56.0114 3004  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:12:56.0145 3004  Mup - ok
00:12:56.0161 3004  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:12:56.0207 3004  napagent - ok
00:12:56.0239 3004  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:12:56.0270 3004  NativeWifiP - ok
00:12:56.0301 3004  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:12:56.0332 3004  NDIS - ok
00:12:56.0348 3004  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:12:56.0363 3004  NdisCap - ok
00:12:56.0395 3004  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:12:56.0410 3004  NdisTapi - ok
00:12:56.0426 3004  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:12:56.0441 3004  Ndisuio - ok
00:12:56.0457 3004  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:12:56.0488 3004  NdisWan - ok
00:12:56.0504 3004  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:12:56.0535 3004  NDProxy - ok
00:12:56.0644 3004  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
00:12:56.0691 3004  Nero BackItUp Scheduler 4.0 - ok
00:12:56.0707 3004  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:12:56.0753 3004  NetBIOS - ok
00:12:56.0769 3004  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:12:56.0785 3004  NetBT - ok
00:12:56.0800 3004  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:12:56.0816 3004  Netlogon - ok
00:12:56.0847 3004  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:12:56.0941 3004  Netman - ok
00:12:56.0956 3004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:12:56.0972 3004  NetMsmqActivator - ok
00:12:56.0972 3004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:12:56.0972 3004  NetPipeActivator - ok
00:12:57.0003 3004  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:12:57.0050 3004  netprofm - ok
00:12:57.0050 3004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:12:57.0050 3004  NetTcpActivator - ok
00:12:57.0050 3004  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:12:57.0065 3004  NetTcpPortSharing - ok
00:12:57.0081 3004  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:12:57.0081 3004  nfrd960 - ok
00:12:57.0112 3004  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:12:57.0143 3004  NlaSvc - ok
00:12:57.0206 3004  [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
00:12:57.0253 3004  NMIndexingService - ok
00:12:57.0268 3004  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:12:57.0299 3004  Npfs - ok
00:12:57.0315 3004  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:12:57.0346 3004  nsi - ok
00:12:57.0362 3004  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:12:57.0393 3004  nsiproxy - ok
00:12:57.0455 3004  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:12:57.0502 3004  Ntfs - ok
00:12:57.0549 3004  [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD    C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
00:12:57.0580 3004  ntk_PowerDVD - ok
00:12:57.0596 3004  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:12:57.0674 3004  Null - ok
00:12:57.0955 3004  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:12:58.0298 3004  nvlddmkm - ok
00:12:58.0329 3004  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:12:58.0360 3004  nvraid - ok
00:12:58.0360 3004  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:12:58.0376 3004  nvstor - ok
00:12:58.0438 3004  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] NVSvc           C:\Windows\system32\nvvsvc.exe
00:12:58.0485 3004  NVSvc - ok
00:12:58.0563 3004  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:12:58.0625 3004  nvUpdatusService - ok
00:12:58.0657 3004  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:12:58.0657 3004  nv_agp - ok
00:12:58.0688 3004  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:12:58.0703 3004  ohci1394 - ok
00:12:58.0797 3004  [ 2037ADD28254EEB404F3375F7AEF7802 ] OS Selector     C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
00:12:58.0859 3004  OS Selector - ok
00:12:58.0891 3004  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:12:58.0953 3004  p2pimsvc - ok
00:12:58.0984 3004  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:12:59.0000 3004  p2psvc - ok
00:12:59.0015 3004  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:12:59.0031 3004  Parport - ok
00:12:59.0031 3004  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:12:59.0047 3004  partmgr - ok
00:12:59.0062 3004  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:12:59.0093 3004  PcaSvc - ok
00:12:59.0109 3004  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:12:59.0109 3004  pci - ok
00:12:59.0125 3004  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:12:59.0140 3004  pciide - ok
00:12:59.0140 3004  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:12:59.0156 3004  pcmcia - ok
00:12:59.0156 3004  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:12:59.0171 3004  pcw - ok
00:12:59.0187 3004  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:12:59.0234 3004  PEAUTH - ok
00:12:59.0281 3004  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:12:59.0343 3004  PeerDistSvc - ok
00:12:59.0405 3004  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:12:59.0452 3004  PerfHost - ok
00:12:59.0530 3004  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:12:59.0639 3004  pla - ok
00:12:59.0686 3004  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:12:59.0733 3004  PlugPlay - ok
00:12:59.0842 3004  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
00:12:59.0873 3004  PMBDeviceInfoProvider - ok
00:12:59.0873 3004  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:12:59.0889 3004  PNRPAutoReg - ok
00:12:59.0920 3004  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:12:59.0936 3004  PNRPsvc - ok
00:12:59.0951 3004  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:13:00.0029 3004  PolicyAgent - ok
00:13:00.0045 3004  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:13:00.0076 3004  Power - ok
00:13:00.0107 3004  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:13:00.0170 3004  PptpMiniport - ok
00:13:00.0185 3004  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:13:00.0201 3004  Processor - ok
00:13:00.0248 3004  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:13:00.0263 3004  ProfSvc - ok
00:13:00.0263 3004  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:13:00.0279 3004  ProtectedStorage - ok
00:13:00.0310 3004  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:13:00.0326 3004  Psched - ok
00:13:00.0357 3004  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
00:13:00.0357 3004  PxHlpa64 - ok
00:13:00.0419 3004  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:13:00.0466 3004  ql2300 - ok
00:13:00.0497 3004  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:13:00.0513 3004  ql40xx - ok
00:13:00.0529 3004  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:13:00.0560 3004  QWAVE - ok
00:13:00.0560 3004  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:13:00.0591 3004  QWAVEdrv - ok
00:13:00.0591 3004  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:13:00.0622 3004  RasAcd - ok
00:13:00.0638 3004  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:13:00.0669 3004  RasAgileVpn - ok
00:13:00.0669 3004  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:13:00.0716 3004  RasAuto - ok
00:13:00.0731 3004  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:13:00.0763 3004  Rasl2tp - ok
00:13:00.0778 3004  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:13:00.0809 3004  RasMan - ok
00:13:00.0825 3004  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:13:00.0856 3004  RasPppoe - ok
00:13:00.0872 3004  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:13:00.0919 3004  RasSstp - ok
00:13:00.0934 3004  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:13:00.0965 3004  rdbss - ok
00:13:00.0965 3004  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:13:00.0965 3004  rdpbus - ok
00:13:00.0981 3004  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:13:01.0012 3004  RDPCDD - ok
00:13:01.0028 3004  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:13:01.0075 3004  RDPDR - ok
00:13:01.0075 3004  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:13:01.0121 3004  RDPENCDD - ok
00:13:01.0121 3004  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:13:01.0153 3004  RDPREFMP - ok
00:13:01.0184 3004  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:13:01.0231 3004  RdpVideoMiniport - ok
00:13:01.0246 3004  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:13:01.0277 3004  RDPWD - ok
00:13:01.0309 3004  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:13:01.0324 3004  rdyboost - ok
00:13:01.0340 3004  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:13:01.0387 3004  RemoteAccess - ok
00:13:01.0387 3004  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:13:01.0418 3004  RemoteRegistry - ok
00:13:01.0449 3004  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:13:01.0480 3004  RpcEptMapper - ok
00:13:01.0496 3004  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:13:01.0511 3004  RpcLocator - ok
00:13:01.0527 3004  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:13:01.0558 3004  RpcSs - ok
00:13:01.0574 3004  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:13:01.0605 3004  rspndr - ok
