Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   browser starten sehr langsam (https://www.trojaner-board.de/128494-browser-starten-sehr-langsam.html)

skyfly 23.12.2012 05:07
browser starten sehr langsam
 
hallo!
seit einiger zeit starten sämtliche browser sehr, sehr langsam. es dauert manchmal bis zu 5 minuten. wenn der browser dann "da" ist arbeitet er ganz normal, bzw. fast, ab und zu hängt er kurz. ich habe mit google nach möglichen ursachen gesucht, konnte aber nicht viel finden, in der regel wurde trojanerbefall vermutet, deshalb wende ich mich jetzt an euch. ich habe otl, mehrmals, laufen lassen. allerdings wurde nur beim ersten mal eine extra datei erstellt ( die ich anhänge).bei den weiteren versuchen stellt otl automatisch beim start um, extraregistrierung auf aus.
wäre toll, wenn ihr mir weiterhelfen könntet :)
Code:
OTL logfile created on: 23.12.2012 04:39:30 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\ANNE11\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 56,00% Memory free
7,35 Gb Paging File | 5,48 Gb Available in Paging File | 74,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 339,46 Gb Free Space | 75,16% Space Free | Partition Type: NTFS
Drive D: | 442,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SKYFLY | User Name: ANNE11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.23 04:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ANNE11\Desktop\OTL.exe
PRC - [2012.10.13 02:27:56 | 000,523,632 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.10.13 02:27:54 | 001,269,616 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.10.12 01:38:28 | 000,413,040 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.10.12 01:37:42 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.08 18:45:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.04.23 17:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.04.17 06:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.05.19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008.12.19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 16:50:52 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\c9df7b9913344bb7c80a50e59d7e48f6\System.Messaging.ni.dll
MOD - [2012.11.16 16:50:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll
MOD - [2012.11.16 15:51:39 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.16 15:51:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.16 15:51:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.16 15:51:02 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.16 15:50:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.16 15:50:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.16 15:50:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.16 15:50:39 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.16 15:50:34 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.16 02:11:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.03.09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.02 17:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.15 14:11:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.14 12:35:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.13 02:27:56 | 000,523,632 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.10.12 01:47:38 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.10.12 01:38:28 | 000,413,040 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.10.12 01:37:42 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.20 17:21:58 | 000,691,040 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe -- (DSUDiskOptimizer)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.05.14 03:43:11 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010.04.17 06:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 08:36:42 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.09.30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.25 00:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.05.25 00:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.07 03:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.01 09:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 17:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.02 16:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.03.02 16:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.28 03:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.19 00:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.07 06:33:16 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 13:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.27 06:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.10.24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=skyp&ocid=skydhp
IE - HKCU\..\SearchScopes,DefaultScope = {C80945D2-5DE6-4E5E-A4B7-F1129EB0B319}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE413
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C80945D2-5DE6-4E5E-A4B7-F1129EB0B319}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ACAW_deDE413
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.selectedEngine: "Hotspot Shield Private Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.hotspotshield.com/g/?c=h"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.08 22:50:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.08 22:50:43 | 000,000,000 | ---D | M]
 
