Fehler beim Laden von C:Windows\system32\sshnas.dll

OhioGelenk · 25.12.2012, 15:31

Hallo Community,
wie schon in der Überschrift geschrieben kommt jedes mal nach starten meines PCs diese Fehlermeldung: Fehler beim Laden von C:Windows\system32\sshnas.dll.
Ich bekomm die Fehlermeldung bestimmt schon seid über einem halben Jahr, dachte aber immer, dass das nix schlimmes ist, weil ja schließlich noch alles funktioniert hat(Bin ein Computeranalphabet, habt Nachsicht).
Heute hab ich aber mal diese Meldung gegoogelt und heraus gefunden das es sich dabei um einen Trojaner handelt. Viele hatten das Problem nur bin ich nicht wirklich auf eine Lösung gestoßen, deswegen schreib ich hier einfach mal rein.

Hab einen Quick Scan mit Malwarebytes Anti-Malware gemacht. (Wollte eigentlich einen vollständigen machen, nur bekomm ich nach ca. 2 Stunden Scan einen Bluescreen)
Nach dem Quick Scan wurden vier Dateien in Quarantäne gestellt und seitdem bekomm ich die Fehlermeldung auch nicht mehr. Hab aber hier gelesen, dass das nicht unbedingt was heißen muss.
Hier der Report vom Quick Scan:

Zitat:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.24.03

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Jan Gerdes::JANGERDES-PC [Administrator]

Schutz: Aktiviert

24.12.2012 11:50:45
mbam-log-2012-12-24 (11-50-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306562
Laufzeit: 6 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LosAlamos (Trojan.FakeAlert) -> Daten: rundll32.exe C:\Windows\system32\sshnas.dll,NvTaskbarInit -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dann hab ich mir auch den Defogger runtergeladen und ausgeführt und danach dann den OTL.
Hier dann einmal die beiden Dokumente(Ich wollte eigentlich nen Link senden, nur klappt das nicht so ganz):

Extras.Txt:

Zitat:

OTL Extras logfile created on: 25.12.2012 14:53:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan Gerdes\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,72% Memory free
8,18 Gb Paging File | 5,76 Gb Available in Paging File | 70,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,61 Gb Total Space | 260,88 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
Drive D: | 11,56 Gb Total Space | 1,56 Gb Free Space | 13,46% Space Free | Partition Type: NTFS
Drive E: | 680,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 962,70 Mb Total Space | 585,77 Mb Free Space | 60,85% Space Free | Partition Type: FAT

Computer Name: JANGERDES-PC | User Name: Jan Gerdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C5DCB0-1C9A-45CF-80CF-8A4D7DD290B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B001F0C-526A-4F65-AA04-A9E2ADDD150B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B9E809A-063E-43AB-8FB2-E52239FB9724}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BE1D342-6193-4F36-8F12-7EC71D6D91F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AD0B7E0-AF70-479F-A0D9-DE615954DB41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{275A99B2-E617-4C00-A131-65332B23D407}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DDA9833-13AC-4716-8FA9-B65D15CE2856}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{343CC9F5-E601-48A1-800D-BD59ED7564A9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{35098093-F358-4765-A509-83F4F4EEBE88}" = rport=10243 | protocol=6 | dir=out | app=system |
"{391EEF56-2734-4B76-82F2-EFE78FC117D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A155512-274E-4ADA-9708-348EA7D7195A}" = lport=139 | protocol=6 | dir=in | app=system |
"{3A34B94A-0894-42A2-AF2C-149C36F7AABE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40815467-0FF6-4826-8FF9-0C3E2786FD39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{41F0201C-2BC9-4D77-8B62-289AF5B31A10}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4903408F-0778-484C-A52A-CB1AE74C401B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4D287E3D-08A4-4F8A-8DD6-AC62A93C0150}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{61460E83-1C30-4F50-A305-B2363B4006BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{61F41127-D97D-4980-B43E-1B3C0FE22979}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6387FCD3-B462-4904-A0A2-CEE952531A28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{670FA5D8-F7A0-4F1D-BFC4-6CC5CF1CA523}" = lport=138 | protocol=17 | dir=in | app=system |
"{6CF24E5F-570A-4E6A-BC7E-259B4E126967}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6FDF9A9B-96B4-4D02-A76A-2F9FA1AB1879}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{738E2288-7F1C-4C31-B7F1-556B57FDF5BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{791B50B2-07F0-4112-9AB7-81BF130F0133}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E621995-74FB-421C-8231-5205A6019784}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80285907-1A41-48E3-B108-97C0F300DFB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{82A13071-B01B-426E-8975-36A6E569E016}" = lport=3390 | protocol=6 | dir=in | app=system |
"{842BB45D-577B-407D-8B03-3E1885228F35}" = rport=138 | protocol=17 | dir=out | app=system |
"{845BBEDD-AF03-46C0-85C6-EB02502ACF75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86510686-8795-451F-A0E0-A202B6E12773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{913D64D0-BAC5-4C98-81E6-F1411D22F092}" = lport=10244 | protocol=6 | dir=in | app=system |
"{96717B7D-FD30-47D4-A665-42D99FEC5106}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A26F061-B191-410C-9073-EE374529BDC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9E1E12E9-AEA8-452F-9E3A-CDA486C4E79D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{9E258E73-6892-42DD-A0DB-4FAF204B8EDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A291CA8E-2D4C-43C6-BF5C-C999F3883E4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A59F8968-75D4-4EA7-8003-C372BEB104F7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A633A46C-19E6-4417-824D-E8532547AF40}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA57CE68-25BF-4C65-AC3C-374A3E4314D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ABAAA1DB-43D6-4CB5-AB46-B08ACA49221E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B23EEFD3-5CBA-4EF5-85D6-7DEC05FA7637}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B65AF21C-8A74-4881-8B21-CAE85F7DACFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D09C8F15-E2D7-4F94-AC46-5C93217F2531}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D46DEA2A-A9DF-4FC9-95BB-F1B91D49913D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F04474-8578-4818-B7EB-BACF1B727155}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E0A0D8D4-4747-421C-A279-FF6F493495CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA17F5E3-78D2-4B87-A324-9AE23703F992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB0535B7-F939-457D-B3E5-0E725CAE00E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF745BB2-BDC9-4449-AED9-06B3DAEC5A26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD2A7280-5A6F-4F28-A145-D5894E144D4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002F252D-C187-4F1D-B458-D22C4270E406}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{00C64CC4-6891-4494-9113-F6795E10AA52}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe |
"{02404206-D8D7-427A-9F99-2E5E31B460C8}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{024FE40D-5E00-4265-B9B5-A1293DDFC9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{02CD1318-0FD9-4BD4-B4EC-6A5E3617097A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0B586977-0421-4DB4-A2AC-F024B1E86918}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{0B8E523C-16CA-47F9-9948-7DBD7C29DB81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11B808D5-20D1-497C-AC45-40C473962F03}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{1534B867-4F28-46D4-8E74-F844E17F9A7E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{168855BB-D397-462D-953D-40AE8DE7B067}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4hi.exe |
"{17E1C646-A914-4630-A6D5-8C26C2B6D85F}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe |
"{1AB2B977-337F-4AE8-A9FC-93CD04CBCBF0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1DD3A32B-79A4-4E2A-9FD6-2AC85090158B}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{209C0385-301E-411F-8014-778929AF1535}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{211C8BFA-BF02-4AFA-8923-8EC0CB400728}" = protocol=17 | dir=in | app=c:\users\jan gerdes\downloads\sweetimsetup.exe |
"{215D63D8-7E98-4B4E-A744-74C42EFB1D4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{215FE5FD-8C6D-47EF-B1A0-E9E7F1F8C296}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{288D1A32-062C-4ABE-8E08-F5C37BF96046}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator 2011\iupdate.dll |
"{3154FAE1-6443-4B5F-A0BC-5865AAC4DEAA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{354F333D-D8B4-4906-AF24-110057B33633}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{367C2234-A8F7-4A9E-A6B8-96B9DD515E42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CD35116-2B06-4DB2-81FC-8651FAD247B8}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{3D1E8FDB-BA2E-43BC-BA51-378FB7DE5618}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4hi.exe |
"{3EB8046E-CCC5-4865-9FBD-69FF745F72EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F659DE7-E12D-4516-B139-FC3C664760BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{415137B8-0AF1-4027-BAF7-D43D2D9A1700}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\farm.bga.dll |
"{4380149A-5F81-4078-A2CD-AE00CF6F47A1}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator 2011\iupdate.dll |
"{43BCA487-901F-4B38-99E2-CB31A6087359}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{47EB364C-74FB-43A5-A27B-615E376EA723}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\iupdate.dll |
"{495ADF8A-7770-4568-982E-F8FBA8C9E237}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49D5D44D-E042-4FC5-BAD1-FA99FD6F1B89}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4A1970D7-B6C3-42CA-A89E-58351914EBD1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{4B5EE28C-ABD3-4C47-B938-00E8016D1659}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4low.exe |
"{4C80DEFB-820C-4BB7-BE59-7E2D7E56F325}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{50216335-5B8D-4861-BE9A-A537DD79C726}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{504FE0EB-AAA2-4296-A28D-8215176B5FBC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5B50A988-AD20-4D57-8253-C6FE4668F41D}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe |
"{607E0281-12A5-49C1-B677-B519F1FB1234}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{61FFDD5D-1B6D-4A56-9C94-F2DBE6677539}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{63E849B5-533D-4FA1-A87F-CB41DC5D1FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriverlauncher.exe |
"{6DE5B49F-FFA0-4C54-8F42-1EB0F228727E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FB68DED-F0A3-4DA1-A1E7-FCF9BA0F87DD}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{724B00FF-6E77-45D4-B441-2414D3D06717}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\iupdate.dll |
"{7504CFC7-3185-48F0-8B6C-51A49F9A7918}" = dir=in | app=c:\users\jan gerdes\documents\the war z\warz.exe |
"{7A105F6C-14C0-4381-8180-1AF726C7870C}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\farm.bga.dll |
"{7B8FE7DA-40FB-4EC6-B357-27DADB80067A}" = protocol=6 | dir=in | app=c:\users\jan gerdes\downloads\sweetimsetup.exe |
"{845B67BC-696E-4970-B3B7-3541A9595ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{88180D26-3D26-4A49-B7EA-69FCBE4FBD88}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{8AB31BC2-52AE-41D9-AA92-24EB0CA375B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E73EFDD-11AD-4D32-B96A-9DC7C1255005}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F54491A-A1AA-4970-B9D9-0B035031F90D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{917F2F79-E0B1-49DF-8007-AF79C063BC27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95C187C0-CC4F-4E28-B19F-6369C184F5C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{995EFC1F-9742-4568-AFA6-2455DB99B7FC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{995F6F94-0015-4AAC-8F5D-4F99B88D4259}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{9BBB4764-067D-4A2B-8418-877D25E2A77D}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator 2011\farm.dll |
"{A03CBC52-93A2-41C1-B95B-C0C94B6807F2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe |
"{A2A2D2AF-63A7-46F6-A2A3-06458961E7EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A89D79E7-9662-4EDA-945E-05738F881DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{A9AC29AF-AF4C-4398-A08E-64434BE5F848}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AAABD9BB-80E4-4551-A6D0-30DB6C062765}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AB0777CF-6B0F-4B1F-AFA7-610F8B99F17E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B45CDF71-EE5F-45E0-811B-3F250BB05037}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C1B9C75B-6F6D-49CA-AB0D-CCAA25603F05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6CDB16B-7367-46F1-8DF3-0BEAEF734685}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C793082A-93A1-4EE3-862E-66C72CE8D342}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C96ED7B9-50EF-46A4-B71D-1FCB3F8C84D0}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{CA4FD3D2-3BFD-426F-8B63-CC3AF15D2D32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB6EA4EE-DD22-4A73-B64D-AC4BD65FA34D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB822875-499A-4E55-B46F-58A243B2D497}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{D2881552-957B-4857-B61E-B78A0C875256}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D781F8BE-E28E-4AF9-AA9E-00EF83620C6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D85BD06D-4FFD-439A-A372-B0A945E9A1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe |
"{DC296A6C-2C76-418A-B736-3DD95A082F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{DD7D84AF-87F4-4CCE-870B-A748924B5F14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DDE4575D-FB29-4455-BDA7-E3227BE2FAB8}" = protocol=6 | dir=out | app=system |
"{E050F5B9-A8A8-4A2B-BF5C-645B233B6161}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriverlauncher.exe |
"{E19EF93B-1CFC-4A88-9BBE-C32CFB72D4EE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E4C4B3F4-7BD1-4FD4-B869-FBF084AEC726}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4low.exe |
"{E6084A9D-A738-4B9E-8DAC-C6FB12834CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{E6AAD340-FC68-4736-8480-3AEFEA2CDF70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E96238B4-C44A-420E-AEB9-26B33532D29F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe |
"{EA537C96-F897-4E17-94B2-F74CA1E1BA0D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EA9D5AB4-725B-4DCC-95E7-B87E5CEB9D17}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{EB8D1273-A553-47D2-9B40-45A4571AD041}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe |
"{F07B13CD-49D6-44F9-8D95-7B4DF44E0A31}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator 2011\farm.dll |
"{F2016D04-D573-4520-8FB6-8B5559D77C73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD58C3F2-E35B-4F3F-BF38-6E6304D66EB5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{18A0CFB2-9D2B-4269-AE37-E7C642EFD2F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8A8B1A4C-A0BC-4E4C-9C6A-C6170C061701}C:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe |
"TCP Query User{8D641396-D862-476D-B152-4AF19846C0E9}C:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe |
"TCP Query User{A0495165-064F-4CC0-A9B9-740285741FA4}C:\users\jan gerdes\desktop\1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\jan gerdes\desktop\1.6\hl.exe |
"TCP Query User{CC292F5A-80DA-4B7F-8816-564EE88B1602}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{476194D9-0C60-42AF-9504-132087836D3E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6A68EAA0-15D9-4421-A202-28ADFC752821}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{9D8A6D64-0509-42FB-BBD6-8364029EF712}C:\users\jan gerdes\desktop\1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\jan gerdes\desktop\1.6\hl.exe |
"UDP Query User{CD915A09-2735-466A-BAEB-349746B18A9F}C:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe |
"UDP Query User{F5238CF1-913C-424A-842F-D0D54549D0A3}C:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.3.0
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{434D083E-A4CC-401A-9E74-621000038101}" = OF: Red River
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55DAC754-01F4-4EF8-9E23-6A1847862FBD}_is1" = Winterberg Configurator Version WEM Confi 8.5
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5F7ED0CD-E04E-4441-9E03-10AFDB654E96}_is1" = Werksfeuerwehr-Simulator Version 1.0
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B399BFBA-258C-4C01-B929-D0D0873FBC4B}" = TL-PA211 Powerline Utility
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{Wegberg-Modifikation-5-0}_is1" = Feuer- und Notfallsimulation Wegberg Version 5.0
"1ClickDownload" = OnlineHDTV
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm für Cobra 11 - Das Syndikat_is1" = Alarm für Cobra 11 - Das Syndikat
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emergency 2012" = Emergency 2012 Deluxe
"Free Studio_is1" = Free Studio version 5.7.2.825
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCologne" = NetCologne-Installationsdateien entfernen
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Real Heroes - Firefighter_is1" = Real Heroes Firefighter
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair v4.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinDSL" = WinDSL
"WinPcapInst" = WinPcap 4.1.1
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.12.2012 19:25:36 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:25:37 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:25:37 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:25:37 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:25:37 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:25:37 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:25:37 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 19:35:07 | Computer Name = JanGerdes-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 734 Anfangszeit: 01cde0f5e219ee25 Zeitpunkt
der Beendigung: 0