00:13:01.0636 3004  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:13:01.0652 3004  RTL8167 - ok
00:13:01.0683 3004  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:13:01.0699 3004  s3cap - ok
00:13:01.0714 3004  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:13:01.0745 3004  SamSs - ok
00:13:01.0792 3004  [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
00:13:01.0823 3004  SamsungAllShareV2.0 - ok
00:13:01.0839 3004  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:13:01.0839 3004  sbp2port - ok
00:13:01.0870 3004  [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA    C:\Windows\system32\DRIVERS\emScan64.sys
00:13:01.0870 3004  ScanUSBEMPIA - ok
00:13:01.0886 3004  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:13:01.0917 3004  SCardSvr - ok
00:13:01.0933 3004  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:13:01.0964 3004  scfilter - ok
00:13:01.0995 3004  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:13:02.0042 3004  Schedule - ok
00:13:02.0057 3004  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:13:02.0089 3004  SCPolicySvc - ok
00:13:02.0120 3004  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:13:02.0135 3004  SDRSVC - ok
00:13:02.0167 3004  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:13:02.0182 3004  secdrv - ok
00:13:02.0198 3004  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:13:02.0276 3004  seclogon - ok
00:13:02.0276 3004  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
00:13:02.0323 3004  SENS - ok
00:13:02.0338 3004  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:13:02.0354 3004  SensrSvc - ok
00:13:02.0369 3004  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:13:02.0401 3004  Serenum - ok
00:13:02.0401 3004  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:13:02.0416 3004  Serial - ok
00:13:02.0432 3004  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:13:02.0447 3004  sermouse - ok
00:13:02.0479 3004  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:13:02.0510 3004  SessionEnv - ok
00:13:02.0510 3004  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:13:02.0541 3004  sffdisk - ok
00:13:02.0541 3004  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:13:02.0557 3004  sffp_mmc - ok
00:13:02.0572 3004  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:13:02.0588 3004  sffp_sd - ok
00:13:02.0588 3004  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:13:02.0603 3004  sfloppy - ok
00:13:02.0619 3004  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:13:02.0650 3004  SharedAccess - ok
00:13:02.0666 3004  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:13:02.0713 3004  ShellHWDetection - ok
00:13:02.0744 3004  [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
00:13:02.0759 3004  SimpleSlideShowServer - ok
00:13:02.0806 3004  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:13:02.0837 3004  SiSRaid2 - ok
00:13:02.0837 3004  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:13:02.0853 3004  SiSRaid4 - ok
00:13:02.0869 3004  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:13:02.0900 3004  Smb - ok
00:13:02.0931 3004  [ 427C2B34BF4DD4F813DA4C0DF154CC94 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
00:13:02.0931 3004  snapman - ok
00:13:02.0947 3004  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:13:02.0947 3004  SNMPTRAP - ok
00:13:02.0962 3004  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:13:02.0962 3004  spldr - ok
00:13:02.0993 3004  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:13:03.0025 3004  Spooler - ok
00:13:03.0134 3004  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:13:03.0227 3004  sppsvc - ok
00:13:03.0243 3004  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:13:03.0274 3004  sppuinotify - ok
00:13:03.0274 3004  sptd - ok
00:13:03.0290 3004  [ B9413B99DBB704E0F5824775A1118CC7 ] Spyder2         C:\Windows\system32\DRIVERS\Spyder2.sys
00:13:03.0337 3004  Spyder2 - ok
00:13:03.0352 3004  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:13:03.0383 3004  srv - ok
00:13:03.0399 3004  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:13:03.0415 3004  srv2 - ok
00:13:03.0430 3004  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:13:03.0446 3004  srvnet - ok
00:13:03.0461 3004  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:13:03.0493 3004  SSDPSRV - ok
00:13:03.0508 3004  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:13:03.0539 3004  SstpSvc - ok
00:13:03.0602 3004  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:13:03.0649 3004  Stereo Service - ok
00:13:03.0649 3004  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:13:03.0664 3004  stexstor - ok
00:13:03.0695 3004  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:13:03.0711 3004  stisvc - ok
00:13:03.0742 3004  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:13:03.0758 3004  storflt - ok
00:13:03.0758 3004  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:13:03.0773 3004  storvsc - ok
00:13:03.0789 3004  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:13:03.0805 3004  swenum - ok
00:13:03.0867 3004  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:13:03.0929 3004  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
00:13:03.0929 3004  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
00:13:03.0945 3004  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:13:03.0976 3004  swprv - ok
00:13:03.0992 3004  Synth3dVsc - ok
00:13:04.0023 3004  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:13:04.0085 3004  SysMain - ok
00:13:04.0101 3004  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:13:04.0117 3004  TabletInputService - ok
00:13:04.0319 3004  [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
00:13:04.0382 3004  TabletServicePen - ok
00:13:04.0397 3004  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:13:04.0444 3004  TapiSrv - ok
00:13:04.0460 3004  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:13:04.0475 3004  TBS - ok
00:13:04.0538 3004  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:13:04.0616 3004  Tcpip - ok
00:13:04.0647 3004  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:13:04.0678 3004  TCPIP6 - ok
00:13:04.0694 3004  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:13:04.0725 3004  tcpipreg - ok
00:13:04.0741 3004  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:13:04.0772 3004  TDPIPE - ok
00:13:04.0787 3004  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:13:04.0803 3004  TDTCP - ok
00:13:04.0819 3004  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:13:04.0850 3004  tdx - ok
00:13:04.0959 3004  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
00:13:05.0068 3004  TeamViewer7 - ok
00:13:05.0099 3004  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:13:05.0099 3004  TermDD - ok
00:13:05.0115 3004  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:13:05.0162 3004  TermService - ok
00:13:05.0177 3004  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:13:05.0193 3004  Themes - ok
00:13:05.0209 3004  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:13:05.0240 3004  THREADORDER - ok
00:13:05.0255 3004  [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
00:13:05.0271 3004  TouchServicePen - ok
00:13:05.0271 3004  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:13:05.0318 3004  TrkWks - ok
00:13:05.0333 3004  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:13:05.0443 3004  TrustedInstaller - ok
00:13:05.0474 3004  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:13:05.0505 3004  tssecsrv - ok
00:13:05.0521 3004  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:13:05.0552 3004  TsUsbFlt - ok
00:13:05.0552 3004  tsusbhub - ok
00:13:05.0599 3004  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:13:05.0677 3004  tunnel - ok
00:13:05.0677 3004  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:13:05.0692 3004  uagp35 - ok
00:13:05.0708 3004  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:13:05.0739 3004  udfs - ok
00:13:05.0770 3004  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:13:05.0770 3004  UI0Detect - ok
00:13:05.0786 3004  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:13:05.0801 3004  uliagpkx - ok
00:13:05.0833 3004  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:13:05.0848 3004  umbus - ok
00:13:05.0864 3004  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:13:05.0879 3004  UmPass - ok
00:13:05.0879 3004  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
00:13:05.0911 3004  UmRdpService - ok
00:13:05.0942 3004  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:13:06.0004 3004  upnphost - ok
00:13:06.0035 3004  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:13:06.0082 3004  usbaudio - ok
00:13:06.0098 3004  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:13:06.0113 3004  usbccgp - ok
00:13:06.0129 3004  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:13:06.0160 3004  usbcir - ok
00:13:06.0176 3004  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:13:06.0191 3004  usbehci - ok
00:13:06.0223 3004  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:13:06.0238 3004  usbhub - ok
00:13:06.0254 3004  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
