Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.JS.Redirector bei Aufruf von Firefox

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.01.2013, 19:22   #1
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Wenn ich in meinem Profil den Firefox starte, dann meldet sich Kaspersky regelmäßig, das er den Zugriff auf "hxxp://www.proxyempire.com/index.php" verweigert, da dort der Trojaner "Trojan.JS.Redirector.xa" sich befindet.
Diese Meldung kommt aber nur, wenn ich auf Facbook gehe.
Weiterhin kommt diese Meldung jedoch nicht, wenn ich den IE benutze oder auf das Profil meiner Frau wechsele.

Was ist das und wie kann ich das abstellen? Im Netz habe ich darüber nichts gefunden.

Vielen Dank
RvM

Alt 08.01.2013, 19:41   #2
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Hi
kennst du denn die von Kaspersky benannte Seite?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 08.01.2013, 20:31   #3
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



OTL.txt
Code:
ATTFilter
OTL logfile created on: 08.01.2013 20:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Install\quicktime
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free
6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Install\quicktime\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
PRC - C:\Programme\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)
PRC - C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp)
PRC - C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synology Data Replicator  3\Backup.exe (Synology Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
PRC - C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
PRC - C:\Programme\UpsPilot\wpRMI.exe (Macrovision)
PRC - C:\Programme\UpsPilot\monitor.exe (Macrovision)
PRC - C:\Programme\UpsPilot\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - D:\Install\prozessortools\Core Temp.exe ()
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe ()
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Programme\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\program\libxslt.dll ()
MOD - C:\Programme\Tablet\Wacom\libxml2.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MXCleanerDll.DLL ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u.DLL ()
MOD - D:\Install\prozessortools\Core Temp.exe ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u_VC8.dll ()
MOD - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe ()
MOD - C:\Programme\ASUS\EPU-6 Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\EPU-6 Engine\pngio.dll ()
MOD - C:\Programme\Stardock\CursorFX\zlib1.dll ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\PlayRIpl.dll ()
MOD - C:\Programme\Common Files\Nero\Lib\log4cxx.dll ()
MOD - C:\Windows\System32\AsIO.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (APC Data Service) -- C:\Programme\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
SRV - (APC UPS Service) -- C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
SRV - (LNSUSvc) -- C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe (Deutsche Telekom AG)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
SRV - (WinpowerRMI) -- C:\Programme\UpsPilot\wpRMI.exe (Macrovision)
SRV - (Winpowermonitor) -- C:\Programme\UpsPilot\monitor.exe (Macrovision)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Ext2Fsd) --  File not found
DRV - (cpuz132) -- C:\Users\XXX\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (ALSysIO) -- C:\Users\XXX\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (adfs) --  File not found
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys ()
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (mv61xx) -- C:\Windows\System32\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (cvspydr2) -- C:\Windows\System32\drivers\cvspydr2.sys (Colorvision Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 84 C5 40 51 59 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {7548973C-5C35-4E05-87F3-97194EE4EB43}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CCS&o=15773&src=kw&q={searchTerms}&locale=&apn_ptnrs=HN&apn_dtid=YYYYYYYYDE&apn_uid=D6CDC2EC-9D38-4C79-8EE0-0C11FDD51121&apn_sauid=FAF0BC77-7BA8-4F78-B1A9-BE3E13106D01
IE - HKCU\..\SearchScopes\{7548973C-5C35-4E05-87F3-97194EE4EB43}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = proxy-kre.evonik.com/proxy-pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B3869b071-0fae-4c75-948a-60d9c56ea02b%7D:1.0
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy-kre.evonik.com/proxy-pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 15:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 18:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 18:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.23 06:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.08 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions
[2010.11.28 11:31:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\noia2_option@kk.noia
[2012.03.27 19:08:12 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi
[2012.12.29 14:28:45 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.12 21:31:45 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 21:56:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.08 12:21:03 | 000,002,395 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\searchplugins\askcom.xml
[2012.12.05 18:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.05 18:22:05 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2012.12.05 18:22:09 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.08.16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008.05.21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008.08.16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2008.08.16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.09 20:17:57 | 000,002,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       .psf
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 18 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Core Temp] D:\Install\prozessortools\Core Temp.exe ()
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [Data Replicator 3] C:\Program Files\Synology Data Replicator  3\Backup.exe (Synology Inc.)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.fujidirekt.de/ips-opdata/layout/aspadmin/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CDDA-D716-4FC5-8C27-BD7CEFBB60F9}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49B4065-FBB4-42A2-BE1F-5C1C667C04D3}: DhcpNameServer = 195.50.140.178 195.50.140.114
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell - "" = AutoRun
O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 17:56:05 | 000,000,000 | ---D | C] -- C:\d8e392f8f2f1247224
[2013.01.02 19:41:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.01.02 19:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\URE
[2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\program
[2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Basis
[2012.12.27 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.12.22 16:57:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 16:57:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.13 15:42:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.13 15:42:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.13 15:42:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.13 15:42:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.13 15:42:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.13 15:42:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.13 15:42:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.13 15:42:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 18:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 18:35:45 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 18:35:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 18:35:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 18:35:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 18:35:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 18:35:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.07.10 20:28:39 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\XXX\PCPE Setup.exe
[2012.07.10 20:28:39 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\mfc80u.dll
[2012.07.10 20:28:39 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\msvcr80.dll
[2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\grm_res.dll
[2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\fr_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\pt_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\it_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\es_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\en_res.dll
[2012.07.10 20:28:39 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\XXX\ru_res.dll
[2012.07.10 20:28:39 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\XXX\jp_res.dll
[2012.07.10 20:28:39 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\XXX\zh_res.dll
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 19:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.08 19:44:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013.01.08 19:23:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.08 19:14:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2013.01.08 19:14:01 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2013.01.08 18:01:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.08 18:01:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 17:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 17:45:04 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.05 12:07:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-XXX-PC-XXX.job
[2013.01.04 20:24:39 | 000,017,060 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.02 21:13:14 | 003,854,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.02 21:12:57 | 512,230,196 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.02 19:41:47 | 000,001,011 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.02 19:41:00 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.12.28 10:40:24 | 000,657,746 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.28 10:40:24 | 000,617,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.28 10:40:24 | 000,131,418 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.28 10:40:24 | 000,107,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 11:16:14 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.26 23:10:01 | 000,007,601 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2012.12.17 16:24:58 | 000,001,904 | ---- | M] () -- C:\Users\XXX\Desktop\DreamBoxEdit.lnk
[2012.12.17 15:13:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.12 19:46:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 19:46:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.02 21:12:57 | 512,230,196 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.02 19:41:47 | 000,001,011 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.02 19:41:00 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.12.27 11:16:14 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.16 16:27:19 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.07.10 20:33:10 | 013,338,112 | ---- | C] () -- C:\Users\XXX\PCPE_3.0.1.msi
[2012.07.10 20:28:39 | 000,018,808 | ---- | C] () -- C:\Users\XXX\ResourceReader.dll
[2012.05.31 16:51:52 | 000,140,770 | ---- | C] () -- C:\Users\XXX\.TransferManager.db
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.02.09 17:06:27 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.06 19:49:44 | 000,001,074 | ---- | C] () -- C:\Users\XXX\Videos - Verknüpfung.lnk
[2012.02.06 19:45:11 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012.01.14 22:05:14 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2012.01.14 22:05:14 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.12.12 22:06:04 | 000,051,034 | ---- | C] () -- C:\Users\XXX\install.xml
[2011.11.07 21:55:07 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.09.03 21:36:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.08.08 19:45:37 | 000,000,100 | ---- | C] () -- C:\Windows\notesnsd.ini
[2011.07.01 17:00:06 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2011.06.20 20:03:56 | 000,007,601 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2010.11.14 18:34:05 | 000,122,157 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\mdbu.bin
[2010.05.19 19:22:59 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd
[2010.05.10 18:43:15 | 000,000,132 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.04.03 18:25:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.11.23 20:46:31 | 000,000,016 | ---- | C] () -- C:\Users\XXX\persistent_state
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.11.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Acronis
[2010.12.25 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AnvSoft
[2009.12.07 17:57:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AOMrec
[2012.12.24 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Audacity
[2010.02.10 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service
[2012.09.13 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon
[2012.09.13 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon_Inc_IC
[2010.09.13 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.12.25 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CocoonSoftware
[2012.03.19 08:53:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.05.30 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CursorArts
[2012.11.15 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2012.03.13 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft
[2012.03.13 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.09 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Epson
[2010.06.07 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Facebook
[2013.01.02 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla
[2010.07.12 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeFLVConverter
[2009.12.14 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Haenlein-Software
[2010.04.10 17:12:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HDRsoft
[2010.03.31 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICAClient
[2009.11.03 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2010.01.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX
[2011.05.23 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Notepad++
[2009.10.31 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org
[2011.01.15 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\phonostar-Player
[2011.05.23 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Photo! Web Album
[2012.01.06 16:24:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDisc
[2010.09.07 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.15 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Teleca
[2010.08.19 18:22:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird
[2009.11.20 06:54:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems
[2011.03.12 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VanDyke
[2011.11.08 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA

< End of report >
         
und hier die EXTRA.TXT
Code:
ATTFilter
OTL Extras logfile created on: 08.01.2013 20:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Install\quicktime
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free
6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02877E15-8E51-426C-88F0-DD81E9E87D81}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | 
"{0B99A39D-E808-4DE1-BBFD-6E4B97E44B7C}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1423DDD4-3485-4663-BC83-7F801C855E40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26819F85-00A1-4F19-BEB4-2791024D21F0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2C2958C3-DBEE-4321-9595-F382518283B9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{32A4E211-6E2B-46C8-8C16-C2C071460652}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36B84E8C-6A22-4C55-9967-A4684B689C94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6516A48D-45D9-4966-B4D8-70531D2F30BA}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{75311F82-7CC5-422F-9170-9926606589F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{78810B26-A774-46F7-8BE3-656ABF79B8A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{949C39DE-E069-476A-AFA9-A91934D5A302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A076EA47-4F55-44DE-9726-94F3953E6030}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A5291452-0262-4F2E-A437-175384FD606A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A732FBCA-2550-4DED-9119-0F31BAF0CD84}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADCB92D6-3382-4FAA-8467-83778D7673AE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{BA1893F7-93CC-44F5-AA5D-CCB7478F3C4A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{CCD7E1BF-0CDA-4F37-93DD-0A0D9DC6C036}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D7DEF4CA-6C84-4327-9B31-BF3E12C51A1C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE6C0782-DAC3-420C-895C-07DA5DBE3A65}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DF8575E5-744C-4B85-9C36-BB5E4ED034E5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{E89ADFEF-5E4E-4FC3-A9B5-B0319745000A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DDF14E-15C9-4F42-AAA1-CB6F9351EBC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03E94794-DE9C-4A11-878F-D31262354308}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{041FBC00-D667-4AD6-9498-E1FB37626CBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{05DF3EB2-9719-4742-B3EA-C635FEE22B60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1DDF20D8-FD27-45DD-A89A-9EC7148F3BFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{298F6958-B855-49F6-9C97-9CECA62750C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{49B88E3E-5167-4BC8-ACF7-5F13BD4B430B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BB949DF-62FA-4356-85CF-B1622E9103D6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{525F8ECE-FF41-4867-870C-3C0333802BEF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{52B8EF40-0CC1-4165-980C-F78452CA0DE6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{5CF3C1EF-B19E-44D7-8573-52404656D529}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5ED389F8-A604-4CEB-B899-7FC4B536F181}" = protocol=6 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"{6BAC2045-6D0A-4ECC-B303-264ACAAF7DF4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{72D58C0E-359C-4CF3-BAD3-50105DFD289D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{74827A88-6081-4D16-9AD8-E6D37614C6AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{7869A60D-0AD2-42AB-93F2-151484CD1A62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{7A523F85-CF58-4CAA-9B6C-42D65645FDD7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A38ECBAB-E4A3-4B1F-A3C2-C1A6F4FAB2EB}" = protocol=17 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"{A4ACBAC2-0750-4EAE-A90F-7B1498200AD1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A4DF07BE-28DC-4127-83E9-6A728AA82287}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C09C125C-54DC-440E-87BE-EC0AD5F81DDF}" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe | 
"{D2E41FF7-0191-4CFE-9621-D6B79EE7E3BE}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{E8CEBF14-DFD5-41E4-B888-8EDF170670E6}" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe | 
"{EA6FF75C-9245-4856-B6EE-EB11C4DD8CBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA8F1BC7-B0EF-4388-A261-139AA18BC1BF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{ED7B1B0B-CD01-43B0-96C4-D30B56D3F8BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FB692E0A-328E-480B-BD04-81576DD4D90A}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"TCP Query User{056861EB-4361-4093-8627-53C3F78A0C1B}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=6 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe | 
"TCP Query User{2E54C178-783F-48D2-82E5-5FAAF3EA1DC2}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | 
"TCP Query User{2EE2837C-CD10-468A-BA59-B80D4B7BA196}D:\dreambox\dcc\dcc.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc.exe | 
"TCP Query User{3457EE4E-6111-4913-8FCD-8889899E492F}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"TCP Query User{4D5678B6-4FF3-4338-B6E4-C520D0EA7487}D:\dreambox\dcc\dcc_e2.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe | 
"TCP Query User{5A7566D5-4DE1-4CF8-BB4F-468A4D553FE0}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe | 
"TCP Query User{666AAA5B-6E67-4469-8B15-1A386E5FAF62}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{8303C8E7-0BD2-4823-ADFD-5ABCAA97E9B2}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe | 
"TCP Query User{8BC43F7A-AE64-4651-88D1-E04580FCC502}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=6 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe | 
"TCP Query User{931DCDC5-3F03-4EFE-807F-1493E856C7EF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{BE8CC6F2-B8E8-4AC4-9ACF-31C9ECBF685B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{ECCB6C0B-EDE7-4AAB-BD00-3CA8D38737A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{364DB94D-8941-450F-B33A-F970319EB4CC}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe | 
"UDP Query User{36CE9A5E-6F42-497C-A941-48CCB68A7445}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"UDP Query User{4206CFB5-A1EB-4997-9B72-1ABD0DA83515}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=17 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe | 
"UDP Query User{49BF68AF-4A0D-4E03-A6C4-9AC983BF9E9E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{5B51C7EB-5D5E-47B8-8A53-E004F1BF88A8}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | 
"UDP Query User{5D07362B-D12F-47CC-A7F8-875979B00DEE}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=17 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe | 
"UDP Query User{682E7FCC-AC97-4370-86A5-04B85D7BA67E}D:\dreambox\dcc\dcc.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc.exe | 
"UDP Query User{6E8E7AEB-F7ED-4CB2-B2B1-F2BE81E579E7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9FCFE8E8-D1D2-4075-AEFB-CDE39750EE94}D:\dreambox\dcc\dcc_e2.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe | 
"UDP Query User{CDECF5AF-124B-45FE-9290-05C41987897D}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe | 
"UDP Query User{E49CD7FB-E60D-4A05-BEBB-43C9B8E02087}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{EFA02182-2BB6-4D4B-A70F-FD48B36DF4D7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = easycap video grabber
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FF55F91-4296-46D0-B045-1429CD46AF99}" = Adobe Setup
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz  InFocus
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DF6D752-00FB-4FE3-A3C6-7C09279A1031}" = Nero 8
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76B830B5-AFE2-498E-8A0E-0BB64B5EC87E}" = BOINC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A76CAF3-D7D8-45C0-9CCB-8AC1DDF38516}" = Magic Bullet PhotoLooks 32 bit
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{997AFE6A-F337-4A6A-8A99-2C32025E0BFF}" = Tunebite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}" = Lotus Notes 8.5.3 de
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B6F270-EEAD-4B5B-82ED-1EEE8CB5F273}" = StarMoney 8.0 
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7CA796BB949C28BF49AB1F5C63987DDCDB6198D2" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA  (01/29/2007 5.7.0129.0)
"7-Zip" = 7-Zip 9.07 beta
"83F59976468EB2453DAA02D2C182FC19F4ACFDA8" = Windows-Treiberpaket - eMPIA Technology (USB28xxBGA) Media  (01/16/2007 5.7.0116.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c7ed6c08f4acf68bf0512885eec384" = Adobe Fireworks CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber Lame PlugIn" = Audiograbber Lame PlugIn 3.96 APS 
"Bouquet Editor Suite_is1" = Bouquet Editor Suite v1.2 Uninstall
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CRT" = VanDyke Software CRT 5.0
"CursorFX" = CursorFX
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"dlanconf" = devolo dLAN-Konfigurationsassistent
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"dslmon" = devolo Informer
"DVD Shrink_is1" = DVD Shrink 3.1
"EOS Utility" = Canon Utilities EOS Utility
"EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall
"EPSON PX720WD Series Manual" = EPSON PX720WD Series Handbuch
"EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"Ext2Fsd_is1" = Ext2Fsd 0.51
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.6.0.2
"F-Recovery for CompactFlash" = F-Recovery for CompactFlash
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Free FLV Converter_is1" = Free FLV Converter V 6.9.0
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"iCare Data Recovery_is1" = iCare Data Recovery 4.5.3
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.0 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.30.804 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus D" = MAGIX Video deluxe 16 Plus 9.0.0.54 (D)
"MAGIX Webradio Recorder 5 D" = MAGIX Webradio Recorder 5 5.0.0.326 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mediencenter Software" = Mediencenter Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netzmanager" = Netzmanager
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Photo! Web Album_is1" = Photo! Web Album 1.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SDR2" = Schlag den Raab - Das 2. Spiel
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"smartmontools" = smartmontools
"Spyder3Elite" = Spyder3Elite
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 7" = TeamViewer 7
"Topaz  InFocus" = Topaz  InFocus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.5
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-4
"Winpower" = Winpower
"winscp3_is1" = WinSCP 4.2.7
"XMedia Recode" = XMedia Recode 3.0.4.6
"YTdetect" = Yahoo! Detect
"ZapNotes" = ZapNotes
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Kies Air Discovery Service" = Kies Air Discovery Service
"QUICKMEDIACONVERTER" = QMC
"SugarSync" = SugarSync Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 14:00:16 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 02.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 23.12.2012 14:00:10 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 30.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 03.01.2013 18:12:26 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0x6a4  Startzeit der fehlerhaften Anwendung: 0x01cde9b648600ce8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: a760ef2e-55f2-11e2-b07b-90e6ba441b8d
 
Error - 04.01.2013 04:44:35 | Computer Name = XXX | Source = TabletServiceWacom | ID = 1
Description = 
 
Error - 06.01.2013 14:00:17 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 08.01.2013 12:46:39 | Computer Name = XXX | Source = APC Data Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
 Verbindung mit dem Dienstcontroller herstellen
 
[ System Events ]
Error - 08.01.2013 12:36:37 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:34:58 unerwartet heruntergefahren.
 
Error - 08.01.2013 12:36:41 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 12:37:18 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:   %%4203
 
Error - 08.01.2013 12:45:10 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:40:34 unerwartet heruntergefahren.
 
Error - 08.01.2013 12:45:15 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mediencenter Service erreicht.
 
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mediencenter Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 08.01.2013 12:48:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
__________________

Alt 08.01.2013, 20:33   #4
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



OTL.txt
Code:
ATTFilter
OTL logfile created on: 08.01.2013 20:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Install\quicktime
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free
6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Install\quicktime\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
PRC - C:\Programme\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric)
PRC - C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp)
PRC - C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synology Data Replicator  3\Backup.exe (Synology Inc.)
PRC - C:\Windows\System32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
PRC - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
PRC - C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
PRC - C:\Programme\UpsPilot\wpRMI.exe (Macrovision)
PRC - C:\Programme\UpsPilot\monitor.exe (Macrovision)
PRC - C:\Programme\UpsPilot\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - D:\Install\prozessortools\Core Temp.exe ()
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe ()
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Programme\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\program\libxslt.dll ()
MOD - C:\Programme\Tablet\Wacom\libxml2.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MXCleanerDll.DLL ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MxTray.exe ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u.DLL ()
MOD - D:\Install\prozessortools\Core Temp.exe ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\MFL_u_VC8.dll ()
MOD - C:\Programme\ASUS\EPU-6 Engine\SixEngine.exe ()
MOD - C:\Programme\ASUS\EPU-6 Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\EPU-6 Engine\pngio.dll ()
MOD - C:\Programme\Stardock\CursorFX\zlib1.dll ()
MOD - C:\Programme\MAGIX\PC_Check_Tuning_2010\PlayRIpl.dll ()
MOD - C:\Programme\Common Files\Nero\Lib\log4cxx.dll ()
MOD - C:\Windows\System32\AsIO.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UsbClientService) -- C:\Programme\Synology\Assistant\UsbClientService.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (APC Data Service) -- C:\Programme\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric)
SRV - (APC UPS Service) -- C:\Programme\APC\PowerChute Personal Edition\mainserv.exe (Schneider Electric)
SRV - (LNSUSvc) -- C:\Programme\IBM\Lotus\Notes\SUService.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (cjpcsc) -- C:\Windows\System32\cjpcsc.exe (REINER SCT)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TabletServiceWacom) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe (Deutsche Telekom AG)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SynoDrService) -- C:\Programme\Synology Data Replicator  3\SynoDrService.exe ()
SRV - (WinpowerRMI) -- C:\Programme\UpsPilot\wpRMI.exe (Macrovision)
SRV - (Winpowermonitor) -- C:\Programme\UpsPilot\monitor.exe (Macrovision)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (AsSysCtrlService) -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Ext2Fsd) --  File not found
DRV - (cpuz132) -- C:\Users\XXX\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (ALSysIO) -- C:\Users\XXX\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (adfs) --  File not found
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (busenum) -- C:\Windows\System32\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys ()
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (mv61xx) -- C:\Windows\System32\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (cvspydr2) -- C:\Windows\System32\drivers\cvspydr2.sys (Colorvision Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 84 C5 40 51 59 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {7548973C-5C35-4E05-87F3-97194EE4EB43}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CCS&o=15773&src=kw&q={searchTerms}&locale=&apn_ptnrs=HN&apn_dtid=YYYYYYYYDE&apn_uid=D6CDC2EC-9D38-4C79-8EE0-0C11FDD51121&apn_sauid=FAF0BC77-7BA8-4F78-B1A9-BE3E13106D01
IE - HKCU\..\SearchScopes\{7548973C-5C35-4E05-87F3-97194EE4EB43}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = proxy-kre.evonik.com/proxy-pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B3869b071-0fae-4c75-948a-60d9c56ea02b%7D:1.0
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy-kre.evonik.com/proxy-pac"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\XXX\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 15:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 15:39:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 18:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 18:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.23 06:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.08.19 18:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.08 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions
[2010.11.28 11:31:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.02.24 07:19:24 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\0wfyg99q.default\extensions\noia2_option@kk.noia
[2012.03.27 19:08:12 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi
[2012.12.29 14:28:45 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.12 21:31:45 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 21:56:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.08 12:21:03 | 000,002,395 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\0wfyg99q.default\searchplugins\askcom.xml
[2012.12.05 18:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.05 18:22:05 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012.12.21 15:39:20 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2012.12.05 18:22:09 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.08.16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008.08.16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008.08.16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008.05.21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008.05.21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008.05.21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008.08.16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2008.08.16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.09 20:17:57 | 000,002,204 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       .psf
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 18 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\XXX\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Core Temp] D:\Install\prozessortools\Core Temp.exe ()
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [Data Replicator 3] C:\Program Files\Synology Data Replicator  3\Backup.exe (Synology Inc.)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.fujidirekt.de/ips-opdata/layout/aspadmin/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CDDA-D716-4FC5-8C27-BD7CEFBB60F9}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49B4065-FBB4-42A2-BE1F-5C1C667C04D3}: DhcpNameServer = 195.50.140.178 195.50.140.114
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell - "" = AutoRun
O33 - MountPoints2\{593515b5-1e82-11e0-836e-90e6ba441b8d}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 17:56:05 | 000,000,000 | ---D | C] -- C:\d8e392f8f2f1247224
[2013.01.02 19:41:00 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.01.02 19:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\URE
[2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2013.01.02 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\program
[2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2013.01.02 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Basis
[2012.12.27 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.12.22 16:57:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 16:57:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.13 15:42:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.13 15:42:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.13 15:42:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.13 15:42:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.13 15:42:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.13 15:42:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.13 15:42:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.13 15:42:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 18:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 18:35:45 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 18:35:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 18:35:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 18:35:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 18:35:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 18:35:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 18:35:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 18:35:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.07.10 20:28:39 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\XXX\PCPE Setup.exe
[2012.07.10 20:28:39 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\mfc80u.dll
[2012.07.10 20:28:39 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\XXX\msvcr80.dll
[2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\grm_res.dll
[2012.07.10 20:28:39 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\XXX\fr_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\pt_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\it_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\es_res.dll
[2012.07.10 20:28:39 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\XXX\en_res.dll
[2012.07.10 20:28:39 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\XXX\ru_res.dll
[2012.07.10 20:28:39 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\XXX\jp_res.dll
[2012.07.10 20:28:39 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\XXX\zh_res.dll
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 19:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.08 19:44:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2013.01.08 19:23:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.08 19:14:03 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2013.01.08 19:14:01 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2013.01.08 18:01:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.08 18:01:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 17:59:50 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 17:45:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 17:45:04 | 2616,500,224 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.05 12:07:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-XXX-PC-XXX.job
[2013.01.04 20:24:39 | 000,017,060 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.02 21:13:14 | 003,854,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.02 21:12:57 | 512,230,196 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.02 19:41:47 | 000,001,011 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.02 19:41:00 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.12.28 10:40:24 | 000,657,746 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.28 10:40:24 | 000,617,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.28 10:40:24 | 000,131,418 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.28 10:40:24 | 000,107,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.27 11:16:14 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.12.26 23:10:01 | 000,007,601 | ---- | M] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2012.12.17 16:24:58 | 000,001,904 | ---- | M] () -- C:\Users\XXX\Desktop\DreamBoxEdit.lnk
[2012.12.17 15:13:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.12 19:46:41 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 19:46:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[4 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.02 21:12:57 | 512,230,196 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.02 19:41:47 | 000,001,011 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.01.02 19:41:00 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.12.27 11:16:14 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.16 16:27:19 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.07.10 20:33:10 | 013,338,112 | ---- | C] () -- C:\Users\XXX\PCPE_3.0.1.msi
[2012.07.10 20:28:39 | 000,018,808 | ---- | C] () -- C:\Users\XXX\ResourceReader.dll
[2012.05.31 16:51:52 | 000,140,770 | ---- | C] () -- C:\Users\XXX\.TransferManager.db
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.02.09 17:06:27 | 000,001,456 | ---- | C] () -- C:\Users\XXX\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.06 19:49:44 | 000,001,074 | ---- | C] () -- C:\Users\XXX\Videos - Verknüpfung.lnk
[2012.02.06 19:45:11 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012.01.14 22:05:14 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2012.01.14 22:05:14 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.12.12 22:06:04 | 000,051,034 | ---- | C] () -- C:\Users\XXX\install.xml
[2011.11.07 21:55:07 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.09.03 21:36:05 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.08.08 19:45:37 | 000,000,100 | ---- | C] () -- C:\Windows\notesnsd.ini
[2011.07.01 17:00:06 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2011.06.20 20:03:56 | 000,007,601 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2010.11.14 18:34:05 | 000,122,157 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\mdbu.bin
[2010.05.19 19:22:59 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd
[2010.05.10 18:43:15 | 000,000,132 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.04.03 18:25:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.11.23 20:46:31 | 000,000,016 | ---- | C] () -- C:\Users\XXX\persistent_state
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.11.15 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Acronis
[2010.12.25 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AnvSoft
[2009.12.07 17:57:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AOMrec
[2012.12.24 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Audacity
[2010.02.10 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Buhl Data Service
[2012.09.13 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon
[2012.09.13 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canon_Inc_IC
[2010.09.13 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.12.25 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CocoonSoftware
[2012.03.19 08:53:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.05.30 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\CursorArts
[2012.11.15 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2012.03.13 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft
[2012.03.13 19:57:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.09 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Epson
[2010.06.07 19:45:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Facebook
[2013.01.02 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FileZilla
[2010.07.12 14:59:20 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FreeFLVConverter
[2009.12.14 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Haenlein-Software
[2010.04.10 17:12:02 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\HDRsoft
[2010.03.31 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICAClient
[2009.11.03 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Leadertech
[2010.01.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\MAGIX
[2011.05.23 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Notepad++
[2009.10.31 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org
[2011.01.15 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\phonostar-Player
[2011.05.23 18:43:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Photo! Web Album
[2012.01.06 16:24:35 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ProtectDisc
[2010.09.07 19:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.15 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Teleca
[2010.08.19 18:22:17 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Thunderbird
[2009.11.20 06:54:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Ulead Systems
[2011.03.12 19:30:56 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\VanDyke
[2011.11.08 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA

< End of report >
         
und hier die EXTRA.TXT
Code:
ATTFilter
OTL Extras logfile created on: 08.01.2013 20:03:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Install\quicktime
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 34,85% Memory free
6,50 Gb Paging File | 3,85 Gb Available in Paging File | 59,21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,18 Gb Total Space | 355,98 Gb Free Space | 72,92% Space Free | Partition Type: NTFS
Drive D: | 488,29 Gb Total Space | 301,14 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 261,46 Gb Free Space | 58,99% Space Free | Partition Type: NTFS
Drive F: | 443,23 Gb Total Space | 203,95 Gb Free Space | 46,01% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02877E15-8E51-426C-88F0-DD81E9E87D81}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | 
"{0B99A39D-E808-4DE1-BBFD-6E4B97E44B7C}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1423DDD4-3485-4663-BC83-7F801C855E40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26819F85-00A1-4F19-BEB4-2791024D21F0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2C2958C3-DBEE-4321-9595-F382518283B9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{32A4E211-6E2B-46C8-8C16-C2C071460652}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36B84E8C-6A22-4C55-9967-A4684B689C94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6516A48D-45D9-4966-B4D8-70531D2F30BA}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{75311F82-7CC5-422F-9170-9926606589F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{78810B26-A774-46F7-8BE3-656ABF79B8A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{949C39DE-E069-476A-AFA9-A91934D5A302}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A076EA47-4F55-44DE-9726-94F3953E6030}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A5291452-0262-4F2E-A437-175384FD606A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A732FBCA-2550-4DED-9119-0F31BAF0CD84}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADCB92D6-3382-4FAA-8467-83778D7673AE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{BA1893F7-93CC-44F5-AA5D-CCB7478F3C4A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{CCD7E1BF-0CDA-4F37-93DD-0A0D9DC6C036}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D7DEF4CA-6C84-4327-9B31-BF3E12C51A1C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE6C0782-DAC3-420C-895C-07DA5DBE3A65}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DF8575E5-744C-4B85-9C36-BB5E4ED034E5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{E89ADFEF-5E4E-4FC3-A9B5-B0319745000A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DDF14E-15C9-4F42-AAA1-CB6F9351EBC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{03E94794-DE9C-4A11-878F-D31262354308}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{041FBC00-D667-4AD6-9498-E1FB37626CBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{05DF3EB2-9719-4742-B3EA-C635FEE22B60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1DDF20D8-FD27-45DD-A89A-9EC7148F3BFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{298F6958-B855-49F6-9C97-9CECA62750C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{49B88E3E-5167-4BC8-ACF7-5F13BD4B430B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BB949DF-62FA-4356-85CF-B1622E9103D6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{525F8ECE-FF41-4867-870C-3C0333802BEF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{52B8EF40-0CC1-4165-980C-F78452CA0DE6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{5CF3C1EF-B19E-44D7-8573-52404656D529}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5ED389F8-A604-4CEB-B899-7FC4B536F181}" = protocol=6 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"{6BAC2045-6D0A-4ECC-B303-264ACAAF7DF4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{72D58C0E-359C-4CF3-BAD3-50105DFD289D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{74827A88-6081-4D16-9AD8-E6D37614C6AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{7869A60D-0AD2-42AB-93F2-151484CD1A62}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{7A523F85-CF58-4CAA-9B6C-42D65645FDD7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A38ECBAB-E4A3-4B1F-A3C2-C1A6F4FAB2EB}" = protocol=17 | dir=in | app=c:\program files\synology data replicator  3\backup.exe | 
"{A4ACBAC2-0750-4EAE-A90F-7B1498200AD1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A4DF07BE-28DC-4127-83E9-6A728AA82287}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C09C125C-54DC-440E-87BE-EC0AD5F81DDF}" = protocol=17 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe | 
"{D2E41FF7-0191-4CFE-9621-D6B79EE7E3BE}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{E8CEBF14-DFD5-41E4-B888-8EDF170670E6}" = protocol=6 | dir=in | app=c:\users\rolf\appdata\local\akamai\netsession_win.exe | 
"{EA6FF75C-9245-4856-B6EE-EB11C4DD8CBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA8F1BC7-B0EF-4388-A261-139AA18BC1BF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{ED7B1B0B-CD01-43B0-96C4-D30B56D3F8BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FB692E0A-328E-480B-BD04-81576DD4D90A}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"TCP Query User{056861EB-4361-4093-8627-53C3F78A0C1B}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=6 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe | 
"TCP Query User{2E54C178-783F-48D2-82E5-5FAAF3EA1DC2}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | 
"TCP Query User{2EE2837C-CD10-468A-BA59-B80D4B7BA196}D:\dreambox\dcc\dcc.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc.exe | 
"TCP Query User{3457EE4E-6111-4913-8FCD-8889899E492F}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"TCP Query User{4D5678B6-4FF3-4338-B6E4-C520D0EA7487}D:\dreambox\dcc\dcc_e2.exe" = protocol=6 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe | 
"TCP Query User{5A7566D5-4DE1-4CF8-BB4F-468A4D553FE0}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe | 
"TCP Query User{666AAA5B-6E67-4469-8B15-1A386E5FAF62}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{8303C8E7-0BD2-4823-ADFD-5ABCAA97E9B2}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=6 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe | 
"TCP Query User{8BC43F7A-AE64-4651-88D1-E04580FCC502}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=6 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe | 
"TCP Query User{931DCDC5-3F03-4EFE-807F-1493E856C7EF}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{BE8CC6F2-B8E8-4AC4-9ACF-31C9ECBF685B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{ECCB6C0B-EDE7-4AAB-BD00-3CA8D38737A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{364DB94D-8941-450F-B33A-F970319EB4CC}C:\program files\upspilot\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\upspilot\jre\bin\javaw.exe | 
"UDP Query User{36CE9A5E-6F42-497C-A941-48CCB68A7445}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | 
"UDP Query User{4206CFB5-A1EB-4997-9B72-1ABD0DA83515}C:\program files\magix\webradio_recorder_5\webradio.exe" = protocol=17 | dir=in | app=c:\program files\magix\webradio_recorder_5\webradio.exe | 
"UDP Query User{49BF68AF-4A0D-4E03-A6C4-9AC983BF9E9E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{5B51C7EB-5D5E-47B8-8A53-E004F1BF88A8}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | 
"UDP Query User{5D07362B-D12F-47CC-A7F8-875979B00DEE}C:\program files\bouquet editor suite\bouquet editor suite.exe" = protocol=17 | dir=in | app=c:\program files\bouquet editor suite\bouquet editor suite.exe | 
"UDP Query User{682E7FCC-AC97-4370-86A5-04B85D7BA67E}D:\dreambox\dcc\dcc.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc.exe | 
"UDP Query User{6E8E7AEB-F7ED-4CB2-B2B1-F2BE81E579E7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9FCFE8E8-D1D2-4075-AEFB-CDE39750EE94}D:\dreambox\dcc\dcc_e2.exe" = protocol=17 | dir=in | app=d:\dreambox\dcc\dcc_e2.exe | 
"UDP Query User{CDECF5AF-124B-45FE-9290-05C41987897D}C:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = protocol=17 | dir=in | app=c:\program files\ibm\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe | 
"UDP Query User{E49CD7FB-E60D-4A05-BEBB-43C9B8E02087}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{EFA02182-2BB6-4D4B-A70F-FD48B36DF4D7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02698606-3A21-489D-9D2A-75C9E8D3E5BD}" = Adobe Creative Suite 5 Design Premium
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = easycap video grabber
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FF55F91-4296-46D0-B045-1429CD46AF99}" = Adobe Setup
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1 
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz  InFocus
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DF6D752-00FB-4FE3-A3C6-7C09279A1031}" = Nero 8
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76B830B5-AFE2-498E-8A0E-0BB64B5EC87E}" = BOINC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A76CAF3-D7D8-45C0-9CCB-8AC1DDF38516}" = Magic Bullet PhotoLooks 32 bit
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
"{997AFE6A-F337-4A6A-8A99-2C32025E0BFF}" = Tunebite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}" = Lotus Notes 8.5.3 de
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B6F270-EEAD-4B5B-82ED-1EEE8CB5F273}" = StarMoney 8.0 
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7CA796BB949C28BF49AB1F5C63987DDCDB6198D2" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA  (01/29/2007 5.7.0129.0)
"7-Zip" = 7-Zip 9.07 beta
"83F59976468EB2453DAA02D2C182FC19F4ACFDA8" = Windows-Treiberpaket - eMPIA Technology (USB28xxBGA) Media  (01/16/2007 5.7.0116.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c7ed6c08f4acf68bf0512885eec384" = Adobe Fireworks CS3
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber Lame PlugIn" = Audiograbber Lame PlugIn 3.96 APS 
"Bouquet Editor Suite_is1" = Bouquet Editor Suite v1.2 Uninstall
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CD Bremse_is1" = CD Bremse 1.49
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CRT" = VanDyke Software CRT 5.0
"CursorFX" = CursorFX
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"dlanconf" = devolo dLAN-Konfigurationsassistent
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"dslmon" = devolo Informer
"DVD Shrink_is1" = DVD Shrink 3.1
"EOS Utility" = Canon Utilities EOS Utility
"EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall
"EPSON PX720WD Series Manual" = EPSON PX720WD Series Handbuch
"EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Netzwerk-Handbuch
"EPSON Scanner" = EPSON Scan
"Ext2Fsd_is1" = Ext2Fsd 0.51
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.6.0.2
"F-Recovery for CompactFlash" = F-Recovery for CompactFlash
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Free FLV Converter_is1" = Free FLV Converter V 6.9.0
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"iCare Data Recovery_is1" = iCare Data Recovery 4.5.3
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.0 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Check & Tuning 2010 D" = MAGIX PC Check & Tuning 2010 5.0.30.804 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus D" = MAGIX Video deluxe 16 Plus 9.0.0.54 (D)
"MAGIX Webradio Recorder 5 D" = MAGIX Webradio Recorder 5 5.0.0.326 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mediencenter Software" = Mediencenter Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"MyCamera" = Canon Utilities MyCamera
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netzmanager" = Netzmanager
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Photo! Web Album_is1" = Photo! Web Album 1.2
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SDR2" = Schlag den Raab - Das 2. Spiel
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"smartmontools" = smartmontools
"Spyder3Elite" = Spyder3Elite
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 7" = TeamViewer 7
"Topaz  InFocus" = Topaz  InFocus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.5
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-4
"Winpower" = Winpower
"winscp3_is1" = WinSCP 4.2.7
"XMedia Recode" = XMedia Recode 3.0.4.6
"YTdetect" = Yahoo! Detect
"ZapNotes" = ZapNotes
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Kies Air Discovery Service" = Kies Air Discovery Service
"QUICKMEDIACONVERTER" = QMC
"SugarSync" = SugarSync Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 14:00:16 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 02.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 16.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 23.12.2012 14:00:10 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 30.12.2012 14:00:11 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 03.01.2013 18:12:26 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0x6a4  Startzeit der fehlerhaften Anwendung: 0x01cde9b648600ce8  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: a760ef2e-55f2-11e2-b07b-90e6ba441b8d
 