Error - 23.12.2012 20:08:18 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 23.12.2012 20:08:18 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11.10.2012 08:29:22 | Computer Name = JanGerdes-PC | Source = Mcx2Dvcs | ID = 401
Description =

[ System Events ]
Error - 25.12.2012 08:26:04 | Computer Name = JanGerdes-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 25.12.2012 09:45:20 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 25.12.2012 09:48:43 | Computer Name = JanGerdes-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.12.2012 um 14:43:10 unerwartet heruntergefahren.

Error - 25.12.2012 09:48:46 | Computer Name = JanGerdes-PC | Source = HTTP | ID = 15016
Description =

Error - 25.12.2012 09:48:58 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 25.12.2012 09:48:59 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 25.12.2012 09:49:22 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25.12.2012 09:49:22 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25.12.2012 09:50:09 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 25.12.2012 09:50:53 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

OTL.Txt:

Zitat:

OTL logfile created on: 25.12.2012 14:53:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan Gerdes\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,72% Memory free
8,18 Gb Paging File | 5,76 Gb Available in Paging File | 70,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,61 Gb Total Space | 260,88 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
Drive D: | 11,56 Gb Total Space | 1,56 Gb Free Space | 13,46% Space Free | Partition Type: NTFS
Drive E: | 680,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 962,70 Mb Total Space | 585,77 Mb Free Space | 60,85% Space Free | Partition Type: FAT

Computer Name: JANGERDES-PC | User Name: Jan Gerdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012.12.24 12:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan Gerdes\Downloads\OTL.exe
PRC - [2012.12.05 17:53:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.31 14:01:25 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.10.16 17:08:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.05.24 11:22:44 | 002,033,488 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
PRC - [2011.02.25 20:54:00 | 000,046,592 | ---- | M] (AlcaTech) -- C:\Windows\SysWOW64\mmrtkrnl.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012.12.05 17:53:31 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.04.24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2012.12.05 17:53:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.31 14:01:25 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.16 17:08:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.04.20 13:50:08 | 000,615,728 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2010.06.17 14:19:50 | 000,035,840 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.20 19:19:54 | 000,047,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.01.28 13:10:14 | 000,134,880 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\acedrv09.sys -- (acedrv09)
DRV:64bit: - [2008.05.10 02:58:09 | 000,140,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST)
DRV:64bit: - [2008.03.17 18:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\ckldrv.sys -- (NetworkX)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.02.27 02:15:20 | 000,092,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV - [2010.11.28 20:30:12 | 000,018,048 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.26 13:40:19 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2006.11.28 21:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}
IE:64bit: - HKLM\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.internetcologne.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8D4CDE90-8D36-4DE4-9375-A9741605B19D&apn_sauid=C2528B57-96C3-40C2-9841-E07D7A9D66E5
IE - HKCU\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = nc-gerdesfr@netcologne.de

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..keyword.URL: "hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 17:53:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 17:53:08 | 000,000,000 | ---D | M]

[2009.03.26 20:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Extensions
[2012.12.15 13:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions
[2010.05.03 15:45:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.05 13:58:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions\moveplayer@movenetworks.com
[2012.10.22 11:42:46 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.24 11:38:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.02 16:20:54 | 000,002,299 | ---- | M] () -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\searchplugins\askcom.xml
[2010.03.04 18:16:00 | 000,000,881 | ---- | M] () -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\searchplugins\conduit.xml
[2010.08.13 20:23:55 | 000,001,589 | ---- | M] () -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\searchplugins\web-search.xml
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.05 17:52:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2012.12.05 17:52:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.12.05 17:52:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.05 17:53:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.07.31 19:06:54 | 000,089,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\Extras.dll
[2009.07.31 18:47:11 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\Movies.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe File not found
O4 - HKCU..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - Startup: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC43B4D4-EB47-4867-AC3F-B1CC51339A1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2006.08.31 16:48:52 | 003,170,304 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.23 13:34:28 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1205a735-08f0-11e0-8ebe-002215336a8b}\Shell - "" = AutoRun
O33 - MountPoints2\{1205a735-08f0-11e0-8ebe-002215336a8b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{343fbcfb-4d0e-11dd-bde4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{343fbcfb-4d0e-11dd-bde4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2006.08.31 16:48:52 | 003,170,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.24 11:49:40 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Roaming\Malwarebytes
[2012.12.24 11:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.24 11:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.24 11:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.24 00:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.23 22:36:56 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\DVD Video Soft
[2012.12.23 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\Emergency
[2012.12.05 17:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.26 17:42:16 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Documents\Arktos
[2012.11.26 17:42:16 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Local\Arktos
[2012.11.26 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Local\CrashRpt
[2012.11.26 17:17:53 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Documents\The War Z
[2012.11.26 17:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jan Gerdes\*.tmp files -> C:\Users\Jan Gerdes\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.25 14:55:21 | 001,588,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.25 14:55:21 | 000,681,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.25 14:55:21 | 000,640,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.25 14:55:21 | 000,149,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.25 14:55:21 | 000,122,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.25 14:54:59 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A904537-B371-47EE-A20C-594D18C043A0}.job
[2012.12.25 14:51:33 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.25 14:48:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 14:48:53 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.25 14:48:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.25 14:45:24 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.25 14:26:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.24 22:12:56 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3A84B897-A39D-439C-8BDD-53E79D2401A0}.job
[2012.12.24 12:23:29 | 000,000,000 | ---- | M] () -- C:\Users\Jan Gerdes\defogger_reenable
[2012.12.24 12:00:53 | 000,002,615 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\Microsoft Office Word 2007.lnk
[2012.12.24 11:49:30 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.24 00:41:15 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.26 17:17:53 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\The War Z.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jan Gerdes\*.tmp files -> C:\Users\Jan Gerdes\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.24 12:23:29 | 000,000,000 | ---- | C] () -- C:\Users\Jan Gerdes\defogger_reenable
[2012.12.24 11:49:30 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.24 11:49:29 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.24 00:41:15 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.24 00:38:26 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.26 17:17:53 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\The War Z.lnk
[2012.11.15 21:09:54 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2012.11.15 21:09:54 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll
[2012.11.15 21:09:54 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012.09.14 13:43:39 | 000,000,530 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.03.25 16:14:02 | 000,017,408 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\WebpageIcons.db
[2012.02.17 23:36:25 | 000,000,098 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\fusioncache.dat
[2012.02.17 23:34:09 | 001,566,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.10 18:43:20 | 000,055,356 | R--- | C] () -- C:\Users\Jan Gerdes\verkleinert.jpg
[2011.04.01 13:12:21 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.01 13:11:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.29 15:45:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.19 19:49:24 | 000,002,528 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\$_hpcst$.hpc
[2010.08.04 18:41:07 | 000,000,205 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\mdbu.bin
[2009.12.22 13:55:23 | 000,021,259 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\UserTile.png
[2009.03.29 10:35:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.03.01 13:57:52 | 000,003,072 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\wklnhst.dat
[2009.01.10 21:35:55 | 000,000,680 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\d3d9caps.dat
[2008.12.27 14:24:25 | 000,024,576 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2009.10.07 15:30:29 | 000,000,000 | -HSD | M] -- C:\Users\Jan Gerdes\AppData\Roaming\.#
[2012.06.26 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\.minecraft
[2012.06.19 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\AlcaTech
[2009.01.13 17:39:55 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Disney Interactive Studios
[2012.09.16 21:28:58 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoft
[2012.04.29 20:28:16 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.02 18:07:51 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Engelmann Media
[2010.08.01 10:53:54 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Feuerwache
[2010.12.03 16:57:00 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\GetRightToGo
[2010.08.12 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Leadertech
[2011.10.05 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\LeitSim4
[2010.02.05 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\lennox
[2009.03.03 14:33:24 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\muvee Technologies
[2011.02.20 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\My Games
[2012.12.25 15:03:38 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\NetSpeedMonitor
[2012.02.15 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\ObviousIdea
[2010.12.20 17:41:56 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\PC Suite
[2009.03.03 14:48:38 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\PlayFirst
[2011.01.23 14:47:33 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\ProtectDisc
[2011.04.01 13:11:47 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\PunkBuster
[2011.01.05 16:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\RigNRoll_ger
[2011.11.27 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Rovio
[2012.10.14 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Samsung
[2011.09.22 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Subversion
[2009.03.01 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Template
[2012.12.24 00:43:48 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\TS3Client
[2012.12.23 22:09:56 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\Ubisoft
[2011.03.04 09:56:55 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\WinBatch
[2012.09.15 22:26:13 | 000,000,000 | -HSD | M] -- C:\Users\Jan Gerdes\AppData\Roaming\wyUpdate AU
[2012.11.14 11:08:46 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\XnView
[2010.04.26 16:56:45 | 000,000,000 | ---D | M] -- C:\Users\Jan Gerdes\AppData\Roaming\YoudaGames