00:13:06.0269 3004  usbohci - ok
00:13:06.0285 3004  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:13:06.0301 3004  usbprint - ok
00:13:06.0332 3004  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:13:06.0363 3004  usbscan - ok
00:13:06.0379 3004  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:13:06.0425 3004  USBSTOR - ok
00:13:06.0441 3004  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:13:06.0472 3004  usbuhci - ok
00:13:06.0503 3004  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:13:06.0550 3004  usbvideo - ok
00:13:06.0566 3004  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:13:06.0613 3004  UxSms - ok
00:13:06.0644 3004  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:13:06.0659 3004  VaultSvc - ok
00:13:06.0659 3004  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:13:06.0675 3004  vdrvroot - ok
00:13:06.0691 3004  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:13:06.0737 3004  vds - ok
00:13:06.0753 3004  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:13:06.0769 3004  vga - ok
00:13:06.0784 3004  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:13:06.0800 3004  VgaSave - ok
00:13:06.0815 3004  VGPU - ok
00:13:06.0815 3004  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:13:06.0831 3004  vhdmp - ok
00:13:06.0862 3004  [ BA1DA5CD689E9473D99731A2E1FF2FB5 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
00:13:06.0893 3004  VIAHdAudAddService - ok
00:13:06.0909 3004  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:13:06.0909 3004  viaide - ok
00:13:06.0971 3004  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:13:07.0003 3004  vmbus - ok
00:13:07.0034 3004  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:13:07.0049 3004  VMBusHID - ok
00:13:07.0065 3004  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:13:07.0081 3004  volmgr - ok
00:13:07.0096 3004  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:13:07.0127 3004  volmgrx - ok
00:13:07.0143 3004  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:13:07.0159 3004  volsnap - ok
00:13:07.0174 3004  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:13:07.0190 3004  vsmraid - ok
00:13:07.0221 3004  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:13:07.0283 3004  VSS - ok
00:13:07.0299 3004  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:13:07.0346 3004  vwifibus - ok
00:13:07.0377 3004  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:13:07.0424 3004  W32Time - ok
00:13:07.0439 3004  [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
00:13:07.0455 3004  wacommousefilter - ok
00:13:07.0455 3004  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:13:07.0471 3004  WacomPen - ok
00:13:07.0502 3004  [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
00:13:07.0502 3004  wacomvhid - ok
00:13:07.0517 3004  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:13:07.0549 3004  WANARP - ok
00:13:07.0564 3004  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:13:07.0580 3004  Wanarpv6 - ok
00:13:07.0627 3004  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:13:07.0673 3004  wbengine - ok
00:13:07.0689 3004  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:13:07.0689 3004  WbioSrvc - ok
00:13:07.0720 3004  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:13:07.0736 3004  wcncsvc - ok
00:13:07.0751 3004  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:13:07.0767 3004  WcsPlugInService - ok
00:13:07.0783 3004  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:13:07.0783 3004  Wd - ok
00:13:07.0798 3004  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:13:07.0814 3004  Wdf01000 - ok
00:13:07.0845 3004  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:13:07.0923 3004  WdiServiceHost - ok
00:13:07.0939 3004  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:13:07.0954 3004  WdiSystemHost - ok
00:13:07.0970 3004  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:13:07.0985 3004  WebClient - ok
00:13:08.0017 3004  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:13:08.0095 3004  Wecsvc - ok
00:13:08.0110 3004  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:13:08.0141 3004  wercplsupport - ok
00:13:08.0141 3004  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:13:08.0173 3004  WerSvc - ok
00:13:08.0173 3004  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:13:08.0204 3004  WfpLwf - ok
00:13:08.0204 3004  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:13:08.0219 3004  WIMMount - ok
00:13:08.0251 3004  WinDefend - ok
00:13:08.0251 3004  WinHttpAutoProxySvc - ok
00:13:08.0282 3004  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:13:08.0344 3004  Winmgmt - ok
00:13:08.0407 3004  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:13:08.0485 3004  WinRM - ok
00:13:08.0516 3004  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
00:13:08.0563 3004  WinUSB - ok
00:13:08.0594 3004  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:13:08.0625 3004  Wlansvc - ok
00:13:08.0656 3004  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:13:08.0672 3004  WmiAcpi - ok
00:13:08.0687 3004  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:13:08.0703 3004  wmiApSrv - ok
00:13:08.0719 3004  WMPNetworkSvc - ok
00:13:08.0734 3004  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:13:08.0734 3004  WPCSvc - ok
00:13:08.0765 3004  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:13:08.0765 3004  WPDBusEnum - ok
00:13:08.0781 3004  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:13:08.0812 3004  ws2ifsl - ok
00:13:08.0859 3004  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
00:13:08.0890 3004  WsAudio_DeviceS(1) - ok
00:13:08.0906 3004  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
00:13:08.0921 3004  WsAudio_DeviceS(2) - ok
00:13:08.0937 3004  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
00:13:08.0937 3004  WsAudio_DeviceS(3) - ok
00:13:08.0953 3004  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
00:13:08.0953 3004  WsAudio_DeviceS(4) - ok
00:13:08.0984 3004  [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
00:13:08.0999 3004  WsAudio_DeviceS(5) - ok
00:13:09.0015 3004  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
00:13:09.0046 3004  wscsvc - ok
00:13:09.0046 3004  WSearch - ok
00:13:09.0124 3004  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:13:09.0233 3004  wuauserv - ok
00:13:09.0249 3004  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:13:09.0265 3004  WudfPf - ok
00:13:09.0280 3004  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:13:09.0311 3004  WUDFRd - ok
00:13:09.0327 3004  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:13:09.0358 3004  wudfsvc - ok
00:13:09.0358 3004  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:13:09.0389 3004  WwanSvc - ok
00:13:09.0483 3004  [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
00:13:09.0514 3004  {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
00:13:09.0530 3004  ================ Scan global ===============================
00:13:09.0545 3004  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:13:09.0577 3004  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:13:09.0608 3004  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:13:09.0639 3004  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:13:09.0670 3004  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:13:09.0686 3004  [Global] - ok
00:13:09.0686 3004  ================ Scan MBR ==================================
00:13:09.0686 3004  [ 97D6290A850A0EAE136460E263650E7C ] \Device\Harddisk0\DR0
00:13:10.0138 3004  \Device\Harddisk0\DR0 - ok
00:13:10.0138 3004  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
00:13:10.0372 3004  \Device\Harddisk3\DR3 - ok
00:13:10.0372 3004  ================ Scan VBR ==================================
00:13:10.0372 3004  [ AD3968AAC8F44D566212E83E85F8D8F0 ] \Device\Harddisk0\DR0\Partition1
00:13:10.0372 3004  \Device\Harddisk0\DR0\Partition1 - ok
00:13:10.0403 3004  [ 3BB08F5E670BD176CAE42382F8EAB8DB ] \Device\Harddisk0\DR0\Partition2
00:13:10.0403 3004  \Device\Harddisk0\DR0\Partition2 - ok
00:13:10.0419 3004  [ D5D5B6153E124DADD612141892350098 ] \Device\Harddisk0\DR0\Partition3
00:13:10.0419 3004  \Device\Harddisk0\DR0\Partition3 - ok
00:13:10.0419 3004  [ F6FC23ECEB0275B12BB2CEF9A8A81A86 ] \Device\Harddisk3\DR3\Partition1
00:13:10.0419 3004  \Device\Harddisk3\DR3\Partition1 - ok
00:13:10.0419 3004  ============================================================
00:13:10.0419 3004  Scan finished
00:13:10.0419 3004  ============================================================
00:13:10.0435 5004  Detected object count: 3
00:13:10.0435 5004  Actual detected object count: 3
00:14:15.0221 5004  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:15.0221 5004  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:15.0221 5004  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:15.0221 5004  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:14:15.0221 5004  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
00:14:15.0221 5004  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________
Alt 21.11.2012, 12:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Ja du musst mit dem Rechner ins Internet