Error - 04.01.2013 04:44:35 | Computer Name = XXX | Source = TabletServiceWacom | ID = 1
Description = 
 
Error - 06.01.2013 14:00:17 | Computer Name = XXX | Source = Windows Backup | ID = 4103
Description = 
 
Error - 08.01.2013 12:46:39 | Computer Name = XXX | Source = APC Data Service | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
 Verbindung mit dem Dienstcontroller herstellen
 
[ System Events ]
Error - 08.01.2013 12:36:37 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:34:58 unerwartet heruntergefahren.
 
Error - 08.01.2013 12:36:41 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 12:37:18 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Stromversorgung" wurde mit folgendem Fehler beendet:   %%4203
 
Error - 08.01.2013 12:45:10 | Computer Name = XXX | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?01.?2013 um 17:40:34 unerwartet heruntergefahren.
 
Error - 08.01.2013 12:45:15 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mediencenter Service erreicht.
 
Error - 08.01.2013 12:45:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mediencenter Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 08.01.2013 12:48:53 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 08.01.2013 12:49:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         

Alt 08.01.2013, 20:35   #5
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Hi bekomm ich noch ne Antwort auf meine Frage...?

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 21:20   #6
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Sorry - ich kenne weder diese URL, noch komm ich darauf, denn Kasperky sperrt zum Glück den Zugriff.
Wie ich beim suchen im Netz gelesen hab, hat jemand das exakt gleiche Problem, das bei ihm, genau wie bei mir, gestern auftritt und seit dem ziemlich lästig ist. Keine Ahnung, was für ein Plugin vom Firefox auf diese URL will. Ich habe z.B. keinerelei Extra-Proxies eingestellt.