========== Purity Check ==========

< End of report >

Ich hoffe das ich nix vergessen hab und schonmal Danke im vorraus für die Hilfe.
Und wie oben schon geschrieben, bin ich nicht sonderlich bewandert was Computerwissen angeht, von daher wäre es nett wenn ihr ein bisschen Rücksicht nehmt

Grüße Jan

PS: Frohe Weihnachten

cosinus · 27.12.2012, 09:14

Hallo und

Hast du noch weitere Logs von Malwarebytes oder anderen Scannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten

OhioGelenk · 27.12.2012, 14:03

Nein ansonsten hab ich keine Logs.
Ich hatte nur Malwarebytes und OTL drüber laufen lassen

cosinus · 27.12.2012, 14:06

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

OhioGelenk · 27.12.2012, 14:38

Also ich hab jetzt mit dem Malwarebytes Anti Rootkit BETA einen Scan gemacht und er sagt mir das keine Malware gefunden worden ist und das kein Cleanup erforderlich sei.
Ich kann dann jetzt nur auf Previous und Exit klicken

cosinus · 27.12.2012, 14:50

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

OhioGelenk · 27.12.2012, 15:36

Einmal aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 14:55:40
-----------------------------
14:55:40.945    OS Version: Windows x64 6.0.6001 Service Pack 1
14:55:40.945    Number of processors: 3 586 0x203
14:55:40.945    ComputerName: JANGERDES-PC  UserName: Jan Gerdes
14:55:42.908    Initialize success
14:58:33.774    AVAST engine defs: 12122701
14:59:07.223    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
14:59:07.225    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 6
14:59:07.241    Disk 0 MBR read successfully
14:59:07.244    Disk 0 MBR scan
14:59:07.248    Disk 0 unknown MBR code
14:59:07.251    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       598640 MB offset 63
14:59:07.281    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        11836 MB offset 1226016540
14:59:07.319    Disk 0 scanning C:\Windows\system32\drivers
14:59:14.819    Service scanning
14:59:36.043    Modules scanning
14:59:36.049    Disk 0 trace - called modules:
14:59:36.066    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys 
14:59:36.070    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f66e0]
14:59:36.285    3 CLASSPNP.SYS[fffffa60009cbb3a] -> nt!IofCallDriver -> [0xfffffa8003ae1440]
14:59:36.289    5 acpi.sys[fffffa60008f5ff6] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8003ae1950]
14:59:38.148    AVAST engine scan C:\Windows
14:59:45.765    AVAST engine scan C:\Windows\system32
15:03:31.798    AVAST engine scan C:\Windows\system32\drivers
15:03:46.315    AVAST engine scan C:\Users\Jan Gerdes
15:24:01.489    AVAST engine scan C:\ProgramData
15:29:04.723    Scan finished successfully
15:29:52.326    Disk 0 MBR has been saved successfully to "C:\Users\Jan Gerdes\Desktop\MBR.dat"
15:29:52.331    The log file has been saved successfully to "C:\Users\Jan Gerdes\Desktop\aswMBR.txt"

und TDSSKiller

Code:

ATTFilter

15:30:02.0219 1176  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:30:02.0398 1176  ============================================================
15:30:02.0398 1176  Current date / time: 2012/12/27 15:30:02.0398
15:30:02.0398 1176  SystemInfo:
15:30:02.0398 1176  
15:30:02.0398 1176  OS Version: 6.0.6001 ServicePack: 1.0
15:30:02.0398 1176  Product type: Workstation
15:30:02.0398 1176  ComputerName: JANGERDES-PC
15:30:02.0399 1176  UserName: Jan Gerdes
15:30:02.0399 1176  Windows directory: C:\Windows
15:30:02.0399 1176  System windows directory: C:\Windows
15:30:02.0399 1176  Running under WOW64
15:30:02.0399 1176  Processor architecture: Intel x64
15:30:02.0399 1176  Number of processors: 3
15:30:02.0399 1176  Page size: 0x1000
15:30:02.0399 1176  Boot type: Normal boot
15:30:02.0399 1176  ============================================================
15:30:03.0059 1176  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:30:03.0062 1176  Drive \Device\Harddisk1\DR6 - Size: 0x1D7E00000 (7.37 Gb), SectorSize: 0x200, Cylinders: 0x3C2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:30:03.0084 1176  ============================================================
15:30:03.0084 1176  \Device\Harddisk0\DR0:
15:30:03.0091 1176  MBR partitions:
15:30:03.0091 1176  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x491386DD
15:30:03.0091 1176  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4913871C, BlocksNum 0x171E7A5
15:30:03.0091 1176  \Device\Harddisk1\DR6:
15:30:03.0093 1176  MBR partitions:
15:30:03.0093 1176  ============================================================
15:30:03.0270 1176  C: <-> \Device\Harddisk0\DR0\Partition1
15:30:03.0346 1176  D: <-> \Device\Harddisk0\DR0\Partition2
15:30:03.0346 1176  ============================================================
15:30:03.0346 1176  Initialize success
15:30:03.0347 1176  ============================================================
15:30:34.0107 2116  ============================================================
15:30:34.0108 2116  Scan started
15:30:34.0108 2116  Mode: Manual; SigCheck; TDLFS; 
15:30:34.0108 2116  ============================================================
15:30:35.0049 2116  ================ Scan system memory ========================
15:30:35.0049 2116  System memory - ok
15:30:35.0049 2116  ================ Scan services =============================
15:30:35.0219 2116  [ EAE3D29874F8D26E3EC9886FE6D8FBF5 ] acedrv09        C:\Windows\system32\drivers\acedrv09.sys
15:30:35.0415 2116  acedrv09 - ok
15:30:35.0581 2116  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
15:30:35.0595 2116  acedrv11 - ok
15:30:35.0634 2116  [ 8C99ED256A889D647935A97C543B7B85 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:30:35.0652 2116  ACPI - ok
15:30:35.0776 2116  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:30:35.0786 2116  AdobeARMservice - ok
15:30:35.0865 2116  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:30:35.0888 2116  adp94xx - ok
15:30:35.0945 2116  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:30:35.0962 2116  adpahci - ok
15:30:35.0989 2116  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:30:36.0001 2116  adpu160m - ok
15:30:36.0024 2116  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:30:36.0044 2116  adpu320 - ok
15:30:36.0105 2116  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:30:36.0237 2116  AeLookupSvc - ok
15:30:36.0409 2116  [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD             C:\Windows\system32\drivers\afd.sys
15:30:36.0465 2116  AFD - ok
15:30:36.0518 2116  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:30:36.0529 2116  agp440 - ok
15:30:36.0554 2116  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:30:36.0565 2116  aic78xx - ok
15:30:36.0583 2116  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
15:30:36.0691 2116  ALG - ok
15:30:36.0750 2116  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:30:36.0768 2116  aliide - ok
15:30:36.0786 2116  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
15:30:36.0795 2116  amdide - ok
15:30:36.0844 2116  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:30:36.0889 2116  AmdK8 - ok
15:30:36.0971 2116  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
15:30:37.0005 2116  Appinfo - ok
15:30:37.0029 2116  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
15:30:37.0041 2116  arc - ok
15:30:37.0087 2116  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:30:37.0099 2116  arcsas - ok
15:30:37.0232 2116  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:30:37.0260 2116  aspnet_state - ok
15:30:37.0311 2116  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:30:37.0356 2116  AsyncMac - ok
15:30:37.0374 2116  [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi           C:\Windows\system32\drivers\atapi.sys
15:30:37.0384 2116  atapi - ok
15:30:37.0398 2116  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:30:37.0465 2116  AudioEndpointBuilder - ok
15:30:37.0481 2116  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:30:37.0523 2116  AudioSrv - ok
15:30:37.0611 2116  AVP - ok
15:30:37.0675 2116  [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE             C:\Windows\System32\bfe.dll
15:30:37.0746 2116  BFE - ok
15:30:37.0823 2116  [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS            C:\Windows\System32\qmgr.dll
15:30:37.0917 2116  BITS - ok
15:30:37.0955 2116  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:30:38.0000 2116  blbdrive - ok
15:30:38.0033 2116  [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:30:38.0065 2116  bowser - ok
15:30:38.0116 2116  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:30:38.0158 2116  BrFiltLo - ok
15:30:38.0172 2116  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:30:38.0218 2116  BrFiltUp - ok
15:30:38.0278 2116  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
15:30:38.0333 2116  Browser - ok
15:30:38.0396 2116  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:30:38.0614 2116  Brserid - ok
15:30:38.0640 2116  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:30:38.0712 2116  BrSerWdm - ok
15:30:38.0731 2116  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:30:38.0810 2116  BrUsbMdm - ok
15:30:38.0845 2116  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:30:38.0919 2116  BrUsbSer - ok
15:30:38.0965 2116  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:30:39.0027 2116  BTHMODEM - ok
15:30:39.0120 2116  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\Windows\system32\drivers\BVRPMPR5a64.SYS
15:30:39.0130 2116  BVRPMPR5a64 - ok
15:30:39.0144 2116  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:30:39.0192 2116  cdfs - ok
15:30:39.0252 2116  [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:30:39.0307 2116  cdrom - ok
15:30:39.0362 2116  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:30:39.0399 2116  CertPropSvc - ok
15:30:39.0419 2116  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:30:39.0464 2116  circlass - ok
15:30:39.0483 2116  [ CAEDA2572B7042B11062F327F099251D ] CLFS            C:\Windows\system32\CLFS.sys
15:30:39.0502 2116  CLFS - ok
15:30:39.0603 2116  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:30:39.0615 2116  clr_optimization_v2.0.50727_32 - ok
15:30:39.0654 2116  [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:30:39.0666 2116  clr_optimization_v2.0.50727_64 - ok
15:30:39.0741 2116  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:30:39.0752 2116  clr_optimization_v4.0.30319_32 - ok
15:30:39.0772 2116  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:30:39.0807 2116  clr_optimization_v4.0.30319_64 - ok
15:30:39.0819 2116  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:30:39.0828 2116  cmdide - ok
15:30:39.0856 2116  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:30:39.0865 2116  Compbatt - ok
15:30:39.0870 2116  COMSysApp - ok
15:30:39.0901 2116  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:30:39.0911 2116  crcdisk - ok
15:30:39.0946 2116  Crypkey License - ok
15:30:39.0997 2116  [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:30:40.0049 2116  CryptSvc - ok
15:30:40.0099 2116  [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:30:40.0156 2116  DcomLaunch - ok
15:30:40.0221 2116  [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:30:40.0259 2116  DfsC - ok
15:30:40.0358 2116  [ 1781F99840979EE7B126C9073C377FD0 ] DFSR            C:\Windows\system32\DFSR.exe
15:30:40.0542 2116  DFSR - ok
15:30:40.0609 2116  [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:30:40.0664 2116  Dhcp - ok
15:30:40.0669 2116  [ 2DC415FC05FB8A079F896CBBACB19324 ] disk            C:\Windows\system32\drivers\disk.sys
15:30:40.0680 2116  disk - ok
15:30:40.0714 2116  [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:30:40.0737 2116  Dnscache - ok
15:30:40.0767 2116  [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:30:40.0820 2116  dot3svc - ok
15:30:40.0877 2116  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
15:30:40.0917 2116  DPS - ok
15:30:40.0979 2116  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:30:41.0020 2116  drmkaud - ok
15:30:41.0055 2116  [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:30:41.0109 2116  DXGKrnl - ok
15:30:41.0168 2116  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
15:30:41.0219 2116  E1G60 - ok
15:30:41.0256 2116  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
15:30:41.0295 2116  EapHost - ok
15:30:41.0350 2116  [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:30:41.0364 2116  Ecache - ok
15:30:41.0409 2116  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:30:41.0465 2116  ehRecvr - ok
15:30:41.0475 2116  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
15:30:41.0497 2116  ehSched - ok
15:30:41.0554 2116  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
15:30:41.0584 2116  ehstart - ok
15:30:41.0604 2116  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:30:41.0627 2116  elxstor - ok
15:30:41.0649 2116  [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:30:41.0693 2116  EMDMgmt - ok
15:30:41.0718 2116  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:30:41.0766 2116  ErrDev - ok
15:30:41.0825 2116  [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem     C:\Windows\system32\es.dll
15:30:41.0858 2116  EventSystem - ok
15:30:41.0886 2116  [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:30:41.0930 2116  exfat - ok
15:30:41.0963 2116  ezSharedSvc - ok
15:30:41.0997 2116  [ FE731D345ED9EEABBC72A59B35941834 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:30:42.0045 2116  fastfat - ok
15:30:42.0057 2116  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:30:42.0100 2116  fdc - ok
15:30:42.0126 2116  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
15:30:42.0169 2116  fdPHost - ok
15:30:42.0182 2116  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
15:30:42.0238 2116  FDResPub - ok
15:30:42.0251 2116  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:30:42.0262 2116  FileInfo - ok
15:30:42.0273 2116  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:30:42.0319 2116  Filetrace - ok
15:30:42.0335 2116  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:30:42.0372 2116  flpydisk - ok
15:30:42.0380 2116  [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:30:42.0395 2116  FltMgr - ok
15:30:42.0432 2116  [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:30:42.0442 2116  FontCache3.0.0.0 - ok
15:30:42.0468 2116  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:30:42.0507 2116  Fs_Rec - ok
15:30:42.0521 2116  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:30:42.0532 2116  gagp30kx - ok
15:30:42.0560 2116  [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc           C:\Windows\System32\gpsvc.dll
15:30:42.0632 2116  gpsvc - ok
15:30:42.0732 2116  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:30:42.0743 2116  gupdate - ok
15:30:42.0765 2116  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:30:42.0775 2116  gupdatem - ok
15:30:42.0844 2116  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:30:42.0853 2116  hamachi - ok
15:30:42.0861 2116  Hardlock - ok
15:30:42.0931 2116  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:30:42.0999 2116  HdAudAddService - ok
15:30:43.0016 2116  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:30:43.0067 2116  HDAudBus - ok
15:30:43.0090 2116  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:30:43.0147 2116  HidBth - ok
15:30:43.0165 2116  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:30:43.0231 2116  HidIr - ok
15:30:43.0290 2116  [ 0AA154538544E988429DA2D5AA803A6C ] hidserv         C:\Windows\system32\hidserv.dll
15:30:43.0333 2116  hidserv - ok
15:30:43.0371 2116  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:30:43.0431 2116  HidUsb - ok
15:30:43.0454 2116  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:30:43.0515 2116  hkmsvc - ok
15:30:43.0602 2116  [ CB383AB0B8BA871D893B86D3C9A3ED9F ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:30:43.0620 2116  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:30:43.0620 2116  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:30:43.0691 2116  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:30:43.0706 2116  HpCISSs - ok
15:30:43.0751 2116  [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:30:43.0806 2116  HTTP - ok
15:30:43.0821 2116  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:30:43.0831 2116  i2omp - ok
15:30:43.0892 2116  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:30:43.0930 2116  i8042prt - ok
15:30:43.0955 2116  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:30:43.0972 2116  iaStorV - ok
15:30:44.0098 2116  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:30:44.0140 2116  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:30:44.0140 2116  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:30:44.0208 2116  [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:30:44.0246 2116  idsvc - ok
15:30:44.0274 2116  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:30:44.0284 2116  iirsp - ok
15:30:44.0397 2116  [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:30:44.0407 2116  IJPLMSVC - ok
15:30:44.0505 2116  [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:30:44.0579 2116  IKEEXT - ok
15:30:44.0682 2116  [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:30:44.0768 2116  IntcAzAudAddService - ok
15:30:44.0829 2116  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
15:30:44.0840 2116  intelide - ok
15:30:44.0857 2116  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:30:44.0902 2116  intelppm - ok
15:30:44.0957 2116  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:30:45.0019 2116  IPBusEnum - ok
15:30:45.0033 2116  [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:30:45.0084 2116  IpFilterDriver - ok
15:30:45.0120 2116  [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:30:45.0144 2116  iphlpsvc - ok
15:30:45.0149 2116  IpInIp - ok
15:30:45.0172 2116  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:30:45.0226 2116  IPMIDRV - ok
15:30:45.0242 2116  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:30:45.0290 2116  IPNAT - ok
15:30:45.0308 2116  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:30:45.0356 2116  IRENUM - ok
15:30:45.0406 2116  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:30:45.0417 2116  isapnp - ok
15:30:45.0483 2116  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:30:45.0498 2116  iScsiPrt - ok
15:30:45.0517 2116  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:30:45.0527 2116  iteatapi - ok
15:30:45.0577 2116  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:30:45.0587 2116  iteraid - ok
15:30:45.0607 2116  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:30:45.0618 2116  kbdclass - ok
15:30:45.0630 2116  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:30:45.0666 2116  kbdhid - ok
15:30:45.0693 2116  [ 80F4593E92FF960E4763380D3168E498 ] KeyIso          C:\Windows\system32\lsass.exe
15:30:45.0723 2116  KeyIso - ok
15:30:45.0764 2116  [ E656FE10D6D27794AFA08136685A69E8 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
15:30:45.0794 2116  kl1 - ok
15:30:45.0830 2116  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
15:30:45.0839 2116  kl2 - ok
15:30:45.0928 2116  [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
15:30:45.0953 2116  KLIF - ok
15:30:46.0040 2116  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
15:30:46.0050 2116  KLIM6 - ok
15:30:46.0107 2116  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
15:30:46.0117 2116  klmouflt - ok
15:30:46.0140 2116  [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:30:46.0174 2116  KSecDD - ok
15:30:46.0205 2116  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:30:46.0268 2116  ksthunk - ok
15:30:46.0307 2116  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:30:46.0388 2116  KtmRm - ok
15:30:46.0421 2116  [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:30:46.0454 2116  LanmanServer - ok
15:30:46.0517 2116  [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:30:46.0552 2116  LanmanWorkstation - ok
15:30:46.0598 2116  [ C215E09622118383B236DD56C2065183 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:30:46.0612 2116  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:30:46.0612 2116  LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:30:46.0639 2116  lirsgt - ok
15:30:46.0673 2116  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:30:46.0723 2116  lltdio - ok
15:30:46.0769 2116  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:30:46.0831 2116  lltdsvc - ok
15:30:46.0854 2116  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:30:46.0893 2116  lmhosts - ok
15:30:46.0912 2116  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:30:46.0925 2116  LSI_FC - ok
15:30:46.0956 2116  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:30:46.0968 2116  LSI_SAS - ok
15:30:47.0033 2116  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:30:47.0046 2116  LSI_SCSI - ok
15:30:47.0065 2116  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:30:47.0110 2116  luafv - ok
15:30:47.0138 2116  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:30:47.0181 2116  Mcx2Svc - ok
15:30:47.0228 2116  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
15:30:47.0238 2116  megasas - ok
15:30:47.0264 2116  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:30:47.0293 2116  MegaSR - ok
15:30:47.0313 2116  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
15:30:47.0362 2116  MMCSS - ok
15:30:47.0376 2116  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
15:30:47.0421 2116  Modem - ok
15:30:47.0484 2116  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:30:47.0522 2116  monitor - ok
15:30:47.0542 2116  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:30:47.0553 2116  mouclass - ok
15:30:47.0606 2116  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:30:47.0648 2116  mouhid - ok
15:30:47.0680 2116  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:30:47.0691 2116  MountMgr - ok
15:30:47.0764 2116  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:30:47.0776 2116  MozillaMaintenance - ok
15:30:47.0830 2116  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:30:47.0842 2116  mpio - ok
15:30:47.0870 2116  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:30:47.0922 2116  mpsdrv - ok
15:30:47.0949 2116  [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:30:48.0014 2116  MpsSvc - ok
15:30:48.0077 2116  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:30:48.0091 2116  Mraid35x - ok
15:30:48.0122 2116  [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:30:48.0160 2116  MRxDAV - ok
15:30:48.0198 2116  [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:30:48.0229 2116  mrxsmb - ok
15:30:48.0256 2116  [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:30:48.0291 2116  mrxsmb10 - ok
15:30:48.0305 2116  [ F9425D610712533107A264E2D5B2154B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:30:48.0342 2116  mrxsmb20 - ok
15:30:48.0358 2116  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
15:30:48.0368 2116  msahci - ok
15:30:48.0387 2116  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:30:48.0400 2116  msdsm - ok
15:30:48.0420 2116  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
15:30:48.0460 2116  MSDTC - ok
15:30:48.0485 2116  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:30:48.0531 2116  Msfs - ok
15:30:48.0588 2116  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:30:48.0598 2116  msisadrv - ok
15:30:48.0619 2116  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:30:48.0672 2116  MSiSCSI - ok
15:30:48.0677 2116  msiserver - ok
15:30:48.0732 2116  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:30:48.0778 2116  MSKSSRV - ok
15:30:48.0800 2116  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:30:48.0845 2116  MSPCLOCK - ok
15:30:48.0878 2116  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:30:48.0924 2116  MSPQM - ok
15:30:48.0973 2116  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:30:48.0990 2116  MsRPC - ok
15:30:49.0038 2116  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:30:49.0055 2116  mssmbios - ok
15:30:49.0071 2116  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:30:49.0117 2116  MSTEE - ok
15:30:49.0123 2116  [ DDF133501F68D6988A0F55DFA88637B4 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:30:49.0134 2116  Mup - ok
15:30:49.0163 2116  [ C25022CDD18980846973B598900915F8 ] napagent        C:\Windows\system32\qagentRT.dll
15:30:49.0230 2116  napagent - ok
15:30:49.0298 2116  [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:30:49.0326 2116  NativeWifiP - ok
15:30:49.0397 2116  [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:30:49.0433 2116  NDIS - ok
15:30:49.0451 2116  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:30:49.0484 2116  NdisTapi - ok
15:30:49.0507 2116  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:30:49.0550 2116  Ndisuio - ok
15:30:49.0569 2116  [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:30:49.0608 2116  NdisWan - ok
15:30:49.0622 2116  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:30:49.0662 2116  NDProxy - ok
15:30:49.0677 2116  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:30:49.0718 2116  NetBIOS - ok
15:30:49.0736 2116  [ 7A29CA243A629230799754162D80120F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:30:49.0793 2116  netbt - ok
15:30:49.0832 2116  [ 80F4593E92FF960E4763380D3168E498 ] Netlogon        C:\Windows\system32\lsass.exe
15:30:49.0845 2116  Netlogon - ok
15:30:49.0886 2116  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
15:30:49.0931 2116  Netman - ok
15:30:49.0993 2116  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:50.0004 2116  NetMsmqActivator - ok
15:30:50.0009 2116  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:50.0020 2116  NetPipeActivator - ok
15:30:50.0049 2116  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
15:30:50.0106 2116  netprofm - ok
15:30:50.0112 2116  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:50.0123 2116  NetTcpActivator - ok