[2012.08.15 13:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ANNE11\AppData\Roaming\mozilla\Extensions
[2012.09.15 17:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ANNE11\AppData\Roaming\mozilla\Firefox\Profiles\r6sbwekk.default\extensions
[2011.04.02 14:23:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ANNE11\AppData\Roaming\mozilla\Firefox\Profiles\r6sbwekk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.24 18:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.27 20:56:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.28 08:52:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.03 17:48:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 18:51:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.08.15 22:19:16 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.10.14 12:35:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012.10.14 12:35:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 12:35:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.14 12:35:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.14 12:35:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.25 00:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2012.10.14 12:35:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.14 12:35:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmidas.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Deactivate Or Disable Facebook Timeline = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloifipfpidfdknplfjndcomgebnlcon\3.0_0\
CHR - Extension: Google Mail = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\ANNE11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D220239-50E0-4BE5-9B52-FCE3B8BC24FA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.14 16:43:10 | 000,341,764 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2008.10.14 13:53:28 | 001,056,256 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.14 15:13:11 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1d91495d-7891-11df-8f1a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d91495d-7891-11df-8f1a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2008.10.14 13:53:28 | 001,056,256 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 04:38:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ANNE11\Desktop\OTL.exe
[2012.12.23 03:48:27 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Malwarebytes
[2012.12.23 03:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.23 03:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.23 03:48:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.23 03:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.20 13:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.20 13:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.18 22:46:46 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\webkit
[2012.12.18 21:31:47 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Documents\Einkommensteuer
[2012.12.18 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\KONZ
[2012.12.18 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\KONZ
[2012.12.18 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Konz Steuer-Software
[2012.12.18 21:30:46 | 000,693,248 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmbr10.dll
[2012.12.18 21:30:45 | 002,702,336 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10.dll
[2012.12.18 21:30:45 | 001,215,488 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmct10.dll
[2012.12.18 21:30:45 | 000,660,992 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmdw10.dll
[2012.12.18 21:30:43 | 000,933,376 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmll10bc.llx
[2012.12.18 21:30:43 | 000,663,552 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmll10ex.llx
[2012.12.18 21:30:43 | 000,375,808 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll1000.lng
[2012.12.18 21:30:43 | 000,375,808 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10@@.lng
[2012.12.18 21:30:42 | 001,176,576 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmls10.dll
[2012.12.18 21:30:42 | 000,681,472 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmll10xl.dll
[2012.12.18 21:30:41 | 001,232,896 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cuct10.dll
[2012.12.18 21:30:41 | 000,713,728 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cubr10.dll
[2012.12.18 21:30:41 | 000,707,072 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmmx01.dll
[2012.12.18 21:30:41 | 000,212,992 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmpr10.dll
[2012.12.18 21:30:41 | 000,159,232 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmut10.dll
[2012.12.18 21:30:40 | 002,760,192 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cull10.dll
[2012.12.18 21:30:40 | 000,678,400 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cudw10.dll
[2012.12.18 21:30:39 | 001,215,488 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\culs10.dll
[2012.12.18 21:30:39 | 000,378,368 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cull1000.lng
[2012.12.18 21:30:39 | 000,164,248 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cull10o.ocx
[2012.12.18 21:30:38 | 000,225,280 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cupr10.dll
[2012.12.18 21:30:38 | 000,177,152 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cuut10.dll
[2012.12.18 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KONZ
[2012.12.18 21:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Konz
[2012.12.18 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\KONZ
[2012.12.18 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\Steuersoft
[2012.12.18 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\.thumbnails
[2012.12.18 19:32:50 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\fontconfig
[2012.12.18 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\gegl-0.2
[2012.12.18 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\.gimp-2.8
[2012.12.18 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.12.18 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.12.18 14:04:13 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\mamapics
[2012.12.17 08:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012.12.08 20:48:31 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Corel
[2012.12.08 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Documents\Corel PaintShop Pro
[2012.12.08 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\Corel PaintShop Pro