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 13:56   #5
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Da gibt es ein Problem: Obwohl ich Avast deaktiviert habe (1 Stunde) meckert Combofix, daß es aktiv sei und das ich es deaktivieren soll. Ich habe es dann "bis zum nächsten Neustart" deaktiviert, wollte Combofix dann beenden um das erstmal hier zu posten, aber erneut kommt diese Fehlermeldung, mit dem Hinweis, daß Combofix nun versuchen wird den Scan durchzuführen... einen "Abbrechen"-Button gibt es nicht nur einen "Ok". Was tun?

Nachtrag:
Hab den PC neu gestartet, Avast erneut deaktiviert, etwas gewartet und Combofix nochmal gestartet... jetzt läufts grad durch.

Nachtrag:
So, fertig... Was für mich eine Frage aufwirft: Wieso hat Combofix xp-Antispy gelöscht?

Hier das Logfile:
Code:
ATTFilter
ComboFix 12-11-21.01 - nomane 21.11.2012  14:34:43.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8191.6553 [GMT 1:00]
ausgeführt von:: c:\users\nomane\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\dsgsdgdsgdsgw.pad
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\shellex.dll
c:\windows\SysWow64\tmp4A8A.tmp
c:\windows\SysWow64\tmp4A9A.tmp
c:\windows\SysWow64\tmpCA60.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-21 bis 2012-11-21  ))))))))))))))))))))))))))))))
.
.
2012-11-21 13:42 . 2012-11-21 13:42	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-11-21 13:42 . 2012-11-21 13:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-20 02:35 . 2012-11-20 02:35	--------	d-----w-	c:\users\nomane\AppData\Local\Programs
2012-11-20 02:28 . 2012-11-20 02:28	--------	d-----w-	c:\users\nomane\AppData\Roaming\Malwarebytes
2012-11-20 02:28 . 2012-11-20 02:28	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-20 02:28 . 2012-11-20 02:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-20 02:28 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-06 01:10 . 2012-11-06 01:10	--------	d-----w-	c:\programdata\ABBYY
2012-11-05 18:25 . 2012-11-05 18:25	--------	d-----w-	c:\users\nomane\AppData\Local\ElevatedDiagnostics
2012-11-05 18:24 . 2011-05-23 04:00	385536	----a-w-	c:\windows\system32\CNMXLMAU.DLL
2012-11-05 18:21 . 2012-11-05 18:21	--------	d--h--w-	c:\program files\CanonBJ
2012-10-30 11:50 . 2012-10-30 12:56	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 20:55 . 2012-10-13 20:55	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2012-10-13 20:55 . 2012-10-13 20:55	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-10-13 20:55 . 2012-10-13 20:55	133632	----a-w-	c:\windows\system32\OpenAL32.dll
2012-10-13 20:55 . 2012-10-13 20:55	110592	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-10-09 13:07 . 2012-04-12 09:17	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:07 . 2011-05-20 12:38	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 01:53 . 2012-09-20 01:53	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 01:53 . 2012-05-18 08:23	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-20 01:53 . 2011-01-31 22:25	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-20 01:48 . 2011-02-02 19:18	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-09-20 01:48 . 2011-02-02 19:18	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-09-20 01:45 . 2012-09-20 01:45	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-20 01:45 . 2012-09-20 01:45	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-20 01:45 . 2012-09-20 01:45	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-20 01:45 . 2012-09-20 01:45	188904	----a-w-	c:\windows\system32\java.exe
2012-09-20 01:45 . 2012-09-20 01:45	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-20 01:45 . 2012-09-20 01:45	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-13 00:53 . 2011-02-01 00:51	64462936	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\nomane\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-11-15 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"QuickTime Task"="c:\program files (x86)\QT Lite\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-20 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files (x86)\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\DRIVERS\MAudioAxiom.sys [2010-03-11 137736]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender64.sys [2006-12-13 253568]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [2010-06-23 25144]
R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2010-06-23 22584]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 15360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-19 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-19 29288]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136]
R4 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2155848]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/08 13:36];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 11:08 148976]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-03-11 1636872]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-11 283200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:07]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 16:06]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-31 16:06]
.
2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403786494-3412025529-4002163157-1001Core.job
- c:\users\nomane\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 12:34]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1403786494-3412025529-4002163157-1001UA.job
- c:\users\nomane\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 12:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\nomane\AppData\Roaming\Mozilla\Firefox\Profiles\yzphwc9b.default\
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\nomane\AppData\Roaming\Mozilla\Firefox\Profiles\yzphwc9b.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1403786494-3412025529-4002163157-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d2,87,e0,17,94,1c,b9,bb,1d,19,d2,df,9e,d8,30,d9,2e,4e,8c,e9,82,78,16,
   d1,4f,9d,bc,76,0c,54,0e,a9,98,fa,b5,ed,88,11,72,65,48,7b,62,10,0e,44,c0,cd,\
"??"=hex:31,52,a5,b7,cc,5c,30,5c,4e,ca,4f,03,91,98,60,9e
.
[HKEY_USERS\S-1-5-21-1403786494-3412025529-4002163157-1001\Software\SecuROM\License information*]
"datasecu"=hex:3a,e1,56,98,03,3e,ae,35,5f,e8,35,79,55,bc,45,ca,f1,33,1a,a7,e6,
   32,5c,20,5e,54,de,a7,46,f0,f9,36,e7,1f,8c,fe,d3,81,bf,21,91,69,50,91,f5,11,\
"rkeysecu"=hex:04,cc,ab,5a,97,76,c4,0f,bf,6b,de,0f,11,b9,64,6c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:2d,61,1a,14,bb,ce,86,a8,72,26,29,f8,9c,53,d8,8a,0e,43,90,c9,7e,
   12,f0,16,e3,e7,0f,be,f3,a8,c8,e3,ce,c8,73,e8,5d,30,92,a6,ac,aa,a5,e4,36,8a,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:2d,61,1a,14,bb,ce,86,a8,72,26,29,f8,9c,53,d8,8a,0e,43,90,c9,7e,
   12,f0,16,e3,e7,0f,be,f3,a8,c8,e3,ce,c8,73,e8,5d,30,92,a6,ac,aa,a5,e4,36,8a,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-21  14:44:53
ComboFix-quarantined-files.txt  2012-11-21 13:44
.
Vor Suchlauf: 8.879.902.720 Bytes frei
Nach Suchlauf: 8.932.196.352 Bytes frei
.
- - End Of File - - 86D2A6E69C367D48794C8DC75A63E4E5

Geändert von nomaneq (21.11.2012 um 14:48 Uhr)

Alt 21.11.2012, 16:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Zitat:
So, fertig... Was für mich eine Frage aufwirft: Wieso hat Combofix xp-Antispy gelöscht?
Der Autor hält XP AntiSpy wohl für blanken Unsinn
Was willst du damit überhaupt auf einem Win7 bzw. allgemein? Das Tool ist völlig unnötig und manche Einstellungen, die man setzen kann sind unnötig gefährlich!


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
--> ctfmon.lnk lsass.exe BKA-Trojaner

Alt 21.11.2012, 17:07   #7
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Zitat:
Der Autor hält XP AntiSpy wohl für blanken Unsinn
Was willst du damit überhaupt auf einem Win7 bzw. allgemein? Das Tool ist völlig unnötig und manche Einstellungen, die man setzen kann sind unnötig gefährlich!
Ähm.. ja.. ich würde sagen: Gefährliches Halbwissen ist auf deine Frage die korrekte Antwort. Suggeriert halt irgendwie mehr Sicherheit. Bin da Gewohnheitstäter seit XP und hab mir seitdem wenig Gedanken drüber gemacht. Können wir ja zum Schluss nochmal drauf eingehen - wenn dir das nicht zu viel wird. Ich nutze neben XP-Antispy noch Spywareblaster, Spybot SD, sowie CCleaner... Ist daran auch was nicht ok? Bin dankbar für jeden Tipp.

Hier der ADWCleaner-Log:
Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 21/11/2012 um 16:58:08 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : nomane - PC-1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\nomane\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Yontoo Layers Runtime
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\nomane\AppData\Local\Conduit
Ordner Gefunden : C:\Users\nomane\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Ask&Record
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\nomane\AppData\Roaming\Mozilla\Firefox\Profiles\yzphwc9b.default\prefs.js

Gefunden : user_pref("extensions.asktb.cbid", "F4");
Gefunden : user_pref("extensions.asktb.crumb", "2011.05.09+06.35.50-toolbar007iad-DE-QmF5cmV1dGgsR2VybWFueQ%3D%[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gefunden : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1304948151654");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.o", "101699");
Gefunden : user_pref("extensions.asktb.options-lang", "de");
Gefunden : user_pref("extensions.asktb.options-locale", "UK");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "4");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);

-\\ Opera v11.61.1250.0

Datei : C:\Users\nomane\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5680 octets] - [21/11/2012 16:58:08]

########## EOF - C:\AdwCleaner[R1].txt - [5740 octets] ##########

Alt 21.11.2012, 17:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Zitat:
Ich nutze neben XP-Antispy noch Spywareblaster, Spybot SD, sowie CCleaner... Ist daran auch was nicht ok? Bin dankbar für jeden Tipp.
Antispy => gefährlicher Unsinn
Spywareblaster => unnötig
Spybot SD => unnötig
CCleaner => ok, aber Finger weg von der Registryreinigungsfunktion!! (und auch Finger weg von sonst jedem anderen RegCleaner!)



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 17:57   #9
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Danke für die klaren Worte... xp-antispy lasse ich ab heute weg.
Was Spybot angeht:
Ich dachte immer, es sei sinnvoll miese Seiten bereits in der Hosts durch Spybot sperren zu lassen - ähnlich wie Adblock direkt im Firefox. Warum ist sowas "unnötig"?