Alt 08.01.2013, 23:34   #7
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 21:11   #8
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Das Proggi hat nix besonderes gefunden - hier das Logfile:
Code:
ATTFilter
21:08:22.0985 6076  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:08:23.0216 6076  ============================================================
21:08:23.0216 6076  Current date / time: 2013/01/09 21:08:23.0216
21:08:23.0216 6076  SystemInfo:
21:08:23.0216 6076  
21:08:23.0216 6076  OS Version: 6.1.7601 ServicePack: 1.0
21:08:23.0216 6076  Product type: Workstation
21:08:23.0216 6076  ComputerName: ROLF-PC
21:08:23.0216 6076  UserName: Rolf
21:08:23.0216 6076  Windows directory: C:\Windows
21:08:23.0216 6076  System windows directory: C:\Windows
21:08:23.0216 6076  Processor architecture: Intel x86
21:08:23.0216 6076  Number of processors: 4
21:08:23.0216 6076  Page size: 0x1000
21:08:23.0216 6076  Boot type: Normal boot
21:08:23.0216 6076  ============================================================
21:08:24.0716 6076  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0xFC58B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000050
21:08:24.0729 6076  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:08:24.0784 6076  ============================================================
21:08:24.0784 6076  \Device\Harddisk1\DR1:
21:08:24.0784 6076  MBR partitions:
21:08:24.0784 6076  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:08:24.0784 6076  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05E000
21:08:24.0784 6076  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675800
21:08:24.0784 6076  \Device\Harddisk0\DR0:
21:08:24.0784 6076  MBR partitions:
21:08:24.0784 6076  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D093B3F
21:08:24.0784 6076  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D093B7E, BlocksNum 0x37671E43
21:08:24.0784 6076  ============================================================
21:08:24.0844 6076  C: <-> \Device\Harddisk1\DR1\Partition2
21:08:24.0855 6076  D: <-> \Device\Harddisk0\DR0\Partition1
21:08:24.0890 6076  E: <-> \Device\Harddisk0\DR0\Partition2
21:08:24.0976 6076  F: <-> \Device\Harddisk1\DR1\Partition3
21:08:24.0976 6076  ============================================================
21:08:24.0976 6076  Initialize success
21:08:24.0976 6076  ============================================================
21:08:42.0190 2264  ============================================================
21:08:42.0190 2264  Scan started
21:08:42.0190 2264  Mode: Manual; SigCheck; TDLFS; 
21:08:42.0190 2264  ============================================================
21:08:44.0055 2264  ================ Scan system memory ========================
21:08:44.0055 2264  System memory - ok
21:08:44.0055 2264  ================ Scan services =============================
21:08:44.0196 2264  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:08:44.0275 2264  1394ohci - ok
21:08:44.0301 2264  [ BEB5E6A8C17C3C7485563281E0F9E77E ] 61883           C:\Windows\system32\DRIVERS\61883.sys
21:08:44.0355 2264  61883 - ok
21:08:44.0441 2264  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:08:44.0472 2264  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:08:44.0511 2264  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:08:44.0525 2264  ACPI - ok
21:08:44.0551 2264  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:08:44.0604 2264  AcpiPmi - ok
21:08:44.0607 2264  adfs - ok
21:08:44.0645 2264  [ 23F78687CBF3972704650A799420BFA8 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:08:44.0709 2264  ADIHdAudAddService - ok
21:08:44.0801 2264  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:08:44.0816 2264  AdobeARMservice - ok
21:08:44.0905 2264  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:08:44.0920 2264  AdobeFlashPlayerUpdateSvc - ok
21:08:44.0952 2264  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:08:44.0980 2264  adp94xx - ok
21:08:44.0997 2264  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:08:45.0015 2264  adpahci - ok
21:08:45.0031 2264  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:08:45.0045 2264  adpu320 - ok
21:08:45.0057 2264  [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
21:08:45.0077 2264  AEADIFilters - ok
21:08:45.0101 2264  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:08:45.0152 2264  AeLookupSvc - ok
21:08:45.0202 2264  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:08:45.0265 2264  AFD - ok
21:08:45.0310 2264  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:08:45.0326 2264  agp440 - ok
21:08:45.0359 2264  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:08:45.0375 2264  aic78xx - ok
21:08:45.0592 2264  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files\common files\akamai/netsession_win_ce5ba24.dll
21:08:45.0592 2264  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
21:08:45.0601 2264  Akamai ( HiddenFile.Multi.Generic ) - warning
21:08:45.0601 2264  Akamai - detected HiddenFile.Multi.Generic (1)
21:08:45.0630 2264  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:08:45.0702 2264  ALG - ok
21:08:45.0735 2264  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:08:45.0760 2264  aliide - ok
21:08:45.0894 2264  ALSysIO - ok
21:08:45.0911 2264  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:08:45.0930 2264  amdagp - ok
21:08:45.0961 2264  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:08:45.0977 2264  amdide - ok
21:08:46.0010 2264  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:08:46.0055 2264  AmdK8 - ok
21:08:46.0069 2264  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:08:46.0095 2264  AmdPPM - ok
21:08:46.0116 2264  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:08:46.0130 2264  amdsata - ok
21:08:46.0142 2264  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:08:46.0157 2264  amdsbs - ok
21:08:46.0170 2264  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:08:46.0182 2264  amdxata - ok
21:08:46.0237 2264  [ 107AB19CC1D40B9D04537F6EEAAC34C9 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
21:08:46.0247 2264  APC Data Service - ok
21:08:46.0306 2264  [ C7F8C8080B055B3DE9A8141DFD8E308A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
21:08:46.0327 2264  APC UPS Service - ok
21:08:46.0355 2264  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:08:46.0426 2264  AppID - ok
21:08:46.0451 2264  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:08:46.0507 2264  AppIDSvc - ok
21:08:46.0526 2264  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:08:46.0570 2264  Appinfo - ok
21:08:46.0630 2264  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:08:46.0649 2264  Apple Mobile Device - ok
21:08:46.0671 2264  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:08:46.0689 2264  arc - ok
21:08:46.0712 2264  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:08:46.0730 2264  arcsas - ok
21:08:46.0744 2264  [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO            C:\Windows\system32\drivers\AsIO.sys
21:08:46.0760 2264  AsIO - ok
21:08:46.0781 2264  [ E781164C7D47950E3D218C84B2901CB2 ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
21:08:46.0802 2264  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
21:08:46.0802 2264  AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
21:08:46.0817 2264  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:46.0905 2264  AsyncMac - ok
21:08:46.0946 2264  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:08:46.0961 2264  atapi - ok
21:08:47.0065 2264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:08:47.0177 2264  AudioEndpointBuilder - ok
21:08:47.0204 2264  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:08:47.0227 2264  Audiosrv - ok
21:08:47.0255 2264  [ C44BDD77E06053CF5AFE046F3A47C16B ] Avc             C:\Windows\system32\DRIVERS\avc.sys
21:08:47.0282 2264  Avc - ok
21:08:47.0352 2264  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
21:08:47.0366 2264  AVP - ok
21:08:47.0404 2264  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:08:47.0464 2264  AxInstSV - ok
21:08:47.0521 2264  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:08:47.0581 2264  b06bdrv - ok
21:08:47.0604 2264  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:08:47.0625 2264  b57nd60x - ok
21:08:47.0675 2264  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:08:47.0722 2264  BDESVC - ok
21:08:47.0731 2264  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:08:47.0762 2264  Beep - ok
21:08:47.0796 2264  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:08:47.0831 2264  BFE - ok
21:08:47.0872 2264  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:08:47.0916 2264  BITS - ok
21:08:47.0937 2264  [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial      C:\Windows\system32\drivers\bizVSerialNT.sys
21:08:47.0956 2264  bizVSerial ( UnsignedFile.Multi.Generic ) - warning
21:08:47.0956 2264  bizVSerial - detected UnsignedFile.Multi.Generic (1)
21:08:47.0980 2264  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:08:48.0001 2264  blbdrive - ok
21:08:48.0052 2264  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:08:48.0067 2264  Bonjour Service - ok
21:08:48.0094 2264  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:08:48.0119 2264  bowser - ok
21:08:48.0136 2264  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:08:48.0169 2264  BrFiltLo - ok
21:08:48.0187 2264  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:08:48.0227 2264  BrFiltUp - ok
21:08:48.0257 2264  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:08:48.0286 2264  Browser - ok
21:08:48.0305 2264  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:08:48.0335 2264  Brserid - ok
21:08:48.0349 2264  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:48.0384 2264  BrSerWdm - ok
21:08:48.0395 2264  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:48.0426 2264  BrUsbMdm - ok
21:08:48.0450 2264  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:48.0485 2264  BrUsbSer - ok
21:08:48.0499 2264  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:08:48.0532 2264  BTHMODEM - ok
21:08:48.0557 2264  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:08:48.0602 2264  bthserv - ok
21:08:48.0640 2264  [ C4A3AF25CA352B22046033A0088C1563 ] busenum         C:\Windows\system32\DRIVERS\busenum.sys
21:08:48.0655 2264  busenum - ok
21:08:48.0715 2264  [ AFAB1D4CAB04218CBAB0AE69625D0D65 ] cbfs3           C:\Windows\system32\drivers\cbfs3.sys
21:08:48.0735 2264  cbfs3 - ok
21:08:48.0740 2264  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:08:48.0785 2264  cdfs - ok
21:08:48.0815 2264  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:08:48.0849 2264  cdrom - ok
21:08:48.0881 2264  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:08:48.0934 2264  CertPropSvc - ok
21:08:48.0950 2264  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:08:48.0970 2264  circlass - ok
21:08:49.0001 2264  [ BDF4915D53BDEF80738A30AC3F7CDC76 ] cjpcsc          C:\Windows\system32\cjpcsc.exe
21:08:49.0021 2264  cjpcsc - ok
21:08:49.0056 2264  [ 997CBCE9E5DCFD9216452F609AE74B18 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
21:08:49.0067 2264  cjusb - ok
21:08:49.0090 2264  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:08:49.0110 2264  CLFS - ok
21:08:49.0169 2264  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:08:49.0185 2264  clr_optimization_v2.0.50727_32 - ok
21:08:49.0277 2264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:08:49.0306 2264  clr_optimization_v4.0.30319_32 - ok
21:08:49.0311 2264  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:08:49.0329 2264  CmBatt - ok
21:08:49.0356 2264  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:08:49.0369 2264  cmdide - ok
21:08:49.0419 2264  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:08:49.0454 2264  CNG - ok
21:08:49.0489 2264  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:08:49.0504 2264  Compbatt - ok
21:08:49.0539 2264  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:08:49.0574 2264  CompositeBus - ok
21:08:49.0577 2264  COMSysApp - ok
21:08:49.0679 2264  cpuz132 - ok
21:08:49.0725 2264  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:08:49.0741 2264  crcdisk - ok
21:08:49.0779 2264  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:08:49.0825 2264  CryptSvc - ok
21:08:49.0857 2264  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
21:08:49.0880 2264  CVirtA - ok
21:08:49.0955 2264  [ 98B1B70E250EBCA7B7A0A56AD2A7E62F ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:08:49.0994 2264  CVPND - ok
21:08:50.0015 2264  [ 465CED77E7C4F9D71B81BA600EDAFAC1 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:08:50.0024 2264  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:08:50.0024 2264  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:08:50.0056 2264  [ C6644D1A70C050FDD7ECBE8C3AC05313 ] cvspydr2        C:\Windows\system32\DRIVERS\cvspydr2.sys
21:08:50.0097 2264  cvspydr2 - ok
21:08:50.0156 2264  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:08:50.0204 2264  DcomLaunch - ok
21:08:50.0241 2264  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:08:50.0285 2264  defragsvc - ok
21:08:50.0314 2264  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:08:50.0337 2264  DfsC - ok
21:08:50.0382 2264  [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
21:08:50.0400 2264  dg_ssudbus - ok
21:08:50.0415 2264  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:08:50.0465 2264  Dhcp - ok
21:08:50.0511 2264  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:08:50.0557 2264  discache - ok
21:08:50.0580 2264  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:08:50.0591 2264  Disk - ok
21:08:50.0597 2264  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
21:08:50.0607 2264  DNE - ok
21:08:50.0644 2264  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:08:50.0657 2264  Dnscache - ok
21:08:50.0697 2264  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:08:50.0755 2264  dot3svc - ok
21:08:50.0787 2264  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:08:50.0831 2264  DPS - ok
21:08:50.0864 2264  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:08:50.0895 2264  drmkaud - ok
21:08:50.0936 2264  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:08:50.0959 2264  DXGKrnl - ok
21:08:50.0978 2264  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:08:51.0015 2264  EapHost - ok
21:08:51.0085 2264  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:08:51.0156 2264  ebdrv - ok
21:08:51.0178 2264  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:08:51.0208 2264  EFS - ok
21:08:51.0274 2264  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:08:51.0300 2264  ehRecvr - ok
21:08:51.0323 2264  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:08:51.0345 2264  ehSched - ok
21:08:51.0386 2264  [ 309AC30471A0F1C3A89DEE1C81230576 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
21:08:51.0398 2264  ElbyCDIO - ok
21:08:51.0424 2264  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:08:51.0443 2264  elxstor - ok
21:08:51.0468 2264  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:08:51.0504 2264  ErrDev - ok
21:08:51.0545 2264  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:08:51.0608 2264  EventSystem - ok
21:08:51.0634 2264  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:08:51.0688 2264  exfat - ok
21:08:51.0714 2264  Ext2Fsd - ok
21:08:51.0760 2264  Fabs - ok
21:08:51.0796 2264  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:08:51.0829 2264  fastfat - ok
21:08:51.0900 2264  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:08:51.0924 2264  Fax - ok
21:08:51.0939 2264  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:08:51.0954 2264  fdc - ok
21:08:51.0973 2264  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:08:52.0015 2264  fdPHost - ok
21:08:52.0031 2264  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:08:52.0089 2264  FDResPub - ok
21:08:52.0115 2264  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:08:52.0129 2264  FileInfo - ok
21:08:52.0136 2264  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:08:52.0169 2264  Filetrace - ok
21:08:52.0366 2264  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:08:52.0426 2264  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:08:52.0426 2264  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:08:52.0455 2264  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:08:52.0474 2264  FLEXnet Licensing Service - ok
21:08:52.0486 2264  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:08:52.0511 2264  flpydisk - ok
21:08:52.0540 2264  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:08:52.0554 2264  FltMgr - ok
21:08:52.0593 2264  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:08:52.0631 2264  FontCache - ok
21:08:52.0734 2264  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:08:52.0751 2264  FontCache3.0.0.0 - ok
21:08:52.0784 2264  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:08:52.0800 2264  FsDepends - ok
21:08:52.0828 2264  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:08:52.0845 2264  Fs_Rec - ok
21:08:52.0883 2264  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:08:52.0904 2264  fvevol - ok
21:08:52.0923 2264  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:08:52.0940 2264  gagp30kx - ok
21:08:52.0986 2264  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:08:52.0999 2264  GEARAspiWDM - ok
21:08:53.0035 2264  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:08:53.0080 2264  gpsvc - ok
21:08:53.0148 2264  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:08:53.0163 2264  gupdate - ok
21:08:53.0176 2264  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:08:53.0190 2264  gupdatem - ok
21:08:53.0206 2264  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:08:53.0259 2264  hcw85cir - ok
21:08:53.0291 2264  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:08:53.0333 2264  HdAudAddService - ok
21:08:53.0359 2264  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:08:53.0384 2264  HDAudBus - ok
21:08:53.0410 2264  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:08:53.0436 2264  HidBatt - ok
21:08:53.0455 2264  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:08:53.0491 2264  HidBth - ok
21:08:53.0509 2264  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:08:53.0536 2264  HidIr - ok
21:08:53.0565 2264  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:08:53.0603 2264  hidserv - ok
21:08:53.0621 2264  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:08:53.0638 2264  HidUsb - ok
21:08:53.0676 2264  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:08:53.0736 2264  hkmsvc - ok
21:08:53.0768 2264  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:08:53.0790 2264  HomeGroupListener - ok
21:08:53.0829 2264  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:08:53.0860 2264  HomeGroupProvider - ok
21:08:53.0888 2264  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:08:53.0903 2264  HpSAMD - ok
21:08:53.0943 2264  [ C3B270B2CFF40BE343AFE5052B3AF559 ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:08:53.0995 2264  HTCAND32 - ok
21:08:54.0043 2264  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:08:54.0076 2264  HTTP - ok
21:08:54.0080 2264  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:08:54.0091 2264  hwpolicy - ok
21:08:54.0121 2264  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:08:54.0150 2264  i8042prt - ok
21:08:54.0188 2264  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:08:54.0211 2264  iaStorV - ok
21:08:54.0263 2264  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:08:54.0294 2264  idsvc - ok
21:08:54.0326 2264  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:08:54.0341 2264  iirsp - ok
21:08:54.0368 2264  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:08:54.0430 2264  IKEEXT - ok
21:08:54.0461 2264  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:08:54.0481 2264  intelide - ok
21:08:54.0501 2264  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:08:54.0523 2264  intelppm - ok
21:08:54.0549 2264  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:08:54.0586 2264  IPBusEnum - ok
21:08:54.0601 2264  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:08:54.0638 2264  IpFilterDriver - ok
21:08:54.0681 2264  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:08:54.0731 2264  iphlpsvc - ok
21:08:54.0750 2264  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:08:54.0769 2264  IPMIDRV - ok
21:08:54.0781 2264  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:08:54.0826 2264  IPNAT - ok
21:08:54.0866 2264  [ CA9D4B998BFF311A539604ED87318FA0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:08:54.0894 2264  iPod Service - ok
21:08:54.0918 2264  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:08:54.0935 2264  IRENUM - ok
21:08:54.0951 2264  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:08:54.0975 2264  isapnp - ok
21:08:55.0009 2264  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:08:55.0028 2264  iScsiPrt - ok
21:08:55.0069 2264  [ 994EBB45C4B438E1F6EA0B958AE9B9A3 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
21:08:55.0085 2264  ivusb - ok
21:08:55.0096 2264  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:08:55.0108 2264  kbdclass - ok
21:08:55.0134 2264  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:08:55.0164 2264  kbdhid - ok
21:08:55.0185 2264  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:08:55.0199 2264  KeyIso - ok
21:08:55.0228 2264  [ EA26CB00F83686856F2C79673C00C686 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
21:08:55.0241 2264  kl1 - ok
21:08:55.0305 2264  [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
21:08:55.0330 2264  KLIF - ok
21:08:55.0414 2264  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
21:08:55.0425 2264  KLIM6 - ok
21:08:55.0453 2264  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
21:08:55.0465 2264  klkbdflt - ok
21:08:55.0479 2264  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
21:08:55.0504 2264  klmouflt - ok
21:08:55.0545 2264  [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
21:08:55.0559 2264  kltdi - ok
21:08:55.0596 2264  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
21:08:55.0611 2264  kneps - ok
21:08:55.0649 2264  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:08:55.0665 2264  KSecDD - ok
21:08:55.0711 2264  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:08:55.0729 2264  KSecPkg - ok
21:08:55.0758 2264  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:08:55.0811 2264  KtmRm - ok
21:08:55.0836 2264  [ 0C6E346CDE730CF1356DD69AD6E9BC42 ] L8042Kbd        C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:08:55.0846 2264  L8042Kbd - ok
21:08:55.0861 2264  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:08:55.0903 2264  LanmanServer - ok
21:08:55.0931 2264  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:08:55.0969 2264  LanmanWorkstation - ok
21:08:56.0001 2264  [ 03976C309EDE05D39017C05B817CD94F ] LHidFlt2        C:\Windows\system32\DRIVERS\LHidFlt2.Sys
21:08:56.0030 2264  LHidFlt2 - ok
21:08:56.0040 2264  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:08:56.0066 2264  lltdio - ok
21:08:56.0084 2264  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:08:56.0123 2264  lltdsvc - ok
21:08:56.0141 2264  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:08:56.0171 2264  lmhosts - ok
21:08:56.0195 2264  [ 26407519FCA64EC4091FE1F815B4AFC4 ] LMouFlt2        C:\Windows\system32\DRIVERS\LMouFlt2.Sys
21:08:56.0224 2264  LMouFlt2 - ok
21:08:56.0311 2264  [ 2098AF12149789FA6608422C8796F77C ] LNSUSvc         C:\Program Files\IBM\Lotus\Notes\SUService.exe
21:08:56.0365 2264  LNSUSvc - ok
21:08:56.0548 2264  [ E4FA829273FDF5BD20FC9804FD5F9C20 ] Lotus Notes Diagnostics C:\Program Files\IBM\Lotus\Notes\nsd.exe
21:08:56.0616 2264  Lotus Notes Diagnostics - ok
21:08:56.0643 2264  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:08:56.0656 2264  LSI_FC - ok
21:08:56.0688 2264  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:08:56.0709 2264  LSI_SAS - ok
21:08:56.0723 2264  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:08:56.0735 2264  LSI_SAS2 - ok
21:08:56.0739 2264  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:08:56.0753 2264  LSI_SCSI - ok
21:08:56.0775 2264  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:08:56.0799 2264  luafv - ok
21:08:56.0886 2264  [ FA4A4270B22B8E16FBAE59DC03C38D6F ] MCSWASVR        C:\Program Files\Telekom\Mediencenter\WebDAV.AdminService.exe
21:08:56.0913 2264  MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
21:08:56.0913 2264  MCSWASVR - detected UnsignedFile.Multi.Generic (1)
21:08:56.0940 2264  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:08:56.0961 2264  Mcx2Svc - ok
21:08:56.0971 2264  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:08:56.0986 2264  megasas - ok
21:08:57.0000 2264  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:08:57.0015 2264  MegaSR - ok
21:08:57.0035 2264  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:08:57.0060 2264  MMCSS - ok
21:08:57.0071 2264  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:08:57.0095 2264  Modem - ok
21:08:57.0111 2264  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:08:57.0134 2264  monitor - ok
21:08:57.0156 2264  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:08:57.0168 2264  mouclass - ok
21:08:57.0176 2264  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:08:57.0200 2264  mouhid - ok
21:08:57.0224 2264  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:08:57.0235 2264  mountmgr - ok
21:08:57.0323 2264  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:08:57.0340 2264  MozillaMaintenance - ok
21:08:57.0385 2264  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:08:57.0418 2264  mpio - ok
21:08:57.0441 2264  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:08:57.0526 2264  mpsdrv - ok
21:08:57.0609 2264  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:08:57.0788 2264  MpsSvc - ok
21:08:57.0830 2264  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:08:57.0878 2264  MRxDAV - ok
21:08:57.0919 2264  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:08:57.0949 2264  mrxsmb - ok
21:08:57.0990 2264  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:08:58.0024 2264  mrxsmb10 - ok
21:08:58.0049 2264  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:08:58.0081 2264  mrxsmb20 - ok
21:08:58.0103 2264  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:08:58.0119 2264  msahci - ok
21:08:58.0144 2264  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:08:58.0161 2264  msdsm - ok
21:08:58.0179 2264  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:08:58.0196 2264  MSDTC - ok
21:08:58.0226 2264  [ 114B67C324D64C8195FD3BF93B4DF02A ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
21:08:58.0258 2264  MSDV - ok
21:08:58.0284 2264  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:08:58.0306 2264  Msfs - ok
21:08:58.0310 2264  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:08:58.0334 2264  mshidkmdf - ok
21:08:58.0356 2264  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:08:58.0366 2264  msisadrv - ok
21:08:58.0395 2264  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:08:58.0431 2264  MSiSCSI - ok
21:08:58.0436 2264  msiserver - ok
21:08:58.0459 2264  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:08:58.0496 2264  MSKSSRV - ok
21:08:58.0513 2264  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:08:58.0536 2264  MSPCLOCK - ok
21:08:58.0540 2264  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:08:58.0573 2264  MSPQM - ok
21:08:58.0596 2264  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:08:58.0610 2264  MsRPC - ok
21:08:58.0623 2264  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:08:58.0634 2264  mssmbios - ok
21:08:58.0660 2264  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:08:58.0684 2264  MSTEE - ok
21:08:58.0688 2264  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:08:58.0710 2264  MTConfig - ok
21:08:58.0734 2264  [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
21:08:58.0786 2264  MTsensor - ok
21:08:58.0798 2264  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:08:58.0814 2264  Mup - ok
21:08:58.0831 2264  [ AA8CB9E508E9F193177D977859CC735C ] mv61xx          C:\Windows\system32\DRIVERS\mv61xx.sys
21:08:58.0846 2264  mv61xx - ok
21:08:58.0890 2264  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:08:58.0944 2264  napagent - ok
21:08:58.0986 2264  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:08:59.0011 2264  NativeWifiP - ok
21:08:59.0059 2264  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:08:59.0088 2264  NDIS - ok
21:08:59.0100 2264  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:08:59.0143 2264  NdisCap - ok