[2012.12.08 20:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.12.08 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.12.08 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\ursula ok
[2012.12.08 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\ursi
[2012.12.06 12:18:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.01 12:42:12 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Lexware
[2012.12.01 12:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2010
[2012.12.01 12:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2012.12.01 12:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2012.12.01 12:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2012.12.01 12:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2012.12.01 12:38:00 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\Lexware
[2012.11.27 21:47:19 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Documents\Steuerfälle
[2012.11.27 21:47:19 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\AAV
[2012.11.27 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAVUpdateManager
[2012.11.27 21:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer-Sparer 2010
[2012.11.27 21:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer-Sparer 2010
[2012.11.27 21:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AAV
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.23 04:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ANNE11\Desktop\OTL.exe
[2012.12.23 04:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.23 04:03:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 04:03:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 03:55:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.23 03:55:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.23 03:55:12 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 03:48:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 03:25:20 | 000,000,000 | ---- | M] () -- C:\Users\ANNE11\defogger_reenable
[2012.12.23 02:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.23 02:38:47 | 000,050,477 | ---- | M] () -- C:\Users\ANNE11\Desktop\Defogger.exe
[2012.12.22 23:37:21 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012.12.21 00:00:35 | 000,311,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 13:08:13 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.19 20:32:15 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.12.18 23:29:29 | 429,477,663 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.18 22:57:32 | 000,002,657 | ---- | M] () -- C:\Users\ANNE11\AppData\Local\recently-used.xbel
[2012.12.18 21:30:47 | 000,001,281 | ---- | M] () -- C:\Users\ANNE11\Desktop\KONZ.lnk
[2012.12.18 19:44:18 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.18 19:44:18 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.18 19:44:18 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.18 19:44:18 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.18 19:44:18 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.18 19:26:37 | 000,000,896 | ---- | M] () -- C:\Users\ANNE11\Desktop\GIMP 2.lnk
[2012.12.15 16:57:05 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.01 23:27:22 | 000,158,192 | ---- | M] () -- C:\Users\ANNE11\Documents\Steuer_2010_Dasi.zip
[2012.12.01 12:45:12 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2010.lnk
[2012.11.27 21:44:50 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Sparer 2010.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.23 03:48:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 03:25:20 | 000,000,000 | ---- | C] () -- C:\Users\ANNE11\defogger_reenable
[2012.12.23 02:38:46 | 000,050,477 | ---- | C] () -- C:\Users\ANNE11\Desktop\Defogger.exe
[2012.12.20 13:08:13 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.18 22:57:32 | 000,002,657 | ---- | C] () -- C:\Users\ANNE11\AppData\Local\recently-used.xbel
[2012.12.18 21:30:47 | 000,001,281 | ---- | C] () -- C:\Users\ANNE11\Desktop\KONZ.lnk
[2012.12.18 21:30:44 | 000,741,845 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.chm
[2012.12.18 21:30:43 | 000,156,164 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.inf
[2012.12.18 21:30:43 | 000,156,164 | ---- | C] () -- C:\Windows\SysWow64\cmll10@@.inf
[2012.12.18 21:30:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysWow64\cmls1000.lng
[2012.12.18 19:27:11 | 000,000,896 | ---- | C] () -- C:\Users\ANNE11\Desktop\GIMP 2.lnk
[2012.12.18 19:26:37 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.12.18 18:40:59 | 001,402,826 | ---- | C] () -- C:\Users\ANNE11\DSC00893.JPG
[2012.12.01 13:17:32 | 000,158,192 | ---- | C] () -- C:\Users\ANNE11\Documents\Steuer_2010_Dasi.zip
[2012.12.01 12:40:57 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2010.lnk
[2012.11.27 21:35:42 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Sparer 2010.lnk
[2011.08.19 18:56:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.07.06 13:59:43 | 000,000,234 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011.05.25 18:24:53 | 000,008,192 | ---- | C] () -- C:\Users\ANNE11\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.01 12:07:13 | 000,000,208 | ---- | C] () -- C:\Windows\SCHMIDT.INI
[2011.01.13 07:33:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.11 08:59:48 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.01.10 00:38:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.14 03:29:27 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.01.13 18:32:12 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\Acreon
[2011.06.06 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\Canon
[2012.12.18 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.06.11 18:41:19 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\DVDVideoSoft
[2012.06.11 18:36:09 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.18 21:31:45 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\KONZ
[2012.12.01 12:42:28 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\Lexware
[2011.01.21 17:48:40 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\LolClient
[2012.06.12 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\LolClient2
[2011.04.29 18:50:32 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\PlayFirst
[2012.08.07 22:37:59 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\Systweak
[2012.12.15 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\TS3Client