Hier die Logs:
ADWCleaner
Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 21/11/2012 um 17:39:54 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : nomane - PC-1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\nomane\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Yontoo Layers Runtime
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\nomane\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\nomane\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Ask&Record
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\nomane\AppData\Roaming\Mozilla\Firefox\Profiles\yzphwc9b.default\prefs.js

Gelöscht : user_pref("extensions.asktb.cbid", "F4");
Gelöscht : user_pref("extensions.asktb.crumb", "2011.05.09+06.35.50-toolbar007iad-DE-QmF5cmV1dGgsR2VybWFueQ%3D%[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1304948151654");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.o", "101699");
Gelöscht : user_pref("extensions.asktb.options-lang", "de");
Gelöscht : user_pref("extensions.asktb.options-locale", "UK");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "4");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);

-\\ Opera v11.61.1250.0

Datei : C:\Users\nomane\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5797 octets] - [21/11/2012 16:58:08]
AdwCleaner[S1].txt - [5742 octets] - [21/11/2012 17:39:54]

########## EOF - C:\AdwCleaner[S1].txt - [5802 octets] ##########
OTL
Code:
ATTFilter
OTL logfile created on: 21.11.2012 17:45:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nomane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,43% Memory free
16,00 Gb Paging File | 14,49 Gb Available in Paging File | 90,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,01 Gb Total Space | 8,43 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
Drive D: | 880,00 Gb Total Space | 15,44 Gb Free Space | 1,75% Space Free | Partition Type: NTFS
Drive E: | 883,01 Gb Total Space | 413,82 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive M: | 14,83 Gb Total Space | 14,80 Gb Free Space | 99,80% Space Free | Partition Type: FAT32
 
Computer Name: PC-1 | User Name: nomane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\nomane\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Users\nomane\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe (M-Audio)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ecd2692064fb5298ccdb5ce7d4a692c2\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AxiomAudioDevMon) -- C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe (M-Audio)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ABBYY.Licensing.FineReader.Corporate.10.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (EvoMouseDriverFilterHidUsb) -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys (Evoluent)
DRV:64bit: - (EvoMouseDriverMini) -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (AXIOM) -- C:\Windows\SysNative\drivers\MAudioAxiom.sys (M-Audio)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (Spyder2) -- C:\Windows\SysNative\drivers\Spyder2.sys ()
DRV:64bit: - (BENDER) -- C:\Windows\SysNative\drivers\bender64.sys (Pinnacle Systems)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 EF 4F 4A 94 C1 CD 01  [binary data]
IE - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.9.2.0
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nomane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nomane\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.09.03 01:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.20 02:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 21:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 21:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.30 12:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.30 12:50:51 | 000,000,000 | ---D | M]
 
[2011.01.31 23:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\Extensions
[2011.01.31 23:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.01 01:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\Firefox\Profiles\yzphwc9b.default\extensions
[2012.09.18 11:56:15 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\nomane\AppData\Roaming\mozilla\Firefox\Profiles\yzphwc9b.default\extensions\foxmarks@kei.com
[2012.04.25 11:04:32 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\nomane\AppData\Roaming\mozilla\Firefox\Profiles\yzphwc9b.default\extensions\maps@ovi.com
[2012.11.01 01:09:37 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.03 01:31:15 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.25 11:00:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.05 15:40:50 | 000,000,003 | ---- | M] () (No name found) -- C:\Users\nomane\AppData\Roaming\mozilla\firefox\profiles\yzphwc9b.default\extensions\maps@ovi.com\plugins\package.XPI
[2012.10.27 21:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.20 02:48:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.10.27 21:38:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.20 02:48:47 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.06.25 01:30:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 01:10:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 01:30:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 01:30:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 01:30:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 01:30:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.21 14:43:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QT Lite\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001..\Run: [SansaDispatch] C:\Users\nomane\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-1403786494-3412025529-4002163157-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD38D201-154C-4CC1-894B-1246869B5A11}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 17:19:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.21 14:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.21 14:33:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.21 14:33:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.21 14:33:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.21 13:49:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.21 13:48:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.21 13:48:42 | 005,004,435 | R--- | C] (Swearware) -- C:\Users\nomane\Desktop\ComboFix.exe
[2012.11.21 00:06:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\nomane\Desktop\tdsskiller.exe
[2012.11.20 19:55:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\nomane\Desktop\aswMBR.exe
[2012.11.20 12:29:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nomane\Desktop\OTL.exe
[2012.11.20 03:35:05 | 000,000,000 | ---D | C] -- C:\Users\nomane\AppData\Local\Programs
[2012.11.20 03:28:14 | 000,000,000 | ---D | C] -- C:\Users\nomane\AppData\Roaming\Malwarebytes
[2012.11.20 03:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.20 03:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 03:28:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.20 03:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.06 02:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.11.05 19:25:03 | 000,000,000 | ---D | C] -- C:\Users\nomane\AppData\Local\ElevatedDiagnostics
[2012.11.05 19:24:09 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMXLMAU.DLL
[2012.11.05 19:22:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.11.05 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6200 series
[2012.11.05 19:22:14 | 000,373,248 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AUL.dll
[2012.11.05 19:22:14 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AUL.dll
[2012.11.05 19:22:14 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AUC.dll
[2012.11.05 19:22:14 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AUU.dll
[2012.11.05 19:22:14 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AUI.dll
[2012.11.05 19:22:14 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2012.11.05 19:22:14 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2012.11.05 19:22:04 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
[2012.11.05 19:22:02 | 000,256,000 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUAU.DLL
[2012.11.05 19:22:02 | 000,098,304 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC_AUO.dll
[2012.11.05 19:21:54 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.10.30 12:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.10.27 21:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 17:42:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.21 17:41:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 17:41:36 | 2146,832,383 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 17:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nomane\Desktop\OTL.exe
[2012.11.21 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.21 16:56:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 16:54:17 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1403786494-3412025529-4002163157-1001UA.job
[2012.11.21 16:37:08 | 000,543,531 | ---- | M] () -- C:\Users\nomane\Desktop\adwcleaner.exe
[2012.11.21 14:43:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.21 14:00:09 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 14:00:09 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 13:56:21 | 002,610,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 13:56:21 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 13:56:21 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 13:56:21 | 000,391,798 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.11.21 13:56:21 | 000,374,696 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012.11.21 13:56:21 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 13:56:21 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 13:56:21 | 000,118,730 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012.11.21 13:56:21 | 000,113,816 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.11.21 13:40:02 | 005,004,435 | R--- | M] (Swearware) -- C:\Users\nomane\Desktop\ComboFix.exe
[2012.11.20 19:58:04 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\nomane\Desktop\tdsskiller.exe
[2012.11.20 19:56:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\nomane\Desktop\aswMBR.exe
[2012.11.20 17:54:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1403786494-3412025529-4002163157-1001Core.job
[2012.11.20 12:53:55 | 000,000,188 | ---- | M] () -- C:\Users\nomane\defogger_reenable
[2012.11.20 12:50:40 | 000,302,592 | ---- | M] () -- C:\Users\nomane\Desktop\csk9ncv3.exe
[2012.11.20 12:48:56 | 000,050,477 | ---- | M] () -- C:\Users\nomane\Desktop\Defogger.exe
[2012.11.20 03:45:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.20 03:28:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.12 13:43:07 | 000,098,304 | ---- | M] () -- C:\Users\nomane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.21 16:57:49 | 000,543,531 | ---- | C] () -- C:\Users\nomane\Desktop\adwcleaner.exe
[2012.11.21 14:33:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.21 14:33:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.21 14:33:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.21 14:33:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.21 14:33:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.20 12:53:55 | 000,000,188 | ---- | C] () -- C:\Users\nomane\defogger_reenable
[2012.11.20 12:50:25 | 000,302,592 | ---- | C] () -- C:\Users\nomane\Desktop\csk9ncv3.exe
[2012.11.20 12:48:48 | 000,050,477 | ---- | C] () -- C:\Users\nomane\Desktop\Defogger.exe
[2012.11.20 03:28:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.05 19:22:14 | 000,068,352 | ---- | C] () -- C:\Windows\SysWow64\CNC1755D.TBL
[2012.11.05 19:22:14 | 000,068,352 | ---- | C] () -- C:\Windows\SysNative\CNC1755D.TBL
[2012.11.04 21:26:33 | 009,495,015 | ---- | C] () -- C:\Users\nomane\Desktop\11 - Chopin - Konzert in e-moll - 3.Satz (2009).mp3
[2012.11.04 21:26:33 | 009,342,878 | ---- | C] () -- C:\Users\nomane\Desktop\11 - Chopin - Konzert in e-moll - 2.Satz (2009).mp3
[2012.11.04 21:26:32 | 019,358,016 | ---- | C] () -- C:\Users\nomane\Desktop\11 - Chopin - Konzert in e-moll - 1.Satz (2009).mp3
[2012.09.19 13:16:12 | 000,000,012 | ---- | C] () -- C:\Windows\Recorder.dat
[2012.09.19 13:12:00 | 000,000,173 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\default.rss
[2012.09.18 23:12:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.06.14 12:05:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.03.16 13:47:29 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2012.03.15 16:16:49 | 000,707,354 | ---- | C] () -- C:\Windows\unins001.exe
[2012.03.15 16:16:49 | 000,001,062 | ---- | C] () -- C:\Windows\unins001.dat
[2011.12.21 22:07:10 | 000,000,218 | ---- | C] () -- C:\Users\nomane\.recently-used.xbel
[2011.12.15 23:39:58 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011.11.21 12:35:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.17 14:57:00 | 000,001,825 | ---- | C] () -- C:\Windows\wininit.ini
[2011.10.06 10:16:13 | 000,000,022 | -HS- | C] () -- C:\Users\nomane\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.09.08 11:09:37 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2011.07.13 10:38:51 | 002,579,620 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.27 14:25:03 | 000,000,036 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.06.20 11:02:46 | 000,000,132 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.06.20 01:01:38 | 000,000,132 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.06.15 11:52:06 | 000,000,132 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.06.14 22:22:30 | 000,000,000 | ---- | C] () -- C:\Windows\graphedt.INI
[2011.06.06 01:43:12 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.06 01:36:34 | 000,000,444 | ---- | C] () -- C:\Windows\cedocida.ini
[2011.06.05 11:46:37 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.06.05 11:46:37 | 000,004,873 | ---- | C] () -- C:\Windows\unins000.dat
[2011.06.05 03:55:09 | 000,130,560 | ---- | C] () -- C:\Windows\SysWow64\cedocida.dll
[2011.06.02 02:21:10 | 000,007,601 | ---- | C] () -- C:\Users\nomane\AppData\Local\Resmon.ResmonCfg
[2011.05.27 16:53:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2011.05.25 23:08:14 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011.05.06 10:01:19 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2011.05.04 10:58:30 | 000,000,361 | ---- | C] () -- C:\Windows\asfbinwin.INI
[2011.02.17 01:27:31 | 000,000,073 | ---- | C] () -- C:\Windows\M3UCreator.ini
[2011.02.11 13:09:56 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011.02.07 14:59:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.02.03 00:18:58 | 000,000,942 | ---- | C] () -- C:\Users\nomane\AppData\Roaming\coreavc.ini
[2011.02.02 03:39:45 | 000,098,304 | ---- | C] () -- C:\Users\nomane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.01 22:17:57 | 000,001,024 | ---- | C] () -- C:\Users\nomane\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 1321 bytes -> C:\ProgramData\Microsoft:33AcTZ4fuoqnyEmD7
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:PSZyhJsBHJOBO9tCg6Zjk