15:30:50.0128 2116  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:30:50.0139 2116  NetTcpPortSharing - ok
15:30:50.0216 2116  [ 2263727032E9B19231A706046B8C82D3 ] NetworkX        C:\Windows\system32\ckldrv.sys
15:30:50.0229 2116  NetworkX - ok
15:30:50.0255 2116  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:30:50.0275 2116  nfrd960 - ok
15:30:50.0300 2116  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:30:50.0347 2116  NlaSvc - ok
15:30:50.0422 2116  [ C31FA031335EFF434B2D94278E74BCCE ] NPF             C:\Windows\system32\drivers\npf.sys
15:30:50.0431 2116  NPF - ok
15:30:50.0452 2116  [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:30:50.0497 2116  Npfs - ok
15:30:50.0514 2116  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
15:30:50.0572 2116  nsi - ok
15:30:50.0584 2116  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:30:50.0629 2116  nsiproxy - ok
15:30:50.0671 2116  [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:30:50.0749 2116  Ntfs - ok
15:30:50.0783 2116  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
15:30:50.0826 2116  Null - ok
15:30:50.0921 2116  [ 211D111D01D4B74015D4E58E84588F86 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
15:30:50.0976 2116  NVENETFD - ok
15:30:51.0532 2116  [ 828E3D31D9E5B81A4927885D3752C996 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:30:52.0072 2116  nvlddmkm - ok
15:30:52.0098 2116  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:30:52.0122 2116  nvraid - ok
15:30:52.0152 2116  [ 7CE4D9F3324E880720201B7CB779B644 ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
15:30:52.0164 2116  nvrd64 - ok
15:30:52.0198 2116  [ F6C6D8298DD85507F680437EC2E6899C ] nvsmu           C:\Windows\system32\drivers\nvsmu.sys
15:30:52.0225 2116  nvsmu - ok
15:30:52.0242 2116  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:30:52.0252 2116  nvstor - ok
15:30:52.0276 2116  [ 14E8409CCE4BFC7591F8697A8748DC5B ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
15:30:52.0286 2116  nvstor64 - ok
15:30:52.0353 2116  [ 1C63E34632CEBD6A37B82DC77C4F7575 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:30:52.0398 2116  nvsvc - ok
15:30:52.0475 2116  [ 4A5A9DDEF3C7E4E37EB22DE00AE8B9F1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:30:52.0569 2116  nvUpdatusService - ok
15:30:52.0593 2116  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:30:52.0622 2116  nv_agp - ok
15:30:52.0627 2116  NwlnkFlt - ok
15:30:52.0632 2116  NwlnkFwd - ok
15:30:52.0724 2116  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:30:52.0754 2116  odserv - ok
15:30:52.0816 2116  [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:30:52.0875 2116  ohci1394 - ok
15:30:52.0911 2116  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:30:52.0922 2116  ose - ok
15:30:52.0999 2116  [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:30:53.0061 2116  p2pimsvc - ok
15:30:53.0080 2116  [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc          C:\Windows\system32\p2psvc.dll
15:30:53.0106 2116  p2psvc - ok
15:30:53.0152 2116  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
15:30:53.0220 2116  Parport - ok
15:30:53.0235 2116  [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:30:53.0246 2116  partmgr - ok
15:30:53.0264 2116  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:30:53.0290 2116  PcaSvc - ok
15:30:53.0356 2116  [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:30:53.0392 2116  pccsmcfd - ok
15:30:53.0404 2116  [ 2A5B2A51559066EA84742909B5B2CD69 ] pci             C:\Windows\system32\drivers\pci.sys
15:30:53.0418 2116  pci - ok
15:30:53.0471 2116  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:30:53.0481 2116  pciide - ok
15:30:53.0496 2116  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:30:53.0510 2116  pcmcia - ok
15:30:53.0551 2116  PDNMp50 - ok
15:30:53.0613 2116  PDNSp50 - ok
15:30:53.0619 2116  PDNSp50a64 - ok
15:30:53.0692 2116  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:30:53.0784 2116  PEAUTH - ok
15:30:53.0863 2116  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:30:53.0938 2116  PerfHost - ok
15:30:54.0022 2116  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
15:30:54.0115 2116  pla - ok
15:30:54.0145 2116  [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:30:54.0220 2116  PlugPlay - ok
15:30:54.0226 2116  PnkBstrA - ok
15:30:54.0257 2116  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:30:54.0283 2116  PNRPAutoReg - ok
15:30:54.0341 2116  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:30:54.0407 2116  PNRPsvc - ok
15:30:54.0481 2116  [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:30:54.0521 2116  PolicyAgent - ok
15:30:54.0562 2116  [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:30:54.0611 2116  PptpMiniport - ok
15:30:54.0635 2116  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:30:54.0689 2116  Processor - ok
15:30:54.0702 2116  [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:30:54.0743 2116  ProfSvc - ok
15:30:54.0757 2116  [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:30:54.0770 2116  ProtectedStorage - ok
15:30:54.0830 2116  [ 1D0A3F565397D08707F3D75B88586645 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
15:30:54.0853 2116  Ps2 - ok
15:30:54.0880 2116  [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:30:54.0912 2116  PSched - ok
15:30:54.0963 2116  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:30:55.0014 2116  ql2300 - ok
15:30:55.0044 2116  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:30:55.0056 2116  ql40xx - ok
15:30:55.0079 2116  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
15:30:55.0107 2116  QWAVE - ok
15:30:55.0125 2116  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:30:55.0140 2116  QWAVEdrv - ok
15:30:55.0151 2116  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:30:55.0198 2116  RasAcd - ok
15:30:55.0210 2116  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
15:30:55.0263 2116  RasAuto - ok
15:30:55.0281 2116  [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:30:55.0331 2116  Rasl2tp - ok
15:30:55.0350 2116  [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan          C:\Windows\System32\rasmans.dll
15:30:55.0404 2116  RasMan - ok
15:30:55.0422 2116  [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:30:55.0474 2116  RasPppoe - ok
15:30:55.0488 2116  [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:30:55.0531 2116  RasSstp - ok
15:30:55.0550 2116  [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:30:55.0605 2116  rdbss - ok
15:30:55.0616 2116  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:30:55.0662 2116  RDPCDD - ok
15:30:55.0693 2116  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:30:55.0756 2116  rdpdr - ok
15:30:55.0760 2116  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:30:55.0797 2116  RDPENCDD - ok
15:30:55.0813 2116  [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:30:55.0853 2116  RDPWD - ok
15:30:55.0906 2116  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:30:55.0951 2116  RemoteAccess - ok
15:30:55.0970 2116  [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:30:56.0011 2116  RemoteRegistry - ok
15:30:56.0077 2116  [ 80C5C0A3BEE7D4B26B95C3B05A014C1D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
15:30:56.0100 2116  RMCAST - ok
15:30:56.0130 2116  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
15:30:56.0146 2116  rpcapd - ok
15:30:56.0166 2116  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
15:30:56.0203 2116  RpcLocator - ok
15:30:56.0250 2116  [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs           C:\Windows\system32\rpcss.dll
15:30:56.0293 2116  RpcSs - ok
15:30:56.0314 2116  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:30:56.0357 2116  rspndr - ok
15:30:56.0374 2116  [ 80F4593E92FF960E4763380D3168E498 ] SamSs           C:\Windows\system32\lsass.exe
15:30:56.0388 2116  SamSs - ok
15:30:56.0423 2116  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:30:56.0448 2116  sbp2port - ok
15:30:56.0461 2116  [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:30:56.0511 2116  SCardSvr - ok
15:30:56.0549 2116  [ CE75D26E0A1106129F4D156851E298ED ] Schedule        C:\Windows\system32\schedsvc.dll
15:30:56.0603 2116  Schedule - ok
15:30:56.0627 2116  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:30:56.0664 2116  SCPolicySvc - ok
15:30:56.0686 2116  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:30:56.0730 2116  SDRSVC - ok
15:30:56.0742 2116  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:30:56.0809 2116  secdrv - ok
15:30:56.0824 2116  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
15:30:56.0862 2116  seclogon - ok
15:30:56.0875 2116  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
15:30:56.0925 2116  SENS - ok
15:30:56.0938 2116  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:30:57.0009 2116  Serenum - ok
15:30:57.0038 2116  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
15:30:57.0130 2116  Serial - ok
15:30:57.0145 2116  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:30:57.0192 2116  sermouse - ok
15:30:57.0388 2116  [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:30:57.0435 2116  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:30:57.0435 2116  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:30:57.0457 2116  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:30:57.0497 2116  SessionEnv - ok
15:30:57.0513 2116  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:30:57.0559 2116  sffdisk - ok
15:30:57.0573 2116  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:30:57.0610 2116  sffp_mmc - ok
15:30:57.0649 2116  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:30:57.0704 2116  sffp_sd - ok
15:30:57.0722 2116  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:30:57.0778 2116  sfloppy - ok
15:30:57.0814 2116  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:30:57.0872 2116  SharedAccess - ok
15:30:57.0908 2116  [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:30:57.0956 2116  ShellHWDetection - ok
15:30:57.0969 2116  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:30:57.0979 2116  SiSRaid2 - ok
15:30:57.0998 2116  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:30:58.0010 2116  SiSRaid4 - ok
15:30:58.0074 2116  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:30:58.0086 2116  SkypeUpdate - ok
15:30:58.0126 2116  [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc           C:\Windows\system32\SLsvc.exe
15:30:58.0245 2116  slsvc - ok
15:30:58.0261 2116  [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:30:58.0314 2116  SLUINotify - ok
15:30:58.0328 2116  [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:30:58.0387 2116  Smb - ok
15:30:58.0411 2116  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:30:58.0425 2116  SNMPTRAP - ok
15:30:58.0435 2116  [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:30:58.0446 2116  spldr - ok
15:30:58.0476 2116  [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler         C:\Windows\System32\spoolsv.exe
15:30:58.0507 2116  Spooler - ok
15:30:58.0539 2116  [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:30:58.0599 2116  srv - ok
15:30:58.0628 2116  [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:30:58.0667 2116  srv2 - ok
15:30:58.0697 2116  [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:30:58.0721 2116  srvnet - ok
15:30:58.0742 2116  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:30:58.0782 2116  SSDPSRV - ok
15:30:58.0795 2116  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:30:58.0816 2116  SstpSvc - ok
15:30:58.0850 2116  StarOpen - ok
15:30:58.0897 2116  [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc          C:\Windows\System32\wiaservc.dll
15:30:58.0949 2116  stisvc - ok
15:30:58.0968 2116  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:30:58.0977 2116  swenum - ok
15:30:58.0992 2116  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv           C:\Windows\System32\swprv.dll
15:30:59.0050 2116  swprv - ok
15:30:59.0078 2116  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:30:59.0088 2116  Symc8xx - ok
15:30:59.0103 2116  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:30:59.0113 2116  Sym_hi - ok
15:30:59.0146 2116  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:30:59.0158 2116  Sym_u3 - ok
15:30:59.0180 2116  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain         C:\Windows\system32\sysmain.dll
15:30:59.0312 2116  SysMain - ok
15:30:59.0330 2116  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:30:59.0385 2116  TabletInputService - ok
15:30:59.0399 2116  [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:30:59.0441 2116  TapiSrv - ok
15:30:59.0454 2116  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
15:30:59.0501 2116  TBS - ok
15:30:59.0539 2116  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:30:59.0596 2116  Tcpip - ok
15:30:59.0636 2116  [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:30:59.0678 2116  Tcpip6 - ok
15:30:59.0707 2116  [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:30:59.0753 2116  tcpipreg - ok
15:30:59.0764 2116  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:30:59.0799 2116  TDPIPE - ok
15:30:59.0816 2116  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:30:59.0861 2116  TDTCP - ok
15:30:59.0877 2116  [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:30:59.0938 2116  tdx - ok
15:30:59.0957 2116  [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:30:59.0967 2116  TermDD - ok
15:30:59.0995 2116  [ F870A5589D6A94B426EFB13689023946 ] TermService     C:\Windows\System32\termsrv.dll
15:31:00.0053 2116  TermService - ok
15:31:00.0079 2116  TFsExDisk - ok
15:31:00.0117 2116  [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes          C:\Windows\system32\shsvcs.dll
15:31:00.0136 2116  Themes - ok
15:31:00.0146 2116  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:31:00.0184 2116  THREADORDER - ok
15:31:00.0200 2116  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
15:31:00.0262 2116  TrkWks - ok
15:31:00.0299 2116  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:31:00.0337 2116  TrustedInstaller - ok
15:31:00.0345 2116  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:00.0394 2116  tssecsrv - ok
15:31:00.0444 2116  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:31:00.0476 2116  tunmp - ok
15:31:00.0546 2116  [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:31:00.0559 2116  tunnel - ok
15:31:00.0581 2116  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:31:00.0594 2116  uagp35 - ok
15:31:00.0614 2116  [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:31:00.0666 2116  udfs - ok
15:31:00.0676 2116  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:31:00.0714 2116  UI0Detect - ok
15:31:00.0724 2116  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:31:00.0735 2116  uliagpkx - ok
15:31:00.0755 2116  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:31:00.0771 2116  uliahci - ok
15:31:00.0789 2116  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:31:00.0802 2116  UlSata - ok
15:31:00.0830 2116  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:31:00.0843 2116  ulsata2 - ok
15:31:00.0861 2116  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:31:00.0911 2116  umbus - ok
15:31:00.0978 2116  [ 01ABE05C401E70795B43A8933B44831E ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
15:31:01.0028 2116  UMPass - ok
15:31:01.0046 2116  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
15:31:01.0106 2116  upnphost - ok
15:31:01.0196 2116  [ C899FB269BE4740DBE2801B204CD71D4 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:31:01.0249 2116  usbaudio - ok
15:31:01.0319 2116  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:01.0357 2116  usbccgp - ok
15:31:01.0384 2116  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:31:01.0456 2116  usbcir - ok
15:31:01.0475 2116  [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:31:01.0512 2116  usbehci - ok
15:31:01.0529 2116  [ 99045369AE3216216573D0775FD7ED56 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:31:01.0577 2116  usbhub - ok
15:31:01.0599 2116  [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:31:01.0643 2116  usbohci - ok
15:31:01.0661 2116  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:31:01.0698 2116  usbprint - ok
15:31:01.0716 2116  [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:01.0753 2116  USBSTOR - ok
15:31:01.0775 2116  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:31:01.0810 2116  usbuhci - ok
15:31:01.0833 2116  [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms           C:\Windows\System32\uxsms.dll
15:31:01.0885 2116  UxSms - ok
15:31:01.0904 2116  [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds             C:\Windows\System32\vds.exe
15:31:01.0977 2116  vds - ok
15:31:01.0987 2116  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:02.0024 2116  vga - ok
15:31:02.0029 2116  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:31:02.0067 2116  VgaSave - ok
15:31:02.0088 2116  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
15:31:02.0098 2116  viaide - ok
15:31:02.0137 2116  [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:31:02.0152 2116  volmgr - ok
15:31:02.0168 2116  [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:31:02.0188 2116  volmgrx - ok
15:31:02.0202 2116  [ DE4307412D98050239026E56A7DFF3C0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:31:02.0217 2116  volsnap - ok
15:31:02.0235 2116  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:31:02.0248 2116  vsmraid - ok
15:31:02.0288 2116  [ 186BD53F8A408AD20F5A056C05678629 ] VSS             C:\Windows\system32\vssvc.exe
15:31:02.0382 2116  VSS - ok
15:31:02.0412 2116  [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time         C:\Windows\system32\w32time.dll
15:31:02.0500 2116  W32Time - ok
15:31:02.0524 2116  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:31:02.0605 2116  WacomPen - ok
15:31:02.0661 2116  [ AEA75207E443C8623C36B8D03596F84F ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:31:02.0706 2116  Wanarp - ok
15:31:02.0710 2116  [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:31:02.0747 2116  Wanarpv6 - ok
15:31:02.0768 2116  [ 055449247C490E24B968B44FE8A969EB ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:31:02.0822 2116  wcncsvc - ok
15:31:02.0845 2116  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:31:02.0880 2116  WcsPlugInService - ok
15:31:02.0908 2116  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
15:31:02.0919 2116  Wd - ok
15:31:02.0960 2116  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:31:03.0012 2116  Wdf01000 - ok
15:31:03.0024 2116  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:31:03.0074 2116  WdiServiceHost - ok
15:31:03.0078 2116  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:31:03.0117 2116  WdiSystemHost - ok
15:31:03.0129 2116  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient       C:\Windows\System32\webclnt.dll
15:31:03.0161 2116  WebClient - ok
15:31:03.0189 2116  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:31:03.0228 2116  Wecsvc - ok
15:31:03.0241 2116  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:31:03.0276 2116  wercplsupport - ok
15:31:03.0296 2116  [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:31:03.0334 2116  WerSvc - ok
15:31:03.0350 2116  WinDefend - ok
15:31:03.0358 2116  WinHttpAutoProxySvc - ok
15:31:03.0412 2116  [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:31:03.0460 2116  Winmgmt - ok
15:31:03.0519 2116  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:31:03.0629 2116  WinRM - ok
15:31:03.0747 2116  [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:31:03.0802 2116  Wlansvc - ok
15:31:03.0959 2116  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:31:04.0075 2116  wlidsvc - ok
15:31:04.0134 2116  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:31:04.0191 2116  WmiAcpi - ok
15:31:04.0232 2116  [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:31:04.0273 2116  wmiApSrv - ok
15:31:04.0304 2116  WMPNetworkSvc - ok
15:31:04.0343 2116  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:31:04.0369 2116  WPCSvc - ok
15:31:04.0379 2116  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:31:04.0415 2116  WPDBusEnum - ok
15:31:04.0478 2116  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:31:04.0512 2116  WpdUsb - ok
15:31:04.0896 2116  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:31:04.0938 2116  WPFFontCache_v0400 - ok
15:31:04.0961 2116  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:31:05.0006 2116  ws2ifsl - ok
15:31:05.0024 2116  [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:31:05.0041 2116  wscsvc - ok
15:31:05.0045 2116  WSearch - ok
15:31:05.0115 2116  [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv        C:\Windows\system32\wuaueng.dll
15:31:05.0221 2116  wuauserv - ok
15:31:05.0284 2116  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:05.0332 2116  WUDFRd - ok
15:31:05.0346 2116  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:31:05.0393 2116  wudfsvc - ok
15:31:05.0419 2116  [ 5AA532BBAC7E34186EDFF24F72BCD61B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:31:05.0439 2116  xusb21 - ok
15:31:05.0442 2116  ================ Scan global ===============================
15:31:05.0473 2116  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:31:05.0500 2116  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
15:31:05.0524 2116  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
15:31:05.0549 2116  [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
15:31:05.0557 2116  [Global] - ok
15:31:05.0557 2116  ================ Scan MBR ==================================
15:31:05.0567 2116  [ 03BA8F890B47C0BE359A4D5A636D214D ] \Device\Harddisk0\DR0
15:31:06.0714 2116  \Device\Harddisk0\DR0 - ok
15:31:06.0723 2116  [ 28F51A7201301A72A23635BFD6D8AD63 ] \Device\Harddisk1\DR6
15:31:10.0550 2116  \Device\Harddisk1\DR6 - ok
15:31:10.0550 2116  ================ Scan VBR ==================================
15:31:10.0567 2116  [ DF0396B83303C5C24B8ABCDB7E7B097F ] \Device\Harddisk0\DR0\Partition1
15:31:10.0581 2116  \Device\Harddisk0\DR0\Partition1 - ok
15:31:10.0615 2116  [ 5D13B1769852B7E5E8FBFFCEDD795D5C ] \Device\Harddisk0\DR0\Partition2
15:31:10.0645 2116  \Device\Harddisk0\DR0\Partition2 - ok
15:31:10.0646 2116  ============================================================
15:31:10.0646 2116  Scan finished
15:31:10.0646 2116  ============================================================
15:31:10.0659 3200  Detected object count: 4
15:31:10.0659 3200  Actual detected object count: 4
15:32:02.0409 3200  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:02.0409 3200  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:32:02.0411 3200  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:02.0411 3200  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:32:02.0412 3200  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:02.0412 3200  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:32:02.0414 3200  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:32:02.0414 3200  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 27.12.2012, 21:14