[2012.01.11 22:33:14 | 000,000,000 | ---D | M] -- C:\Users\ANNE11\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >
und hier das "alte" extra
Code:
OTL Extras logfile created on: 23.12.2012 03:26:45 - Run 1
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\ANNE11\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 67,62% Memory free
7,35 Gb Paging File | 5,57 Gb Available in Paging File | 75,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 339,71 Gb Free Space | 75,21% Space Free | Partition Type: NTFS
Drive D: | 442,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SKYFLY | User Name: ANNE11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Steuersoftware\STSInstall.exe" = D:\Steuersoftware\STSInstall.exe:*:Enabled:STSInstall -- (Steuersoft GmbH)
"C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe" = C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe:*:Enabled:EP_Konz -- (Steuersoft GmbH)
"C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe" = C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe:*:Enabled:KonzSteuersoftware -- (Steuersoft GmbH)
"D:\Steuersoftware\STSInstall.exe" = D:\Steuersoftware\STSInstall.exe:*:Enabled:STSInstall -- (Steuersoft GmbH)
"C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe" = C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe:*:Enabled:EP_Konz -- (Steuersoft GmbH)
"C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe" = C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe:*:Enabled:KonzSteuersoftware -- (Steuersoft GmbH)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAE2AB9-3D18-4DA2-8BFE-032C9DC624BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2DF8E987-0981-4DEF-8908-0A42BD9D4326}" = lport=137 | protocol=17 | dir=in | app=system |
"{44099291-BD49-492A-B091-CF22A575E59A}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{47F10C21-D8B4-4835-9452-4DC44F4C66C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4917C69A-C988-42C7-8045-D1384189609F}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C6DF94D-73A6-47B1-80BE-DF8BC0E990D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC5125D-4332-45F3-AA09-CE13F52AD4A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BD308E2-FF0D-4DC4-AEC3-DCE816F55DBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77432827-988D-4767-A9A1-1025D938234F}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B560251-B7E0-4A2F-800F-D7D8843FC37A}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{7E2DB73C-8AB2-4969-8FB2-2D6E076BCF5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86B65792-FC40-4243-9BF0-7F9621AB1911}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C515F09-E0D7-48EB-BE29-3988DF3E58BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B032357C-D8F4-4FEA-BD0A-1D9FC94A3FDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B7045421-6D11-44F8-9FC3-3FEC760D0A69}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7617A82-9E30-4D0B-A675-56B3F2A3F1F6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B9C5733E-44D6-429F-98F5-44E3C12F0891}" = rport=138 | protocol=17 | dir=out | app=system |
"{C39D1452-1954-48D2-89FF-65994FC4A5DA}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{C3E0BE63-F1D4-4B78-9496-EEAFD7341730}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{CB5ACE02-1E08-4891-AC43-09A88BEE7030}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D28C5486-B982-4ED8-AE48-2283DA4DA472}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB2AA74A-3209-4290-B77D-3F3BCF311D57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E5318C49-B157-4841-8E11-609F19051B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F47EF266-3517-4973-8AA4-2ABBD9DEDDA7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6DA2564-652C-4F7E-93D1-CD8D3E044B1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F79C3787-9333-457F-B0BC-B86EFE857921}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC823C0D-EFA3-448D-963A-B1CE8661CF15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0381118F-6544-4A5A-BA10-3670340D57C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{038805CC-0FD5-495F-9809-20563096A337}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0CE65554-2345-4D78-B7E3-01100DDCB571}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{12ADA536-652F-4FD7-9B60-F0150084D470}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{196BCEC3-B25B-4880-A266-D2F4C63A48C8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{1A3F4136-20C0-4A7B-977E-01CF79ECBF83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E39426F-3D32-447D-BB14-D59E25791D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{29CD4701-413E-49D3-A07B-AE91E6EECA41}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2AF6E782-B4EB-437D-9027-D3605987525B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D31C242-76C8-48D9-B4F8-5F0DDC4DF041}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31CE4215-BBE7-4C55-AFAC-E2726F1E0336}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{3238093F-B8B3-4316-9764-C88A34A0560D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{35B864C4-C2FD-44D3-90BF-41AC0473DEB2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3AD28418-A19D-48AD-B4AE-0EB440F5DCC0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{401C6471-E469-407B-9EE2-3D7AAF476D46}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"{44C30B6A-0D9C-479A-9977-EA86DB60D812}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{48456D78-3DA5-404B-8B96-7912F46F4F82}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{5347CA29-3959-4366-AB39-A66EE6ED8C0E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{5640DF60-2FC5-4AB3-B50C-DE815A801A36}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{584B1FD7-A287-4DF6-9DE8-7A4F3E2F5E0C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F7BA9F8-DF8D-4E31-896B-351EECEEBCEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{611C9B9B-C4A7-459E-9C3D-9C942B544AFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{6169B587-267A-4DC5-AA2B-3A1ADFA84C37}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"{65639C1F-E4C1-4BE8-91C3-2049E4F8E588}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{65C8E09C-759E-4D24-8047-8CDC8B3938A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6AD1B789-BD79-49C6-A721-3224E0DF0CBC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6DC57190-C2AC-4B7D-831A-0E6C47F2BE9C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7041608D-284F-4867-A41A-0E3C14ACFEC2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