< End of report >
Extras
Code:
ATTFilter
OTL Extras logfile created on: 21.11.2012 17:45:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nomane\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,43% Memory free
16,00 Gb Paging File | 14,49 Gb Available in Paging File | 90,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,01 Gb Total Space | 8,43 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
Drive D: | 880,00 Gb Total Space | 15,44 Gb Free Space | 1,75% Space Free | Partition Type: NTFS
Drive E: | 883,01 Gb Total Space | 413,82 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive M: | 14,83 Gb Total Space | 14,80 Gb Free Space | 99,80% Space Free | Partition Type: FAT32
 
Computer Name: PC-1 | User Name: nomane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1403786494-3412025529-4002163157-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029B87A6-9C4A-40E7-B08D-149EC6D37C98}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{02F3DD71-6716-4846-B81F-67B96047FD9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{07051F31-EAA3-4B62-AEFA-9FF7E5AD6FE7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{11A4AA2D-9417-4188-BC48-4AC21DDBE45E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B937AFC-5B30-49B5-A540-2563024755D7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2E62E83D-3492-43E4-8FD3-00FE5FDE149B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{39C9BB28-3E64-4D72-9256-DD9D78A5801E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3C3C4318-CC5F-4EBA-9FFD-394116984BD7}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service | 
"{478B9556-84CB-4C85-B6C4-9980DB3A4D2D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{48018997-FF7B-48CD-8EEC-3DDAD722FF0C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{56339765-AC72-4F02-9F65-E5BD0D49389B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{623A20DD-175F-41EE-99E0-7053133DB27D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B467ADA-C8A4-493F-996A-682918E4DE14}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{906491E3-DB83-4286-BED3-B4C6CC81374A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{96845F3C-C96B-4183-83CC-01E8E39D1D61}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACA61564-A6F1-4A82-A43B-A1A825D1697D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACEE4AFB-CC06-434A-B833-CC565DC4F4D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B17C0ECE-BC01-42F0-8FF1-420DE53B16F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B75DB40D-98EF-4E97-B982-D016D40D7F17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC67A9CF-B18D-4881-B2AA-BE45822FDA5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C501D579-D49A-4785-AA19-3EE44F513A76}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DB86575D-7748-496A-8A87-02B224DC1FA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DFFB135D-7288-4555-A18D-E9FEB80688BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7132E71-6FB8-459E-AECE-E4DE2FF3D1D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDF133A-D852-47B3-A52E-906B79A73C30}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF3FB870-FEF1-4D66-878B-FFAF56F95A80}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B85DE7E-C66B-4EB9-AB2C-6D51FC52ACD8}" = protocol=6 | dir=out | app=system | 
"{256E4694-33F0-4C54-B08D-F583257A8AD2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{2A5BA49B-C8E5-4707-B3F2-6F275227E563}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{2F30F933-2C68-4189-AC2F-1D9A01C30697}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F426983-F419-4A31-8377-EF74051097D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3147BBD9-BFB5-4FC8-B135-7A55F4E218FE}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{396C4596-E386-4B66-B59E-DB9CBA939F4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3B1AFEB0-2A1E-41E6-B048-6D99DF6678B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D611F8F-EB41-4592-9A19-D1E4417E64B8}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{44C2F466-477F-43F0-9FCD-D5231E97C514}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{44E21C11-B543-43E4-B84C-30B371E04719}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{46F2CAC7-177B-4AFC-8116-41E4EFC926E9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{49AFDCA5-7D7C-41AB-9993-C758AC6613F4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{4C8A2256-7B11-492B-88A1-8C939BC26593}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{4E1834A7-102E-4E20-8D2F-EE584293E614}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5D037A22-DD3D-471D-A1C6-7A4F0321B86E}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{65395326-A4E7-4465-9101-4C577EBBF8F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{658A7441-0189-4E97-90E3-512AE08FB852}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6A563585-D7DA-4C3C-B360-20EFA1D3188E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{70F0BE49-9E1E-4E7A-8AAF-F469DE8DB5D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{71CD13AC-94DB-41C6-AF4D-7F2E06ADD15D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{74CA9EE4-FC59-447E-9367-E0BE9A83505B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{81BBB18D-2CDB-49FA-8DC5-EDD9D4565E0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{906562C5-66D4-40D5-8B34-9721F986653E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{975A3DD5-E31E-4DE9-8812-7C3EE7E476A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{9F40DEC1-EA7C-4FE6-ABDA-68CFE8B42396}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A67EC312-7E8D-4947-98E3-1D85CC44E011}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{AA5B5AF0-6380-496C-B8E3-D5EC41FD3700}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{AD74B165-8908-4240-A14E-FCE1A2D7E23C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADF7BB87-8D28-4A71-ADBD-C4B699062572}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{B1999B42-A90F-49CB-9574-5573221E2F10}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{B4DFC0EB-E7DB-4C5C-AD6B-9A3DC90D1723}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF0D8821-07D4-43E0-9C2F-E8BDA4612BAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5F8C48F-8BF0-4ABB-8D7D-501356CAB3E8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D00B7BF8-81A2-443F-B95F-6C04C8862864}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D92C405A-841C-4B57-BFEE-54C27E7ED098}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{E538C1DF-D818-472B-9A1D-7B84386D625E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC483F02-DDB1-4207-AF5E-9424D7BA3F4E}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{EF714913-C2C6-4861-B4EB-C7243692EA5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC52AF94-3FAC-4087-A348-CBCE78DFC0F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{0C031C2A-D915-44CC-B4FC-4A96F10D7CEC}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe | 
"TCP Query User{1F54DCB2-E3A8-4ED5-B3B9-DD1920C1193D}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe | 
"TCP Query User{334088D9-0D85-4968-815F-154DAAF89C36}D:\_installed\ingdoms of amalur\reckoning.exe" = protocol=6 | dir=in | app=d:\_installed\ingdoms of amalur\reckoning.exe | 
"TCP Query User{37921E3A-6FD1-4696-AC80-9F5A02E29470}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{3AE14392-0036-4751-BCB1-C94020C632FF}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{428CF933-1FD9-4E84-9F78-2D62135C145D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{740DF9EA-3C19-436F-A1A8-D8FF408F0492}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{755A698C-E202-4848-9B62-C7624A6C3945}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{78B298D2-983B-4069-91AB-29980E49EF61}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe | 