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

OhioGelenk · 28.12.2012, 00:54

ComboFix:

Code:

ATTFilter

ComboFix 12-12-27.03 - Jan Gerdes 28.12.2012   0:15.1.3 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.4094.2107 [GMT 1:00]
ausgeführt von:: c:\users\Jan Gerdes\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jan Gerdes\AppData\Roaming\.#
c:\users\Jan Gerdes\AppData\Roaming\.#\MBX@BA4@2912930.###
c:\users\Jan Gerdes\AppData\Roaming\.#\MBX@BA4@2912960.###
c:\users\Jan Gerdes\AppData\Roaming\.#\MBX@BA4@2912990.###
c:\users\Jan Gerdes\FUNWEGBERG_SETUP.TMP
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
c:\windows\SysWow64\rnaph.dll
c:\windows\SysWow64\tmpCC6.tmp
c:\windows\SysWow64\tmpCC7.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-27 bis 2012-12-27  ))))))))))))))))))))))))))))))
.
.
2012-12-27 23:36 . 2012-12-27 23:36	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 23:36 . 2012-12-27 23:36	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2012-12-27 23:07 . 2012-12-27 23:08	--------	d-----w-	C:\32788R22FWJFW
2012-12-25 11:56 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AA1FDD8-E65D-4844-A2DF-417F1E78E61C}\mpengine.dll
2012-12-24 10:49 . 2012-12-24 10:49	--------	d-----w-	c:\users\Jan Gerdes\AppData\Roaming\Malwarebytes
2012-12-24 10:49 . 2012-12-24 10:49	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-23 23:41 . 2012-12-23 23:41	--------	d-----w-	c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 10:57 . 2012-04-13 13:19	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-27 10:57 . 2011-06-23 18:36	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:20 . 2006-11-02 12:35	67413224	----a-w-	c:\windows\system32\mrt.exe
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-22 16:13 . 2012-10-22 16:14	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-22 16:13 . 2012-08-16 10:03	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-10-22 16:13 . 2012-08-16 10:03	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"FreeCT"="c:\program files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe" [2011-05-24 2033488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Realtime Audio Engine"="mmrtkrnl.exe" [2011-02-25 46592]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Jan Gerdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Product Registration.lnk - c:\users\Jan Gerdes\AppData\Local\Temp\is-6GG3K.tmp\ATR1.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S1 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2009-01-28 134880]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 16:37]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 16:37]
.
2012-12-27 c:\windows\Tasks\User_Feed_Synchronization-{3A84B897-A39D-439C-8BDD-53E79D2401A0}.job
- c:\windows\system32\msfeedssync.exe [2012-11-14 04:32]
.
2012-12-27 c:\windows\Tasks\User_Feed_Synchronization-{9A904537-B371-47EE-A20C-594D18C043A0}.job
- c:\windows\system32\msfeedssync.exe [2012-11-14 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.internetcologne.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = 
IE: Free YouTube Download - c:\users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 14:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Duden Korrektor SysTray - c:\program files (x86)\Duden\Duden Korrektor\DKTray.exe
Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-1ClickDownload - c:\program files (x86)\OnlineHD.TV\uninst.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
AddRemove-WinDSL - c:\windows\system32\WinDSL-Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3890968446-3114921312-747539789-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d0,6b,05,2b,bd,2b,2e,e2,7b,fd,9e,65,ad,f7,f1,8b,01,e8,be,49,fd,87,82,
   a3,30,13,84,87,67,b9,30,53,03,7a,ad,bb,fd,58,63,e2,81,e7,2f,d9,75,d3,cf,8f,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-3890968446-3114921312-747539789-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,75,6b,97,ae,3e,bb,dd,78,a0,76,fd,a7,1e,f7,c1,cb,70,f6,15,f2,
   bc,31,e3,38,17,dd,22,4f,c7,ff,fb,4d,a3,f1,cb,74,96,77,ad,7c,9e,29,93,97,fc,\
"rkeysecu"=hex:93,5d,24,cd,82,44,8e,6a,5b,ee,31,e7,f5,27,af,29
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-12-28  00:44:26
ComboFix-quarantined-files.txt  2012-12-27 23:44
.
Vor Suchlauf: 15 Verzeichnis(se), 282.596.814.848 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 281.563.746.304 Bytes frei
.
- - End Of File - - 464431FAD3A8CACA3DCD2741AEFA5AC4

cosinus · 28.12.2012, 12:17

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

OhioGelenk · 28.12.2012, 15:07

adw Cleaner

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 28/12/2012 um 15:06:04 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Jan Gerdes - JANGERDES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\web-search.xml
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Jan Gerdes\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Headlight
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKU\S-1-5-21-3890968446-3114921312-747539789-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-3890968446-3114921312-747539789-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\prefs.js

Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "6-3-2010");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Sat Mar 06 2010 13:49:54 GMT+0100");
Gefunden : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Sat Mar 06 2010 12:49:52 GMT+01[...]
Gefunden : user_pref("CT2269050.FirstServerDate", "4-3-2010");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstalledDate", "Thu Mar 04 2010 18:16:00 GMT+0100");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.5.6.0", "Sat Mar 06 2010 09:57:07 GMT+0100");
Gefunden : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "128956111944730000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2269050.SavedHomepage", "hxxp://www.internetcologne.de/");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Sat Mar 06 2010 12:49:52 GMT+0100");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1267632738");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Mar 04 2010 18:15:59 GMT+0100");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1267632738");
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2269050.UserID", "UN03443656431502643");
Gefunden : user_pref("CT2269050.ValidationData_Toolbar", 1);
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Sat Mar 06 2010 13:49:55 GMT+0100");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,moveplayer%40movenetworks.[...]