{755EFE40-A16A-43E6-BBEF-2EEFCAA5D62E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{76941532-9439-468A-8D97-8E599A24C721}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7760EB0A-21AB-406F-B47C-8B3D25EA959A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{782D38F2-FC81-482D-8198-D6AE61301860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8E445E-F282-4E1B-A90D-8D5B0AA7CD89}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7C3322D3-06D5-4271-BB81-DC0375831B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E893359-AC92-42C9-92CE-5A5AFF672E68}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{80760A66-AF76-49EE-B2CF-6C6284106786}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82101DBE-3B25-4341-BA89-BA39B650F3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8243B70C-76F9-4FFB-958F-73C313D2117E}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"{84F1B699-48C7-4F1F-A20C-0610E22EB902}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{861BAED0-8B55-4213-AC22-D7D35F1EE634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9339AF8A-4EAD-44C7-8E63-59D4172CE466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0105137-FE50-49FE-A3B1-61BFAC39825D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0A91C33-D62E-4D10-A08D-E5D39ACC9055}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A20D6E66-D3B0-481B-886D-66D2320B66EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A57D4B2D-8428-4A90-9700-5F9621BF45F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7369C15-2CCE-4D98-B075-02B260403021}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B331F2DD-045F-48A0-9485-7E2047608104}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6F39C95-ED27-4070-BBE5-1F32BD0CD787}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BEDBDBC8-88D9-4DEF-A360-8ACD1D315233}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D16F97BA-4B88-4E1D-9FEC-69873118FEF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D49070BC-F066-4981-9695-5A9F7FEC54A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D593F0B9-F8D9-490E-B5CA-A647C852F026}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{D5D83F70-A646-4E1D-9772-77C18ACDAFE5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D5E6C3AC-85F1-4707-9C2D-D3FD25F50FDA}" = protocol=6 | dir=out | app=system |
"{D87F03F3-73F4-4795-8557-CF1F0FBFD5C2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{DC09DB82-8BB1-483F-BAC9-D0668CF409DE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{DDC39649-0962-43F2-9452-FFECA4EBA984}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DF261A1A-872F-4852-A8B8-FD3C8CB8F15B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EDF90D30-C3A4-4865-A27D-4016B66C3C89}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2A72AAF-E65A-4E65-A266-CC8FB216AEEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3CCE475-4741-4606-B393-F98B7C55B4B1}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"{F98F3238-906D-431B-B53C-7716B09CE8DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE31CD9E-D3E9-4FC9-BB6D-0A45FE67588E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{300F0AFF-88BA-4C24-B02E-8BA800AAC6E5}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe |
"TCP Query User{397377C9-3BF9-4640-B3EA-51F7F67C024B}C:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{3D184137-C852-4C6C-AE9A-BFBD49D9E496}C:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{93D0C956-7C12-4848-8ED9-EB22C2D0C0D8}C:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{9DBA4B17-6638-4AD0-866A-5BF1B4B3A391}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"TCP Query User{B2174488-AB05-4BD5-8901-58B50319ABB7}C:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"TCP Query User{C2EADCD8-63DD-4ABD-A93E-BBB161ABF324}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{FCC9E43D-F770-4E37-9535-3B9EBA6BE875}C:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{12572BED-7660-4653-8F18-53882CCA68E5}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3B022059-298E-4A1A-A53E-8E17B2FC4870}C:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"UDP Query User{4010B8BF-A6BA-48FD-9A96-62B582127B48}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{5CB11E7E-34B2-4E18-8E8A-1260932836F7}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{A0F230DF-E102-4EEB-8B5C-EDC611875F7C}C:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{CE40830D-C038-437B-9D7A-6B8ABD84FB33}C:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{D6A6EF4D-16A0-4510-9991-28E5975E039E}C:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{DD304801-4955-4E45-9A5F-40227B29385D}C:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish
"{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37A4C887-CD6A-46A5-9902-E8EA6D97AE61}" = Steuer-Sparer 2010
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New
"{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish
"{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish
"{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek
"{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai
"{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German
"{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard
"{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish
"{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian
"{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian
"{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch
"{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC7E771F-8170-4573-825D-EDB6723C804F}_is1" = Disk Speedup
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.4 by MixMeister
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.3.5
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.74
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"king.com" = king.com (remove only)
"KonzESt" = Konz Steuer-Software
"LManager" = Launch Manager
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"posterjack CEWE Fotobuch und Kalender" = posterjack CEWE Fotobuch und Kalender
"RegClean Pro_is1" = RegClean Pro
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2012 03:23:47 | Computer Name = SKYFLY | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 08.04.2012 03:25:05 | Computer Name = SKYFLY | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.04.2012 04:54:33 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.04.2012 04:54:33 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15569
 