21:08:59.0156 2264  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:08:59.0193 2264  NdisTapi - ok
21:08:59.0221 2264  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:08:59.0271 2264  Ndisuio - ok
21:08:59.0313 2264  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:08:59.0353 2264  NdisWan - ok
21:08:59.0385 2264  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:08:59.0418 2264  NDProxy - ok
21:08:59.0510 2264  [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:08:59.0541 2264  Nero BackItUp Scheduler 3 - ok
21:08:59.0559 2264  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:08:59.0604 2264  NetBIOS - ok
21:08:59.0641 2264  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:08:59.0710 2264  NetBT - ok
21:08:59.0723 2264  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:08:59.0735 2264  Netlogon - ok
21:08:59.0756 2264  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:08:59.0795 2264  Netman - ok
21:08:59.0834 2264  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:08:59.0883 2264  netprofm - ok
21:08:59.0915 2264  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
21:08:59.0945 2264  netr28u - ok
21:08:59.0963 2264  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:08:59.0974 2264  NetTcpPortSharing - ok
21:09:00.0046 2264  [ 450D0D2062C54DDA23583A78C0EB63D9 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
21:09:00.0054 2264  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
21:09:00.0054 2264  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
21:09:00.0068 2264  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:09:00.0085 2264  nfrd960 - ok
21:09:00.0128 2264  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:09:00.0165 2264  NlaSvc - ok
21:09:00.0225 2264  [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:09:00.0243 2264  NMIndexingService - ok
21:09:00.0256 2264  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:09:00.0281 2264  Npfs - ok
21:09:00.0333 2264  [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo      C:\Windows\system32\drivers\npf_devolo.sys
21:09:00.0351 2264  NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
21:09:00.0351 2264  NPF_devolo - detected UnsignedFile.Multi.Generic (1)
21:09:00.0385 2264  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:09:00.0411 2264  nsi - ok
21:09:00.0434 2264  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:09:00.0458 2264  nsiproxy - ok
21:09:00.0551 2264  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:09:00.0605 2264  Ntfs - ok
21:09:00.0625 2264  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:09:00.0666 2264  Null - ok
21:09:00.0900 2264  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:01.0101 2264  nvlddmkm - ok
21:09:01.0136 2264  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:09:01.0150 2264  nvraid - ok
21:09:01.0178 2264  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:09:01.0193 2264  nvstor - ok
21:09:01.0234 2264  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:09:01.0259 2264  nvsvc - ok
21:09:01.0344 2264  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:09:01.0380 2264  nvUpdatusService - ok
21:09:01.0406 2264  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:09:01.0420 2264  nv_agp - ok
21:09:01.0444 2264  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:09:01.0471 2264  ohci1394 - ok
21:09:01.0515 2264  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:09:01.0565 2264  p2pimsvc - ok
21:09:01.0583 2264  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:09:01.0605 2264  p2psvc - ok
21:09:01.0628 2264  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:09:01.0666 2264  Parport - ok
21:09:01.0700 2264  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:09:01.0716 2264  partmgr - ok
21:09:01.0754 2264  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:09:01.0786 2264  Parvdm - ok
21:09:01.0816 2264  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:09:01.0849 2264  PcaSvc - ok
21:09:01.0883 2264  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:09:01.0900 2264  pci - ok
21:09:01.0911 2264  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:09:01.0925 2264  pciide - ok
21:09:01.0948 2264  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:09:01.0966 2264  pcmcia - ok
21:09:01.0984 2264  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:09:01.0999 2264  pcw - ok
21:09:02.0019 2264  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:09:02.0055 2264  PEAUTH - ok
21:09:02.0128 2264  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:09:02.0198 2264  pla - ok
21:09:02.0238 2264  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:09:02.0269 2264  PlugPlay - ok
21:09:02.0376 2264  [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
21:09:02.0413 2264  PMBDeviceInfoProvider - ok
21:09:02.0439 2264  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:09:02.0454 2264  PNRPAutoReg - ok
21:09:02.0461 2264  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:09:02.0479 2264  PNRPsvc - ok
21:09:02.0498 2264  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:09:02.0535 2264  PolicyAgent - ok
21:09:02.0566 2264  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:09:02.0591 2264  Power - ok
21:09:02.0608 2264  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:09:02.0646 2264  PptpMiniport - ok
21:09:02.0668 2264  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:09:02.0699 2264  Processor - ok
21:09:02.0734 2264  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:09:02.0771 2264  ProfSvc - ok
21:09:02.0785 2264  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:02.0804 2264  ProtectedStorage - ok
21:09:02.0870 2264  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:09:02.0903 2264  Psched - ok
21:09:02.0950 2264  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
21:09:02.0964 2264  PSI - ok
21:09:02.0994 2264  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:09:03.0006 2264  PxHelp20 - ok
21:09:03.0055 2264  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:09:03.0125 2264  ql2300 - ok
21:09:03.0143 2264  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:09:03.0155 2264  ql40xx - ok
21:09:03.0178 2264  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:09:03.0205 2264  QWAVE - ok
21:09:03.0230 2264  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:09:03.0245 2264  QWAVEdrv - ok
21:09:03.0280 2264  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:09:03.0313 2264  RasAcd - ok
21:09:03.0335 2264  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:03.0375 2264  RasAgileVpn - ok
21:09:03.0395 2264  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:09:03.0421 2264  RasAuto - ok
21:09:03.0434 2264  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:03.0468 2264  Rasl2tp - ok
21:09:03.0483 2264  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:09:03.0521 2264  RasMan - ok
21:09:03.0549 2264  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:03.0594 2264  RasPppoe - ok
21:09:03.0609 2264  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:09:03.0649 2264  RasSstp - ok
21:09:03.0680 2264  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:09:03.0716 2264  rdbss - ok
21:09:03.0731 2264  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:03.0746 2264  rdpbus - ok
21:09:03.0776 2264  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:03.0818 2264  RDPCDD - ok
21:09:03.0826 2264  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:09:03.0854 2264  RDPENCDD - ok
21:09:03.0878 2264  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:09:03.0913 2264  RDPREFMP - ok
21:09:03.0943 2264  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:09:03.0973 2264  RDPWD - ok
21:09:04.0009 2264  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:09:04.0023 2264  rdyboost - ok
21:09:04.0069 2264  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:09:04.0111 2264  RemoteAccess - ok
21:09:04.0130 2264  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:09:04.0163 2264  RemoteRegistry - ok
21:09:04.0188 2264  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:09:04.0218 2264  RpcEptMapper - ok
21:09:04.0241 2264  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:09:04.0256 2264  RpcLocator - ok
21:09:04.0289 2264  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:09:04.0335 2264  RpcSs - ok
21:09:04.0376 2264  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:09:04.0418 2264  rspndr - ok
21:09:04.0468 2264  [ 318F4F327190B2AEE7AAE9CAFD19BB19 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
21:09:04.0509 2264  RTL8187B - ok
21:09:04.0524 2264  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:09:04.0540 2264  SamSs - ok
21:09:04.0588 2264  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:09:04.0605 2264  sbp2port - ok
21:09:04.0626 2264  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:09:04.0665 2264  SCardSvr - ok
21:09:04.0693 2264  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:09:04.0716 2264  scfilter - ok
21:09:04.0760 2264  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:09:04.0818 2264  Schedule - ok
21:09:04.0844 2264  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:09:04.0870 2264  SCPolicySvc - ok
21:09:04.0910 2264  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:09:04.0924 2264  SDRSVC - ok
21:09:04.0950 2264  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:09:04.0985 2264  secdrv - ok
21:09:05.0008 2264  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:09:05.0054 2264  seclogon - ok
21:09:05.0135 2264  [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:09:05.0163 2264  Secunia PSI Agent - ok
21:09:05.0185 2264  [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:09:05.0203 2264  Secunia Update Agent - ok
21:09:05.0225 2264  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:09:05.0266 2264  SENS - ok
21:09:05.0300 2264  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:09:05.0339 2264  SensrSvc - ok
21:09:05.0359 2264  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:09:05.0385 2264  Serenum - ok
21:09:05.0406 2264  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:09:05.0439 2264  Serial - ok
21:09:05.0465 2264  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:09:05.0490 2264  sermouse - ok
21:09:05.0529 2264  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:09:05.0568 2264  SessionEnv - ok
21:09:05.0596 2264  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:09:05.0634 2264  sffdisk - ok
21:09:05.0650 2264  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:09:05.0674 2264  sffp_mmc - ok
21:09:05.0695 2264  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:09:05.0713 2264  sffp_sd - ok
21:09:05.0723 2264  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:09:05.0771 2264  sfloppy - ok
21:09:05.0824 2264  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:09:05.0884 2264  SharedAccess - ok
21:09:05.0933 2264  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:05.0969 2264  ShellHWDetection - ok
21:09:06.0006 2264  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:09:06.0025 2264  sisagp - ok
21:09:06.0054 2264  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:09:06.0071 2264  SiSRaid2 - ok
21:09:06.0086 2264  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:09:06.0103 2264  SiSRaid4 - ok
21:09:06.0120 2264  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:09:06.0153 2264  Smb - ok
21:09:06.0183 2264  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:09:06.0198 2264  SNMPTRAP - ok
21:09:06.0210 2264  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:09:06.0221 2264  spldr - ok
21:09:06.0271 2264  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:09:06.0316 2264  Spooler - ok
21:09:06.0386 2264  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:09:06.0464 2264  sppsvc - ok
21:09:06.0499 2264  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:09:06.0531 2264  sppuinotify - ok
21:09:06.0584 2264  [ 1C63FE706AB797BC3C24813FF969B4DE ] Spyder3         C:\Windows\system32\DRIVERS\Spyder3.sys
21:09:06.0606 2264  Spyder3 - ok
21:09:06.0641 2264  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:09:06.0664 2264  srv - ok
21:09:06.0686 2264  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:09:06.0719 2264  srv2 - ok
21:09:06.0741 2264  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:09:06.0770 2264  srvnet - ok
21:09:06.0798 2264  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:09:06.0838 2264  SSDPSRV - ok
21:09:06.0863 2264  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:09:06.0905 2264  SstpSvc - ok
21:09:06.0946 2264  [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
21:09:06.0959 2264  ssudmdm - ok
21:09:07.0089 2264  [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
21:09:07.0114 2264  StarMoney 8.0 OnlineUpdate - ok
21:09:07.0179 2264  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:09:07.0198 2264  Stereo Service - ok
21:09:07.0213 2264  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:09:07.0225 2264  stexstor - ok
21:09:07.0263 2264  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:09:07.0295 2264  StiSvc - ok
21:09:07.0324 2264  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:09:07.0335 2264  swenum - ok
21:09:07.0457 2264  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:09:07.0488 2264  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:09:07.0488 2264  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:09:07.0522 2264  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:09:07.0562 2264  swprv - ok
21:09:07.0663 2264  [ CF01636A8753AF8C6B81F49A3404AA5D ] SynoDrService   C:\Program Files\Synology Data Replicator  3\SynoDrService.exe
21:09:07.0670 2264  SynoDrService ( UnsignedFile.Multi.Generic ) - warning
21:09:07.0670 2264  SynoDrService - detected UnsignedFile.Multi.Generic (1)
21:09:07.0755 2264  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:09:07.0797 2264  SysMain - ok
21:09:07.0848 2264  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:07.0872 2264  TabletInputService - ok
21:09:08.0269 2264  [ EA37613DA7360048291A5C1BE77DC0A9 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
21:09:08.0355 2264  TabletServiceWacom - ok
21:09:08.0393 2264  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:09:08.0418 2264  TapiSrv - ok
21:09:08.0447 2264  [ 77BD6143C6DCE0A1BF7B5571BED860DC ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
21:09:08.0457 2264  tbhsd - ok
21:09:08.0489 2264  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:09:08.0522 2264  TBS - ok
21:09:08.0569 2264  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:09:08.0612 2264  Tcpip - ok
21:09:08.0644 2264  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:09:08.0669 2264  TCPIP6 - ok
21:09:08.0690 2264  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:09:08.0703 2264  tcpipreg - ok
21:09:08.0735 2264  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:09:08.0764 2264  TDPIPE - ok
21:09:08.0787 2264  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:09:08.0810 2264  TDTCP - ok
21:09:08.0839 2264  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:09:08.0865 2264  tdx - ok
21:09:08.0992 2264  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:09:09.0039 2264  TeamViewer7 - ok
21:09:09.0069 2264  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:09:09.0085 2264  TermDD - ok
21:09:09.0124 2264  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:09:09.0165 2264  TermService - ok
21:09:09.0187 2264  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:09:09.0227 2264  Themes - ok
21:09:09.0255 2264  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:09:09.0289 2264  THREADORDER - ok
21:09:09.0318 2264  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:09:09.0364 2264  TrkWks - ok
21:09:09.0430 2264  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:09.0472 2264  TrustedInstaller - ok
21:09:09.0499 2264  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:09.0537 2264  tssecsrv - ok
21:09:09.0583 2264  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:09:09.0600 2264  TsUsbFlt - ok
21:09:09.0648 2264  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:09:09.0685 2264  tunnel - ok
21:09:09.0717 2264  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:09:09.0729 2264  uagp35 - ok
21:09:09.0764 2264  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:09:09.0800 2264  udfs - ok
21:09:09.0827 2264  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:09:09.0857 2264  UI0Detect - ok
21:09:09.0882 2264  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:09:09.0895 2264  uliagpkx - ok
21:09:09.0942 2264  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:09:09.0959 2264  umbus - ok
21:09:09.0978 2264  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:09:09.0997 2264  UmPass - ok
21:09:10.0024 2264  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:09:10.0054 2264  upnphost - ok
21:09:10.0099 2264  [ AE246F574C9089E284D9D34B63694C45 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
21:09:10.0142 2264  USB28xxBGA - ok
21:09:10.0185 2264  [ 3B2A32C73238F537EB5E695D12ACFB74 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
21:09:10.0230 2264  USB28xxOEM - ok
21:09:10.0269 2264  [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:09:10.0317 2264  USBAAPL - ok
21:09:10.0362 2264  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:09:10.0390 2264  usbaudio - ok
21:09:10.0422 2264  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:10.0460 2264  usbccgp - ok
21:09:10.0479 2264  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:09:10.0514 2264  usbcir - ok
21:09:10.0602 2264  [ 2773500AFE1BB7944C0F1D46C910B7DD ] UsbClientService C:\Program Files\Synology\Assistant\UsbClientService.exe
21:09:10.0615 2264  UsbClientService - ok
21:09:10.0654 2264  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:09:10.0665 2264  usbehci - ok
21:09:10.0715 2264  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:09:10.0733 2264  usbhub - ok
21:09:10.0748 2264  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:09:10.0774 2264  usbohci - ok
21:09:10.0793 2264  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:09:10.0814 2264  usbprint - ok
21:09:10.0855 2264  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:09:10.0898 2264  usbscan - ok
21:09:10.0928 2264  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:10.0978 2264  USBSTOR - ok
21:09:11.0004 2264  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:11.0022 2264  usbuhci - ok
21:09:11.0038 2264  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:09:11.0065 2264  UxSms - ok
21:09:11.0082 2264  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:09:11.0095 2264  VaultSvc - ok
21:09:11.0110 2264  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:09:11.0123 2264  vdrvroot - ok
21:09:11.0150 2264  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:09:11.0192 2264  vds - ok
21:09:11.0213 2264  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:11.0228 2264  vga - ok
21:09:11.0244 2264  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:09:11.0267 2264  VgaSave - ok
21:09:11.0304 2264  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:09:11.0318 2264  vhdmp - ok
21:09:11.0337 2264  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:09:11.0349 2264  viaagp - ok
21:09:11.0363 2264  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:09:11.0385 2264  ViaC7 - ok
21:09:11.0412 2264  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:09:11.0424 2264  viaide - ok
21:09:11.0450 2264  [ 817DA66B1B889FAD1DBF669E0E2F3228 ] vmm             C:\Windows\system32\Drivers\vmm.sys
21:09:11.0463 2264  vmm - ok
21:09:11.0499 2264  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:09:11.0515 2264  volmgr - ok
21:09:11.0552 2264  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:09:11.0565 2264  volmgrx - ok
21:09:11.0583 2264  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:09:11.0597 2264  volsnap - ok
21:09:11.0637 2264  [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
21:09:11.0652 2264  vpcbus - ok
21:09:11.0682 2264  [ 2ABE8281DB609D8BB1BD1B2F93800D5F ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
21:09:11.0692 2264  VPCNetS2 - ok
21:09:11.0715 2264  [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:09:11.0729 2264  vpcnfltr - ok
21:09:11.0735 2264  [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
21:09:11.0749 2264  vpcusb - ok
21:09:11.0794 2264  [ B487191FE18D6863381A1AC55482469A ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
21:09:11.0808 2264  vpcvmm - ok
21:09:11.0823 2264  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:09:11.0837 2264  vsmraid - ok
21:09:11.0923 2264  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:09:11.0973 2264  VSS - ok
21:09:11.0979 2264  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:09:12.0003 2264  vwifibus - ok
21:09:12.0025 2264  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:09:12.0054 2264  vwififlt - ok
21:09:12.0085 2264  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:09:12.0114 2264  W32Time - ok
21:09:12.0147 2264  [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
21:09:12.0155 2264  wacmoumonitor - ok
21:09:12.0188 2264  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:09:12.0197 2264  wacommousefilter - ok
21:09:12.0213 2264  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:09:12.0237 2264  WacomPen - ok
21:09:12.0260 2264  [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
21:09:12.0269 2264  wacomvhid - ok
21:09:12.0284 2264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:09:12.0322 2264  WANARP - ok
21:09:12.0327 2264  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:09:12.0348 2264  Wanarpv6 - ok
21:09:12.0390 2264  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:09:12.0430 2264  wbengine - ok
21:09:12.0454 2264  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:09:12.0483 2264  WbioSrvc - ok
21:09:12.0508 2264  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:09:12.0538 2264  wcncsvc - ok
21:09:12.0557 2264  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:09:12.0604 2264  WcsPlugInService - ok
21:09:12.0618 2264  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:09:12.0635 2264  Wd - ok
21:09:12.0688 2264  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
21:09:12.0703 2264  WDC_SAM - ok
21:09:12.0750 2264  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:09:12.0778 2264  Wdf01000 - ok
21:09:12.0798 2264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:09:12.0843 2264  WdiServiceHost - ok
21:09:12.0849 2264  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:09:12.0864 2264  WdiSystemHost - ok
21:09:12.0882 2264  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:09:12.0914 2264  WebClient - ok
21:09:12.0930 2264  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:09:12.0958 2264  Wecsvc - ok
21:09:12.0980 2264  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:09:13.0004 2264  wercplsupport - ok
21:09:13.0022 2264  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:09:13.0058 2264  WerSvc - ok
21:09:13.0064 2264  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:13.0087 2264  WfpLwf - ok
21:09:13.0102 2264  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:09:13.0113 2264  WIMMount - ok
21:09:13.0170 2264  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:09:13.0205 2264  WinDefend - ok
21:09:13.0217 2264  WinHttpAutoProxySvc - ok
21:09:13.0372 2264  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:09:13.0417 2264  Winmgmt - ok
21:09:13.0450 2264  Winpowermonitor - ok
21:09:13.0458 2264  WinpowerRMI - ok
21:09:13.0514 2264  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:09:13.0574 2264  WinRM - ok
21:09:13.0615 2264  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:13.0645 2264  WinUsb - ok
21:09:13.0697 2264  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:09:13.0735 2264  Wlansvc - ok
21:09:13.0763 2264  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:09:13.0784 2264  WmiAcpi - ok
21:09:13.0807 2264  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:09:13.0835 2264  wmiApSrv - ok
21:09:13.0887 2264  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:09:13.0924 2264  WMPNetworkSvc - ok
21:09:13.0939 2264  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:09:14.0004 2264  WPCSvc - ok
21:09:14.0053 2264  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:09:14.0074 2264  WPDBusEnum - ok
21:09:14.0107 2264  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:09:14.0145 2264  ws2ifsl - ok
21:09:14.0182 2264  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:09:14.0198 2264  wscsvc - ok
21:09:14.0204 2264  WSearch - ok
21:09:14.0272 2264  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:09:14.0325 2264  wuauserv - ok
21:09:14.0362 2264  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:09:14.0374 2264  WudfPf - ok
21:09:14.0388 2264  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:14.0410 2264  WUDFRd - ok
21:09:14.0433 2264  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:09:14.0463 2264  wudfsvc - ok
21:09:14.0485 2264  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:09:14.0519 2264  WwanSvc - ok
21:09:14.0554 2264  [ 21886AE871840739885A34E7F216AFA7 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
21:09:14.0565 2264  yukonw7 - ok
21:09:14.0613 2264  ================ Scan global ===============================
21:09:14.0663 2264  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:09:14.0717 2264  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:09:14.0727 2264  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
21:09:14.0773 2264  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:09:14.0824 2264  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:09:14.0830 2264  [Global] - ok
21:09:14.0830 2264  ================ Scan MBR ==================================
21:09:14.0858 2264  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:09:15.0124 2264  \Device\Harddisk1\DR1 - ok
21:09:15.0127 2264  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:09:15.0218 2264  \Device\Harddisk0\DR0 - ok
21:09:15.0219 2264  ================ Scan VBR ==================================
21:09:15.0223 2264  [ A9227739A722AEEF0A79713F44B65708 ] \Device\Harddisk1\DR1\Partition1
21:09:15.0224 2264  \Device\Harddisk1\DR1\Partition1 - ok
21:09:15.0240 2264  [ EF176E7607B27F74412F6601428DBDD4 ] \Device\Harddisk1\DR1\Partition2
21:09:15.0242 2264  \Device\Harddisk1\DR1\Partition2 - ok
21:09:15.0262 2264  [ 332C1BA47ADE6250770124B1776450C3 ] \Device\Harddisk1\DR1\Partition3
21:09:15.0263 2264  \Device\Harddisk1\DR1\Partition3 - ok
21:09:15.0265 2264  [ 2F7F9C0911771E1721C7CFC507CC9624 ] \Device\Harddisk0\DR0\Partition1
21:09:15.0267 2264  \Device\Harddisk0\DR0\Partition1 - ok
21:09:15.0270 2264  [ E662520527C65EF66AEC3E4D9398BBE0 ] \Device\Harddisk0\DR0\Partition2
21:09:15.0273 2264  \Device\Harddisk0\DR0\Partition2 - ok
21:09:15.0273 2264  ============================================================
21:09:15.0273 2264  Scan finished
21:09:15.0273 2264  ============================================================
21:09:15.0287 4256  Detected object count: 10
21:09:15.0287 4256  Actual detected object count: 10
21:09:18.0259 4256  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:09:18.0259 4256  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
21:09:18.0260 4256  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0260 4256  AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0262 4256  bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0262 4256  bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0263 4256  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0263 4256  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0264 4256  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0264 4256  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0265 4256  MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0265 4256  MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0267 4256  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0267 4256  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0269 4256  NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0269 4256  NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0270 4256  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0270 4256  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:09:18.0272 4256  SynoDrService ( UnsignedFile.Multi.Generic ) - skipped by user
21:09:18.0272 4256  SynoDrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.01.2013, 00:43   #9
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 17:33   #10
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Ich hab den Fehler gefunden: Es war das Google - Cache Tool. Nachdem ich dieses Ad-On deaktiviert habe, kommt keine Fehlermeldung mehr.