Datei : C:\Users\Mama und Papa\AppData\Roaming\Mozilla\Firefox\Profiles\jq9upz42.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [10046 octets] - [28/12/2012 15:06:04]

########## EOF - C:\AdwCleaner[R1].txt - [10107 octets] ##########

cosinus · 28.12.2012, 18:44

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

OhioGelenk · 28.12.2012, 19:08

Einmal adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 28/12/2012 um 18:53:39 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# Benutzer : Jan Gerdes - JANGERDES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\searchplugins\web-search.xml
Gelöscht mit Neustart : C:\ProgramData\Ask
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\ProgramData\Tarma Installer
Gelöscht mit Neustart : C:\ProgramData\Trymedia
Gelöscht mit Neustart : C:\Users\Jan Gerdes\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\prefs.js

C:\Users\Jan Gerdes\AppData\Roaming\Mozilla\Firefox\Profiles\i89zgydx.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "6-3-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Mar 06 2010 13:49:54 GMT+0100");
Gelöscht : user_pref("CT2269050.ExternalComponentPollDate8877840225553681985", "Sat Mar 06 2010 12:49:52 GMT+01[...]
Gelöscht : user_pref("CT2269050.FirstServerDate", "4-3-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstalledDate", "Thu Mar 04 2010 18:16:00 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.6.0", "Sat Mar 06 2010 09:57:07 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "128956111944730000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.internetcologne.de/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Mar 06 2010 12:49:52 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1267632738");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Mar 04 2010 18:15:59 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1267632738");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN03443656431502643");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Mar 06 2010 13:49:55 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Mar 05 2010 19:20:21 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,moveplayer%40movenetworks.[...]

Datei : C:\Users\Mama und Papa\AppData\Roaming\Mozilla\Firefox\Profiles\jq9upz42.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [10173 octets] - [28/12/2012 15:06:04]
AdwCleaner[S1].txt - [9927 octets] - [28/12/2012 18:53:39]

########## EOF - C:\AdwCleaner[S1].txt - [9987 octets] ##########

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 28.12.2012 18:58:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan Gerdes\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,75% Memory free
8,18 Gb Paging File | 6,09 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,61 Gb Total Space | 255,31 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
Drive D: | 11,56 Gb Total Space | 1,56 Gb Free Space | 13,46% Space Free | Partition Type: NTFS
Drive E: | 680,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JANGERDES-PC | User Name: Jan Gerdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C5DCB0-1C9A-45CF-80CF-8A4D7DD290B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B001F0C-526A-4F65-AA04-A9E2ADDD150B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B9E809A-063E-43AB-8FB2-E52239FB9724}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0BE1D342-6193-4F36-8F12-7EC71D6D91F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1AD0B7E0-AF70-479F-A0D9-DE615954DB41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{275A99B2-E617-4C00-A131-65332B23D407}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2DDA9833-13AC-4716-8FA9-B65D15CE2856}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{343CC9F5-E601-48A1-800D-BD59ED7564A9}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{35098093-F358-4765-A509-83F4F4EEBE88}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{391EEF56-2734-4B76-82F2-EFE78FC117D7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A155512-274E-4ADA-9708-348EA7D7195A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3A34B94A-0894-42A2-AF2C-149C36F7AABE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40815467-0FF6-4826-8FF9-0C3E2786FD39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{41F0201C-2BC9-4D77-8B62-289AF5B31A10}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{4903408F-0778-484C-A52A-CB1AE74C401B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4D287E3D-08A4-4F8A-8DD6-AC62A93C0150}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{61460E83-1C30-4F50-A305-B2363B4006BE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{61F41127-D97D-4980-B43E-1B3C0FE22979}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{6387FCD3-B462-4904-A0A2-CEE952531A28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{670FA5D8-F7A0-4F1D-BFC4-6CC5CF1CA523}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6CF24E5F-570A-4E6A-BC7E-259B4E126967}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{6FDF9A9B-96B4-4D02-A76A-2F9FA1AB1879}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{738E2288-7F1C-4C31-B7F1-556B57FDF5BB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{791B50B2-07F0-4112-9AB7-81BF130F0133}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E621995-74FB-421C-8231-5205A6019784}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80285907-1A41-48E3-B108-97C0F300DFB5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{82A13071-B01B-426E-8975-36A6E569E016}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{842BB45D-577B-407D-8B03-3E1885228F35}" = rport=138 | protocol=17 | dir=out | app=system | 
"{845BBEDD-AF03-46C0-85C6-EB02502ACF75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86510686-8795-451F-A0E0-A202B6E12773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{913D64D0-BAC5-4C98-81E6-F1411D22F092}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{96717B7D-FD30-47D4-A665-42D99FEC5106}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9A26F061-B191-410C-9073-EE374529BDC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9E1E12E9-AEA8-452F-9E3A-CDA486C4E79D}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{9E258E73-6892-42DD-A0DB-4FAF204B8EDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A291CA8E-2D4C-43C6-BF5C-C999F3883E4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A59F8968-75D4-4EA7-8003-C372BEB104F7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{A633A46C-19E6-4417-824D-E8532547AF40}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA57CE68-25BF-4C65-AC3C-374A3E4314D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ABAAA1DB-43D6-4CB5-AB46-B08ACA49221E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B23EEFD3-5CBA-4EF5-85D6-7DEC05FA7637}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{B65AF21C-8A74-4881-8B21-CAE85F7DACFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D09C8F15-E2D7-4F94-AC46-5C93217F2531}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D46DEA2A-A9DF-4FC9-95BB-F1B91D49913D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9F04474-8578-4818-B7EB-BACF1B727155}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{E0A0D8D4-4747-421C-A279-FF6F493495CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA17F5E3-78D2-4B87-A324-9AE23703F992}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB0535B7-F939-457D-B3E5-0E725CAE00E2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EF745BB2-BDC9-4449-AED9-06B3DAEC5A26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD2A7280-5A6F-4F28-A145-D5894E144D4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002F252D-C187-4F1D-B458-D22C4270E406}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{00C64CC4-6891-4494-9113-F6795E10AA52}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe | 
"{02404206-D8D7-427A-9F99-2E5E31B460C8}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{024FE40D-5E00-4265-B9B5-A1293DDFC9B6}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{02CD1318-0FD9-4BD4-B4EC-6A5E3617097A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0B586977-0421-4DB4-A2AC-F024B1E86918}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{0B8E523C-16CA-47F9-9948-7DBD7C29DB81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{11B808D5-20D1-497C-AC45-40C473962F03}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{1534B867-4F28-46D4-8E74-F844E17F9A7E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{168855BB-D397-462D-953D-40AE8DE7B067}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4hi.exe | 
"{17E1C646-A914-4630-A6D5-8C26C2B6D85F}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe | 
"{1AB2B977-337F-4AE8-A9FC-93CD04CBCBF0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{1DD3A32B-79A4-4E2A-9FD6-2AC85090158B}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | 
"{209C0385-301E-411F-8014-778929AF1535}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{211C8BFA-BF02-4AFA-8923-8EC0CB400728}" = protocol=17 | dir=in | app=c:\users\jan gerdes\downloads\sweetimsetup.exe | 
"{215D63D8-7E98-4B4E-A744-74C42EFB1D4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{215FE5FD-8C6D-47EF-B1A0-E9E7F1F8C296}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{288D1A32-062C-4ABE-8E08-F5C37BF96046}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator 2011\iupdate.dll | 
"{3154FAE1-6443-4B5F-A0BC-5865AAC4DEAA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{354F333D-D8B4-4906-AF24-110057B33633}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{367C2234-A8F7-4A9E-A6B8-96B9DD515E42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CD35116-2B06-4DB2-81FC-8651FAD247B8}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{3D1E8FDB-BA2E-43BC-BA51-378FB7DE5618}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4hi.exe | 
"{3EB8046E-CCC5-4865-9FBD-69FF745F72EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F659DE7-E12D-4516-B139-FC3C664760BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{415137B8-0AF1-4027-BAF7-D43D2D9A1700}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\farm.bga.dll | 
"{4380149A-5F81-4078-A2CD-AE00CF6F47A1}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator 2011\iupdate.dll | 
"{43BCA487-901F-4B38-99E2-CB31A6087359}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{47EB364C-74FB-43A5-A27B-615E376EA723}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\iupdate.dll | 
"{495ADF8A-7770-4568-982E-F8FBA8C9E237}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49D5D44D-E042-4FC5-BAD1-FA99FD6F1B89}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{4A1970D7-B6C3-42CA-A89E-58351914EBD1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{4B5EE28C-ABD3-4C47-B938-00E8016D1659}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4low.exe | 
"{4C80DEFB-820C-4BB7-BE59-7E2D7E56F325}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{50216335-5B8D-4861-BE9A-A537DD79C726}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{504FE0EB-AAA2-4296-A28D-8215176B5FBC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{5B50A988-AD20-4D57-8253-C6FE4668F41D}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe | 
"{607E0281-12A5-49C1-B677-B519F1FB1234}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61FFDD5D-1B6D-4A56-9C94-F2DBE6677539}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{63E849B5-533D-4FA1-A87F-CB41DC5D1FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriverlauncher.exe | 
"{6DE5B49F-FFA0-4C54-8F42-1EB0F228727E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6FB68DED-F0A3-4DA1-A1E7-FCF9BA0F87DD}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{724B00FF-6E77-45D4-B441-2414D3D06717}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\iupdate.dll | 
"{7504CFC7-3185-48F0-8B6C-51A49F9A7918}" = dir=in | app=c:\users\jan gerdes\documents\the war z\warz.exe | 
"{7A105F6C-14C0-4381-8180-1AF726C7870C}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator bga 2011\farm.bga.dll | 
"{7B8FE7DA-40FB-4EC6-B357-27DADB80067A}" = protocol=6 | dir=in | app=c:\users\jan gerdes\downloads\sweetimsetup.exe | 
"{845B67BC-696E-4970-B3B7-3541A9595ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{88180D26-3D26-4A49-B7EA-69FCBE4FBD88}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{8AB31BC2-52AE-41D9-AA92-24EB0CA375B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8E73EFDD-11AD-4D32-B96A-9DC7C1255005}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F54491A-A1AA-4970-B9D9-0B035031F90D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{917F2F79-E0B1-49DF-8007-AF79C063BC27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{95C187C0-CC4F-4E28-B19F-6369C184F5C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{995EFC1F-9742-4568-AFA6-2455DB99B7FC}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{995F6F94-0015-4AAC-8F5D-4F99B88D4259}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{9BBB4764-067D-4A2B-8418-877D25E2A77D}" = protocol=6 | dir=in | app=c:\program files (x86)\agrar simulator 2011\farm.dll | 
"{A03CBC52-93A2-41C1-B95B-C0C94B6807F2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{A2A2D2AF-63A7-46F6-A2A3-06458961E7EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A89D79E7-9662-4EDA-945E-05738F881DF1}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe | 
"{A9AC29AF-AF4C-4398-A08E-64434BE5F848}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{AAABD9BB-80E4-4551-A6D0-30DB6C062765}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{AB0777CF-6B0F-4B1F-AFA7-610F8B99F17E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B45CDF71-EE5F-45E0-811B-3F250BB05037}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{C1B9C75B-6F6D-49CA-AB0D-CCAA25603F05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C6CDB16B-7367-46F1-8DF3-0BEAEF734685}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C793082A-93A1-4EE3-862E-66C72CE8D342}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C96ED7B9-50EF-46A4-B71D-1FCB3F8C84D0}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{CA4FD3D2-3BFD-426F-8B63-CC3AF15D2D32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB6EA4EE-DD22-4A73-B64D-AC4BD65FA34D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CB822875-499A-4E55-B46F-58A243B2D497}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{D2881552-957B-4857-B61E-B78A0C875256}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D781F8BE-E28E-4AF9-AA9E-00EF83620C6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D85BD06D-4FFD-439A-A372-B0A945E9A1C5}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe | 
"{DC296A6C-2C76-418A-B736-3DD95A082F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{DD7D84AF-87F4-4CCE-870B-A748924B5F14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DDE4575D-FB29-4455-BDA7-E3227BE2FAB8}" = protocol=6 | dir=out | app=system | 
"{E050F5B9-A8A8-4A2B-BF5C-645B233B6161}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriverlauncher.exe | 
"{E19EF93B-1CFC-4A88-9BBE-C32CFB72D4EE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E4C4B3F4-7BD1-4FD4-B869-FBF084AEC726}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat\crashtime4low.exe | 
"{E6084A9D-A738-4B9E-8DAC-C6FB12834CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{E6AAD340-FC68-4736-8480-3AEFEA2CDF70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E96238B4-C44A-420E-AEB9-26B33532D29F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\operation flashpoint red river\redriver.exe | 
"{EA537C96-F897-4E17-94B2-F74CA1E1BA0D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{EA9D5AB4-725B-4DCC-95E7-B87E5CEB9D17}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{EB8D1273-A553-47D2-9B40-45A4571AD041}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe | 
"{F07B13CD-49D6-44F9-8D95-7B4DF44E0A31}" = protocol=17 | dir=in | app=c:\program files (x86)\agrar simulator 2011\farm.dll | 
"{F2016D04-D573-4520-8FB6-8B5559D77C73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD58C3F2-E35B-4F3F-BF38-6E6304D66EB5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{18A0CFB2-9D2B-4269-AE37-E7C642EFD2F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8A8B1A4C-A0BC-4E4C-9C6A-C6170C061701}C:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe | 
"TCP Query User{8D641396-D862-476D-B152-4AF19846C0E9}C:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe | 
"TCP Query User{A0495165-064F-4CC0-A9B9-740285741FA4}C:\users\jan gerdes\desktop\1.6\hl.exe" = protocol=6 | dir=in | app=c:\users\jan gerdes\desktop\1.6\hl.exe | 
"TCP Query User{CC292F5A-80DA-4B7F-8816-564EE88B1602}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{476194D9-0C60-42AF-9504-132087836D3E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{6A68EAA0-15D9-4421-A202-28ADFC752821}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{9D8A6D64-0509-42FB-BBD6-8364029EF712}C:\users\jan gerdes\desktop\1.6\hl.exe" = protocol=17 | dir=in | app=c:\users\jan gerdes\desktop\1.6\hl.exe | 
"UDP Query User{CD915A09-2735-466A-BAEB-349746B18A9F}C:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\jan gerdes\desktop\pc-spiele\left 4 dead 2\left4dead2.exe | 
"UDP Query User{F5238CF1-913C-424A-842F-D0D54549D0A3}C:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency 4 deluxe\em4deluxe.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.3.0
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{434D083E-A4CC-401A-9E74-621000038101}" = OF: Red River
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55DAC754-01F4-4EF8-9E23-6A1847862FBD}_is1" = Winterberg Configurator Version WEM Confi 8.5
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5F7ED0CD-E04E-4441-9E03-10AFDB654E96}_is1" = Werksfeuerwehr-Simulator Version 1.0
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B399BFBA-258C-4C01-B929-D0D0873FBC4B}" = TL-PA211 Powerline Utility
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E1476612-02D6-42A3-BDC1-E292B4115738}" = HP Easy Setup - Frontend
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}" = muvee autoProducer 6.1
"{Wegberg-Modifikation-5-0}_is1" = Feuer- und Notfallsimulation Wegberg Version 5.0
"1ClickDownload" = OnlineHDTV
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm für Cobra 11 - Das Syndikat_is1" = Alarm für Cobra 11 - Das Syndikat
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emergency 2012" = Emergency 2012 Deluxe
"Free Studio_is1" = Free Studio version 5.7.2.825
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.916
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetCologne" = NetCologne-Installationsdateien entfernen
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Real Heroes - Firefighter_is1" = Real Heroes Firefighter
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair v4.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinDSL" = WinDSL
"WinPcapInst" = WinPcap 4.1.1
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2012 09:17:42 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:08:30 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:13:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:13:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:15:59 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:31:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:31:47 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:37:17 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:39:07 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.12.2012 19:44:29 | Computer Name = JanGerdes-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ Media Center Events ]
Error - 11.10.2012 08:29:22 | Computer Name = JanGerdes-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
[ System Events ]
Error - 28.12.2012 10:01:31 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.12.2012 10:01:31 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.12.2012 10:01:32 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.12.2012 13:55:33 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.12.2012 13:55:42 | Computer Name = JanGerdes-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 28.12.2012 13:55:44 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\hardlock.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.12.2012 13:55:44 | Computer Name = JanGerdes-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.12.2012 13:57:15 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.12.2012 13:57:15 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.12.2012 13:57:15 | Computer Name = JanGerdes-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