"TCP Query User{7ABE34BF-0B9B-4D2A-8389-9CE3E5D793AC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{99FBDBC7-270F-492F-B40B-3A48AAC3EB70}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C1674337-9433-47D9-BDB9-FE5F947CE068}D:\_installed\borderlands goty edition\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\_installed\borderlands goty edition\binaries\borderlands.exe | 
"TCP Query User{C473E74A-5283-4709-B210-4E076DC5B45B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{F09FB9ED-4186-414C-BD24-275DA31EEBD3}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe | 
"UDP Query User{107C1BC1-06BE-4127-9180-D7A95735AAEB}D:\_installed\ingdoms of amalur\reckoning.exe" = protocol=17 | dir=in | app=d:\_installed\ingdoms of amalur\reckoning.exe | 
"UDP Query User{2505406F-F742-48C2-AAA8-9969D06189C2}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{30FAB1A1-8210-48F1-AFC0-4B1F607399C3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{41159487-D316-4D3D-B455-30B7A8B8452E}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{54B82C9D-2429-4814-A600-E4C72B7A6825}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe | 
"UDP Query User{6BCCD628-06D8-432B-956F-F6CAC1D52FC8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{7B8EC450-39CE-48E1-83EF-E24295BB024B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{827A61A3-7CFB-472B-9267-818A5116E16F}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{8DCFB6BE-E5F3-4139-B9F9-C2785F88BC8C}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvserver.exe | 
"UDP Query User{97E596F9-7546-4C70-AEB4-6232576E2A63}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B3F1D923-D1DA-4798-A219-C9563B27943C}D:\_installed\borderlands goty edition\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\_installed\borderlands goty edition\binaries\borderlands.exe | 
"UDP Query User{C661650D-B845-4788-AE93-8B20636C8168}C:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\enosoft\enosoft dv processor - unlicensed\remotedvclient.exe | 
"UDP Query User{C897A93B-6484-4F42-AC33-90762C74F5F3}C:\program files (x86)\media player classic - home cinema\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\media player classic - home cinema\mpc-hc.exe | 
"UDP Query User{CDEE3839-95B2-4519-A1B6-1728AB73156E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
"{15231FFA-7E2E-4289-9A9D-A87D158FA62E}" = M-Audio Axiom Driver 1.1.2 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agent Ransack (64-bit)_is1" = Agent Ransack 2010 (64-bit)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
"CCleaner" = CCleaner
"cedocida" = Cedocida DV Codec (32 Bit and 64 Bit)
"Defraggler" = Defraggler
"jEdit_is1" = jEdit 4.5.0
"MediaInfo" = MediaInfo 0.7.41
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Pen Tablet Driver" = Bamboo
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0379CF3E-BED6-474C-AE96-D07E8D7763AC}_is1" = Simple CSS 2.1
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D8A817D-597C-49A6-B90F-7D67C0D7B276}" = Enosoft DV Processor - Unlicensed
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1825AC97-DAFA-1360-D159-431A10716F41}" = GMX SMS-Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.1.4235
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F34E931-7BEA-4BC6-8286-4197EC77EF34}" = Garmin TOPO Deutschland 2012 Pro
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5236C5F0-9539-49DB-829A-D2C964F455D3}" = Ableton Live 8
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{567396A8-B892-455B-907D-463B09E28D46}" = M-Audio Axiom DirectLink for Reason 1.0.0 (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6f1823b2-1f59-4c39-bcc7-3827224b0c12}" = Nero 9
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8B4A6011-BB10-4918-B561-3F6CF5712B37}" = Splash Lite
"{8CD2E489-03F4-4AC0-8B68-D8C7DFE731DD}" = Stereoscopic Player
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95E1E18E-CB4B-4E33-986C-F5667F718C19}_is1" = Kingdoms of Amalur Reckoning Version v1.0
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.25)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllSync_is1" = AllSync
"AnyDVD" = AnyDVD
"AutoHotkey" = AutoHotkey 1.1.00.01
"avast" = avast! Free Antivirus
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.4.2
"Borderlands-u-GOTY_is1" = Borderlands GOTY Edition
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8 Qt_is1" = DVDFab 8.1.2.0 (15/09/2011) Qt
"ffdshow_is1" = ffdshow v1.1.3866 [2011-05-30]
"foobar2000" = foobar2000 v1.1.15
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"GeoSetter_is1" = GeoSetter 3.4.16
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0
"HaaliMkx" = Haali Media Splitter
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"M3U-List Creator V1.3_is1" = M3U-List Creator V1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MeGUI" = MeGUI (remove only)
"MKVtoolnix" = MKVtoolnix 4.9.1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDVD" = Softwarenetz MyDVD
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PhotoME_is1" = PhotoME
"Poker Players Paradise 1.1" = Poker Players Paradise
"quicktime_lite_is1" = QT Lite 4.1.0
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 15.0" = RealPlayer
"ReNamer_is1" = ReNamer
"SciTE4AutoHotkey" = SciTE4AutoHotkey v3 beta 5
"SMPlayer" = SMPlayer 0.6.9
"Spyder2PRO" = Spyder2PRO
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TeamViewer 7" = TeamViewer 7
"The Elder Scrolls V™ SKYRIM Creation Kit_is1" = The Elder Scrolls V™ SKYRIM Creation Kit
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"The Elder Scrolls V™ SKYRIM ModManager_is1" = The Elder Scrolls V™ SKYRIM ModManager
"The Elder Scrolls V™ SKYRIM Script Extender (SKSE)_is1" = The Elder Scrolls V™ SKYRIM (SKSE)
"The Elder Scrolls V™ SKYRIM SkyUI_is1" = The Elder Scrolls V™ SKYRIM SkyUI
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit)
"UndeletePlus™_is1" = UndeletePlus™ 3.0.0.602
"VLC media player" = VLC media player 2.0.2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Waves Diamond Bundle v5.2" = Waves Diamond Bundle v5.2
"Waves Mercury Bundle" = Waves Mercury Bundle
"WinGDB3" = WinGDB3 3.2
"WinRAR archiver" = WinRAR Archivierer
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.7.7
"xp-AntiSpy" = xp-AntiSpy 3.97-10
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1403786494-3412025529-4002163157-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2012 07:29:19 | Computer Name = PC-1 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\_download\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 20.11.2012 08:40:06 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description = 
 
Error - 20.11.2012 13:02:16 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description = 
 
Error - 20.11.2012 19:33:14 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.11.2012 19:34:08 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.11.2012 19:34:28 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe".  Die 
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.11.2012 19:34:41 | Computer Name = PC-1 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll".  Die abhängige
 Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.11.2012 19:39:53 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description = 
 
Error - 21.11.2012 09:22:34 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description = 
 