Alt 10.01.2013, 17:36   #11
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Ja, trotzdem sind wir nicht fertig. weiter bitte mit cf
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 18:36   #12
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Hier also wunschgemäß die conbofix.txt
Code:
ATTFilter
ComboFix 13-01-08.01 - Rolf 10.01.2013  18:01:49.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.1349 [GMT 1:00]
ausgeführt von:: c:\users\Rolf\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Rolf\ia_remove.sh2871.tmp
c:\users\Rolf\ResourceReader.dll
c:\windows\IsUn0407.exe
c:\windows\system\Color
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\UA000106.DLL
c:\windows\UA000107.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-10 bis 2013-01-10  ))))))))))))))))))))))))))))))
.
.
2013-01-10 17:12 . 2013-01-10 17:12	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-10 17:12 . 2013-01-10 17:12	--------	d-----w-	c:\users\Hanna\AppData\Local\temp
2013-01-10 17:12 . 2013-01-10 17:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-10 16:32 . 2013-01-10 16:32	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D68A8EDA-D0DD-4091-BF42-308AFD70588C}\offreg.dll
2013-01-10 12:53 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D68A8EDA-D0DD-4091-BF42-308AFD70588C}\mpengine.dll
2013-01-09 20:28 . 2013-01-09 20:29	--------	d-----w-	c:\program files\program
2013-01-09 18:52 . 2013-01-09 18:52	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-01-02 18:40 . 2013-01-02 18:40	--------	d-----w-	c:\program files\URE
2013-01-02 18:40 . 2013-01-09 20:28	--------	d-----w-	c:\program files\readmes
2013-01-02 18:40 . 2013-01-09 20:28	--------	d-----w-	c:\program files\Basis
2013-01-02 18:40 . 2013-01-02 18:40	--------	d-----w-	c:\program files\share
2012-12-22 15:57 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 15:57 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-18 14:28 . 2012-12-18 14:28	186584	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-12-12 17:35 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 17:35 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:46 . 2012-04-11 18:00	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 18:46 . 2011-05-21 16:25	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 13:42 . 2012-06-08 09:38	43608	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\system32\msxml4.dll
2012-10-16 07:39 . 2012-11-28 12:38	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2008-08-16 15:42 . 2013-01-10 16:29	13112	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42 . 2013-01-10 16:29	70456	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42 . 2013-01-10 16:29	91448	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42 . 2013-01-10 16:29	20800	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43 . 2013-01-10 16:29	206136	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42 . 2013-01-10 16:29	31032	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42 . 2013-01-10 16:29	40248	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41 . 2013-01-10 16:29	479232	----a-w-	c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41 . 2013-01-10 16:29	548864	----a-w-	c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41 . 2013-01-10 16:29	626688	----a-w-	c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58 . 2013-01-10 16:29	648504	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42 . 2013-01-10 16:29	23864	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-10 16:29 . 2013-01-10 16:29	262704	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 13:55	155416	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-06-01 20:45	319488	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-06-01 20:45	319488	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-06-01 20:45	319488	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-06-01 20:45	319488	----a-w-	c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDavOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2010-10-27 11:13	284304	----a-w-	c:\windows\System32\WebDAV.ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Core Temp"="d:\install\prozessortools\Core Temp.exe" [2009-08-05 378384]
"Akamai NetSession Interface"="c:\users\Rolf\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Data Replicator 3"="c:\program files\Synology Data Replicator  3\Backup.exe" [2011-02-22 11587584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-13 356376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
E-Mail.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-10-30 388576]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\users\Rolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
thunderbird.exe - Verknüpfung.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-10-30 388576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2013\mshaktuell.exe [2012-12-8 1386136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 11:24	624056	----a-w-	c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]
2012-01-24 14:09	284024	----a-w-	c:\program files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Ext2Fsd;Linux ext2 file system driver; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R4 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 LNSUSvc;Lotus Notes Smart Upgrade Service       ;c:\program files\IBM\Lotus\Notes\SUService.exe [x]
S2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\program files\IBM\Lotus\Notes\nsd.exe [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\WebDAV.AdminService.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator  3\SynoDrService.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Rolf\AppData\Local\Temp\ALSysIO.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [x]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:48]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:09]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 15:09]
.
2013-01-10 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-01-08 07:13]
.
2012-12-31 c:\windows\Tasks\Synology Data Replicator 3-Rolf-PC-Rolf.job
- c:\program files\Synology Data Replicator  3\Backup.exe [2011-02-22 02:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Rolf\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 172.16.0.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab
FF - ProfilePath - c:\users\Rolf\AppData\Roaming\Mozilla\Firefox\Profiles\0wfyg99q.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/photosfromkids?ref=profile
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={52044F48-D66C-11E0-86BC-90E6BA441B8D}&src=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:bf,8e,52,6b,2f,fe,65,66,50,ca,e3,5c,77,66,27,c8,d7,ff,84,21,ec,
   fc,d9,ce,2c,cf,e3,88,6c,24,9c,73,e3,eb,9c,21,43,d5,19,be,1d,1c,96,e2,6a,13,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:bf,8e,52,6b,2f,fe,65,66,50,ca,e3,5c,77,66,27,c8,d7,ff,84,21,ec,
   fc,d9,ce,2c,cf,e3,88,6c,24,9c,73,e3,eb,9c,21,43,d5,19,be,1d,1c,96,e2,6a,13,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\CbFsNetRdr3.dll
.
Zeit der Fertigstellung: 2013-01-10  18:18:22
ComboFix-quarantined-files.txt  2013-01-10 17:18
.
Vor Suchlauf: 25 Verzeichnis(se), 381.330.788.352 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 380.792.573.952 Bytes frei
.
- - End Of File - - A59288752D15563E43740B287C0367E3
         