OTL.Txt

Code:

ATTFilter

OTL logfile created on: 28.12.2012 18:58:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jan Gerdes\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,75% Memory free
8,18 Gb Paging File | 6,09 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584,61 Gb Total Space | 255,31 Gb Free Space | 43,67% Space Free | Partition Type: NTFS
Drive D: | 11,56 Gb Total Space | 1,56 Gb Free Space | 13,46% Space Free | Partition Type: NTFS
Drive E: | 680,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JANGERDES-PC | User Name: Jan Gerdes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Jan Gerdes\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
PRC - C:\Windows\SysWOW64\mmrtkrnl.exe (AlcaTech)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys ()
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys ()
DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys ()
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys ()
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys ()
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys ()
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys ()
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\ckldrv.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys ()
DRV - (lirsgt) -- C:\Windows\SysWOW64\drivers\lirsgt.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (PDNMp50) -- C:\Windows\SysWOW64\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\Windows\SysWOW64\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Hardlock) -- C:\Windows\SysWOW64\drivers\hardlock.sys (Aladdin Knowledge Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.internetcologne.de/
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes\{45D381B0-F1F6-4B62-B4C4-FE6ECE08B149}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..\SearchScopes\{61131C64-FDD7-42E4-8A00-9BAC3634F08B}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..keyword.URL: "hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 14:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 17:53:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 17:53:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 17:53:08 | 000,000,000 | ---D | M]
 
[2009.03.26 20:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Extensions
[2012.12.15 13:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions
[2010.05.03 15:45:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.05 13:58:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\Firefox\Profiles\i89zgydx.default\extensions\moveplayer@movenetworks.com
[2012.10.22 11:42:46 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.11.24 11:38:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jan Gerdes\AppData\Roaming\mozilla\firefox\profiles\i89zgydx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.05 17:52:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2012.12.05 17:52:53 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.12.05 17:52:55 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.12.05 17:52:57 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.05 17:53:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.07.31 19:06:54 | 000,089,600 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\Extras.dll
[2009.07.31 18:47:11 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\Movies.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.28 00:36:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan Gerdes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3890968446-3114921312-747539789-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3890968446-3114921312-747539789-1005\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC43B4D4-EB47-4867-AC3F-B1CC51339A1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll ()
O24 - Desktop WallPaper: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan Gerdes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.31 16:48:52 | 003,170,304 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.01.23 13:34:28 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.28 18:53:19 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\Neuer Ordner
[2012.12.28 18:50:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan Gerdes\Desktop\OTL(1).exe
[2012.12.28 11:37:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.28 00:44:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.28 00:44:28 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Local\temp
[2012.12.28 00:08:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.28 00:08:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.28 00:08:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.28 00:08:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.28 00:07:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.28 00:07:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012.12.28 00:06:31 | 005,014,125 | R--- | C] (Swearware) -- C:\Users\Jan Gerdes\Desktop\ComboFix.exe
[2012.12.27 14:58:25 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan Gerdes\Desktop\tdsskiller.exe
[2012.12.27 14:53:58 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jan Gerdes\Desktop\aswMBR.exe
[2012.12.27 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\mbar
[2012.12.24 11:49:40 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\AppData\Roaming\Malwarebytes
[2012.12.24 11:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.24 00:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.23 22:36:56 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\DVD Video Soft
[2012.12.23 22:36:27 | 000,000,000 | ---D | C] -- C:\Users\Jan Gerdes\Desktop\Emergency
[2012.12.05 17:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.28 19:00:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A904537-B371-47EE-A20C-594D18C043A0}.job
[2012.12.28 18:55:51 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.28 18:55:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 18:55:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 18:55:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 18:55:37 | 4293,386,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.28 18:50:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan Gerdes\Desktop\OTL(1).exe
[2012.12.28 18:26:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.28 15:07:33 | 001,588,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.28 15:07:33 | 000,681,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.28 15:07:33 | 000,640,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.28 15:07:33 | 000,149,302 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.28 15:07:33 | 000,122,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.28 15:05:45 | 000,550,017 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
[2012.12.28 11:39:08 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3A84B897-A39D-439C-8BDD-53E79D2401A0}.job
[2012.12.28 00:36:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.28 00:06:46 | 005,014,125 | R--- | M] (Swearware) -- C:\Users\Jan Gerdes\Desktop\ComboFix.exe
[2012.12.27 14:58:30 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan Gerdes\Desktop\tdsskiller.exe
[2012.12.27 14:54:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jan Gerdes\Desktop\aswMBR.exe
[2012.12.27 11:57:48 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.27 11:57:48 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.25 17:25:11 | 000,022,083 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\Aufzeichnen.JPG
[2012.12.24 12:23:29 | 000,000,000 | ---- | M] () -- C:\Users\Jan Gerdes\defogger_reenable
[2012.12.24 12:00:53 | 000,002,615 | ---- | M] () -- C:\Users\Jan Gerdes\Desktop\Microsoft Office Word 2007.lnk
[2012.12.24 00:41:15 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.28 15:05:43 | 000,550,017 | ---- | C] () -- C:\Users\Jan Gerdes\Desktop\adwcleaner.exe
[2012.12.28 00:08:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.28 00:08:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.28 00:08:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.28 00:08:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.28 00:08:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.25 17:25:08 | 000,022,083 | ---- | C] () -- C:\Users\Jan Gerdes\Desktop\Aufzeichnen.JPG
[2012.12.24 12:23:29 | 000,000,000 | ---- | C] () -- C:\Users\Jan Gerdes\defogger_reenable
[2012.12.24 00:41:15 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.24 00:38:26 | 4293,386,240 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.15 21:09:54 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\pg32conv.dll
[2012.11.15 21:09:54 | 000,030,793 | ---- | C] () -- C:\Windows\SysWow64\crtslv.dll
[2012.11.15 21:09:54 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2012.09.14 13:43:39 | 000,000,530 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.03.25 16:14:02 | 000,017,408 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\WebpageIcons.db
[2012.02.17 23:36:25 | 000,000,098 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\fusioncache.dat
[2012.02.17 23:34:09 | 001,566,640 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.10 18:43:20 | 000,055,356 | R--- | C] () -- C:\Users\Jan Gerdes\verkleinert.jpg
[2011.04.01 13:12:21 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.01 13:11:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.29 15:45:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.19 19:49:24 | 000,002,528 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\$_hpcst$.hpc
[2010.08.04 18:41:07 | 000,000,205 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\mdbu.bin
[2009.12.22 13:55:23 | 000,021,259 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\UserTile.png
[2009.03.29 10:35:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.03.01 13:57:52 | 000,003,072 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Roaming\wklnhst.dat
[2009.01.10 21:35:55 | 000,000,680 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\d3d9caps.dat
[2008.12.27 14:24:25 | 000,024,576 | ---- | C] () -- C:\Users\Jan Gerdes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >

cosinus · 28.12.2012, 19:56

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

OhioGelenk · 28.12.2012, 20:50

Super!

Vielen dank für deine Hilfe.
An welchen Programmen lag es den jetzt genau?

Ich hätte noch eine weitere Frage.
Und zwar hätte man auf den Logs auch andere Viren erkennen können? Sprich kann ich jetzt davon ausgehen das mein PC 100 prozentig "sauber" und frei von Schadsoftware ist?

Gruß OhioGelenk

Fehler beim Laden von C:Windows\system32\sshnas.dll

Plagegeister aller Art und deren Bekämpfung: Fehler beim Laden von C:Windows\system32\sshnas.dll