Error - 21.11.2012 09:33:56 | Computer Name = PC-1 | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 25.02.2011 20:45:02 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:45:02 - Fehler beim Herstellen der Internetverbindung.  01:45:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.02.2011 20:45:35 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:45:31 - Fehler beim Herstellen der Internetverbindung.  01:45:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.03.2011 20:14:19 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:14:19 - Fehler beim Herstellen der Internetverbindung.  01:14:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.03.2011 20:14:52 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 01:14:48 - Fehler beim Herstellen der Internetverbindung.  01:14:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.12.2011 06:59:54 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 11:59:53 - Fehler beim Herstellen der Internetverbindung.  11:59:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 02.12.2011 07:00:27 | Computer Name = PC-1 | Source = MCUpdate | ID = 0
Description = 12:00:23 - Fehler beim Herstellen der Internetverbindung.  12:00:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 21.11.2012 08:54:40 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.11.2012 08:55:08 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 21.11.2012 08:55:08 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 21.11.2012 09:38:48 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 21.11.2012 09:41:55 | Computer Name = PC-1 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.11.2012 09:43:18 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 21.11.2012 12:44:09 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.11.2012 12:44:09 | Computer Name = PC-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 21.11.2012 12:44:17 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 21.11.2012 12:44:17 | Computer Name = PC-1 | Source = WMPNetworkSvc | ID = 866306
Description = 
 
 
< End of report >

Alt 21.11.2012, 18:09   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Zitat:
Ich dachte immer, es sei sinnvoll miese Seiten bereits in der Hosts durch Spybot sperren zu lassen - ähnlich wie Adblock direkt im Firefox. Warum ist sowas "unnötig"?
Für sowas braucht man kein Spybot
Mehr dazu später (MVPS Hostsfile)

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 1321 bytes -> C:\ProgramData\Microsoft:33AcTZ4fuoqnyEmD7
@Alternate Data Stream - 1271 bytes -> C:\ProgramData\Microsoft:PSZyhJsBHJOBO9tCg6Zjk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.11.2012, 18:16   #11
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Was ist denn ein Clientauflösungscache?

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
ADS C:\ProgramData\Microsoft:33AcTZ4fuoqnyEmD7 deleted successfully.
ADS C:\ProgramData\Microsoft:PSZyhJsBHJOBO9tCg6Zjk deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\nomane\Desktop\cmd.bat deleted successfully.
C:\Users\nomane\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: nomane
->Temp folder emptied: 34517 bytes
->Temporary Internet Files folder emptied: 8389144 bytes
->Java cache emptied: 2984174 bytes
->FireFox cache emptied: 55833647 bytes
->Opera cache emptied: 879108 bytes
->Flash cache emptied: 57331 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 66,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11212012_181122

Files\Folders moved on Reboot...
C:\Users\nomane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 21.11.2012, 19:24   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Zitat:
Was ist denn ein Clientauflösungscache?
DNS-Cache


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.11.2012, 12:46   #13
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Mist, ich glaub bei Eset ist was schief gelaufen... Das hat locker 7 Stunden gedauert, bin dann irgendwann pennen gegangen. Zuletzt zeigte er aber 2 Bedrohungen. Heute morgen war der Rechner dann neu gestartet und im Log stand:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
Denke mal ich hab verpasst das Ding als Admin auszuführen, ist das plausibel?

Bei MBAM ist alles ok soweit:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nomane :: PC-1 [Administrator]

Schutz: Deaktiviert

21.11.2012 23:27:49
mbam-log-2012-11-21 (23-27-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232381
Laufzeit: 6 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 22.11.2012, 13:14   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


Zitat:
Denke mal ich hab verpasst das Ding als Admin auszuführen, ist das plausibel?
Vermutlich ja, mach es mal so:
Dieses Setup von ESET von runterladen => http://filepony.de/download-eset_online_scanner/
Beende danach alle Programme und starte das Setup via Rechtklick => als Administrator ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.11.2012, 02:56   #15
nomaneq
 
ctfmon.lnk lsass.exe BKA-Trojaner - Standard

ctfmon.lnk lsass.exe BKA-Trojaner


So, Eset ist durch... das waren bloß 2 uralte Dateien.

Code:
ATTFilter
E:\Nostalgie\Tools\unlocker1.8.8.exe	Win32/Adware.ADON application
E:\Nostalgie\video\Pegasus - PicVideo 2.1+3 - Codecpack + Keygen.rar	probably a variant of Win32/Agent.JWDADAS trojan
Einfach löschen, denke ich, oder?

Kannst du mir denn zum Abschluss noch sagen was ich mir da eigentlich eingfangen hab? Hatte den Eindruck, dass neben dem inaktiven BKA-Teil (War ja nix verschlüsselt) nochwas anderes da war... insgesamt eher harmlos oder bedenklich?

Hab auch mal deinen Tipp mit MVPS Hosts befolgt... sowas hatte ich gesucht, danke schonmal dafür
Kannst du mir dazu evtl. das mit dem DNS-Cache erklären? Auf der MVPS-Seite steht ja, daß man bei Win7 den DNS-Client auf manuell stellen bzw. in der Registry Min- und Max-Werte verändern soll. Hast du eine Empfehlung dazu? Ich verstehe nicht wirklich, wie das Ganze zusammenhängt.

Hast du sonst noch Tipps? Evtl. ein paar gute Tools z.B. um Müll aufzuräumen? Nutze bisher wie gesagt CCleaner... wieso sollte man davon die Registry-Reinigung nicht nutzen? Ärgere mich sehr darüber, daß z.B. jetzt bei den Logs Einträge auftauchen, die längst nicht mehr da sein sollten, weil die Programme schon lange nicht mehr existieren.

Antwort
Seite 1 von 2 1 2

Themen zu ctfmon.lnk lsass.exe BKA-Trojaner
32 bit, 7-zip, adobe, antivirus, application/pdf:, avast, bho, canon, error, explorer, fehler, firefox, flash player, format, h.264/mpeg-4, helper, hijack, home, iexplore.exe, install.exe, jdownloader, logfile, mozilla, msvcrt, nvidia update, plug-in, realtek, registry, richtlinie, rundll, scan, security, software, tablet, temp, udp, wgsdgsdgdsgsd.exe


« "Polizei: Cyber Crime Investigation Department" Schadsoftware | GVU-Trojaner auf Win7 »


Ähnliche Themen: ctfmon.lnk lsass.exe BKA-Trojaner


  1. Windows 7: ctfmon.lnk (Trojaner) entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (10)
  2. GVU Trojaner (cfmon.lnk + lsass.exe)
    Log-Analyse und Auswertung - 12.12.2012 (17)
  3. wgsdgsdgdsgsd.exe, lsass.exe, ctfmon.lnk
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (13)
  4. Trojaner ctfmon.Ink auf XP
    Log-Analyse und Auswertung - 03.12.2012 (9)
  5. Ukash Luxemb. Polizei Trojaner , Isass.exe, ctfmon.lon, TR/Drop.Injector.fydy Trojan
    Log-Analyse und Auswertung - 15.11.2012 (16)
  6. GVU Trojaner ctfmon.exe windows 7
    Log-Analyse und Auswertung - 14.11.2012 (7)
  7. Bei Systemstart Trojaner mit Webcam (lsass.exe / ctfmon.lnk / Trojan.Delf)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (1)
  8. Bundespolizei Trojaner: ctfmon.lnk
    Log-Analyse und Auswertung - 27.09.2012 (13)
  9. GUV Trojaner 2.07, ctfmon.lnk
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (13)
  10. BKA-Trojaner - ..\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 14.09.2012 (9)
  11. BKA Trojaner zwar identifiziert(über malware: ctfmon.ink) kann ihn aber nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (3)
  12. GVU Trojaner 2.07, MBAM nicht ausführbar, ctfmon.lnk @Autorun und weitere Dateien schreibgeschützt
    Log-Analyse und Auswertung - 30.07.2012 (2)
  13. Bundespolizei-Trojaner ctfmon.lnk
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (18)
  14. ctfmon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.07.2009 (2)
  15. trojaner Ctfmon.exe
    Plagegeister aller Art und deren Bekämpfung - 10.10.2007 (7)
  16. lsass.exe - Trojaner?
    Log-Analyse und Auswertung - 18.04.2007 (2)
  17. CTFMON.EXE - Trojaner?
    Log-Analyse und Auswertung - 22.11.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ctfmon.lnk lsass.exe BKA-Trojaner - Hallo Beim Absurfen von diversen Seiten hatte ich plötzlich diese ominöse BKA-Meldung von wegen 100.-EUR zahlen usw... Ich hab dann eure Seite gefunden und bereits zuvor mit MalwareByte Antimalware einen - ctfmon.lnk lsass.exe BKA-Trojaner...
Archiv
Du betrachtest: ctfmon.lnk lsass.exe BKA-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131