Alt 10.01.2013, 18:58   #13
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



hast du irgendwas mit dem tdss killer gelöscht?
laut combofix log hast du.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 19:06   #14
RvM
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



Nein - denn da gab es ja nichts zu löschen. Ich habe nur im Firefox das Google Cache Tool Adon deaktiviert und dan deinstalliert. Seit dem läuft wider alles rund.

Alt 10.01.2013, 19:11   #15
markusg
/// Malware-holic
 
Trojan.JS.Redirector bei Aufruf von Firefox - Standard

Trojan.JS.Redirector bei Aufruf von Firefox



hi
noch n bissel Adware haben wir.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojan.JS.Redirector bei Aufruf von Firefox
abstellen, aufruf, facebook trojaner, firefox, gefunde, kaspersky, kaspersky anti-virus 2012, melde, meldet, meldung, nichts, profil, regelmäßig, starte, troja, trojaner, verweigert, zugriff




Ähnliche Themen: Trojan.JS.Redirector bei Aufruf von Firefox


  1. Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website
    Log-Analyse und Auswertung - 31.05.2015 (3)
  2. Trojan.RS.Redirector.BMV
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (7)
  3. Website attackiert mit trojan:js/redirector.nf
    Plagegeister aller Art und deren Bekämpfung - 30.01.2014 (1)
  4. Kaspersky meldet sich bei Verwendung von Firefox mit einer Warnung: Trojan.JS.Redirector.xa.
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (25)
  5. Kennt das hier jemand: "Trojan.HTML.Redirector.AW"?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (1)
  6. js:Redirector-ACH
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (0)
  7. JS/Redirector.WH
    Log-Analyse und Auswertung - 10.08.2012 (37)
  8. Trojaner Meldung: JS Redirector KP bei Aufruf Kontaktanfrage in Homepage
    Log-Analyse und Auswertung - 24.01.2012 (11)
  9. JS/Redirector.GZ.1 - Was ist das ?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  10. Firefox langsam, u.a. Trojan.Inject und Trojan.Downloader gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (15)
  11. JS/Redirector.455
    Plagegeister aller Art und deren Bekämpfung - 31.01.2010 (4)
  12. JS/Redirector.455
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (38)
  13. Wie? Wo? Was? JS/Redirector.455!
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (3)
  14. JS:Redirector H2 [tr]
    Plagegeister aller Art und deren Bekämpfung - 17.05.2009 (5)
  15. TR/Redirector.E
    Plagegeister aller Art und deren Bekämpfung - 12.11.2008 (3)
  16. IExplorer und Firefox schliessen mit Fehlermeldung sofort nach erstem Aufruf
    Log-Analyse und Auswertung - 21.12.2006 (1)
  17. Aufruf DFÜ-Verbindung???
    Log-Analyse und Auswertung - 27.12.2005 (9)

Zum Thema Trojan.JS.Redirector bei Aufruf von Firefox - Wenn ich in meinem Profil den Firefox starte, dann meldet sich Kaspersky regelmäßig, das er den Zugriff auf "hxxp://www.proxyempire.com/index.php" verweigert, da dort der Trojaner "Trojan.JS.Redirector.xa" sich befindet. Diese Meldung kommt - Trojan.JS.Redirector bei Aufruf von Firefox...
Archiv
Du betrachtest: Trojan.JS.Redirector bei Aufruf von Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.