Error - 09.04.2012 04:54:33 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15569
 
Error - 09.04.2012 19:47:40 | Computer Name = SKYFLY | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 09.04.2012 19:48:57 | Computer Name = SKYFLY | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.04.2012 10:46:54 | Computer Name = SKYFLY | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 18.0.1025.152 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 420    Startzeit:
01cd17164a8ed639    Endzeit: 12    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 005b7f17-831c-11e1-9d31-c80aa9b75c0d 
 
Error - 14.04.2012 08:17:16 | Computer Name = SKYFLY | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 14.04.2012 08:18:10 | Computer Name = SKYFLY | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 07.10.2012 07:36:58 | Computer Name = SKYFLY | Source = MCUpdate | ID = 0
Description = 13:36:58 - Fehler beim Herstellen der Internetverbindung.  13:36:58
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 17.12.2012 03:12:15 | Computer Name = SKYFLY | Source = DCOM | ID = 10010
Description =
 
Error - 17.12.2012 15:54:15 | Computer Name = SKYFLY | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?12.?2012 um 20:53:12 unerwartet heruntergefahren.
 
Error - 17.12.2012 15:54:21 | Computer Name = SKYFLY | Source = BugCheck | ID = 1001
Description =
 
Error - 17.12.2012 22:31:29 | Computer Name = SKYFLY | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?12.?2012 um 03:23:01 unerwartet heruntergefahren.
 
Error - 18.12.2012 04:53:26 | Computer Name = SKYFLY | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?12.?2012 um 09:51:51 unerwartet heruntergefahren.
 
Error - 18.12.2012 04:53:30 | Computer Name = SKYFLY | Source = BugCheck | ID = 1001
Description =
 
Error - 18.12.2012 09:39:41 | Computer Name = SKYFLY | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?12.?2012 um 14:25:45 unerwartet heruntergefahren.
 
Error - 18.12.2012 09:39:51 | Computer Name = SKYFLY | Source = BugCheck | ID = 1001
Description =
 
Error - 18.12.2012 18:29:43 | Computer Name = SKYFLY | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?12.?2012 um 23:12:27 unerwartet heruntergefahren.
 
Error - 18.12.2012 18:29:48 | Computer Name = SKYFLY | Source = BugCheck | ID = 1001
Description =
 
 
< End of report >
und hier noch der malwarescan report

Code:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ANNE11 :: SKYFLY [Administrator]

Schutz: Aktiviert

23.12.2012 03:58:24
mbam-log-2012-12-23 (03-58-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207636
Laufzeit: 5 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
vielen dank und schöne weihnachten :singsing:

Larusso 23.12.2012 18:29
:hallo:

Bevor ich hier irgendwas ändere, ist das ein Firmenrechner ?

skyfly 24.12.2012 02:51
nein, kein firmenrechner, ganz und gar privat :)

Larusso 24.12.2012 04:03
:hallo:

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

skyfly 25.12.2012 02:00
hallo daniel,
vielen dank für die prompte antwort!
hier das tdsskiller logfile:
Code:
01:51:34.0859 6012  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:51:36.0014 6012  ============================================================
01:51:36.0015 6012  Current date / time: 2012/12/25 01:51:36.0014
01:51:36.0015 6012  SystemInfo:
01:51:36.0015 6012 
01:51:36.0015 6012  OS Version: 6.1.7601 ServicePack: 1.0
01:51:36.0015 6012  Product type: Workstation
01:51:36.0015 6012  ComputerName: SKYFLY
01:51:36.0015 6012  UserName: ANNE11
01:51:36.0015 6012  Windows directory: C:\Windows
01:51:36.0015 6012  System windows directory: C:\Windows
01:51:36.0015 6012  Running under WOW64
01:51:36.0015 6012  Processor architecture: Intel x64
01:51:36.0015 6012  Number of processors: 4
01:51:36.0015 6012  Page size: 0x1000
01:51:36.0015 6012  Boot type: Normal boot
01:51:36.0015 6012  ============================================================
01:51:37.0817 6012  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:51:37.0827 6012  ============================================================
01:51:37.0827 6012  \Device\Harddisk0\DR0:
01:51:37.0827 6012  MBR partitions:
01:51:37.0827 6012  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
01:51:37.0827 6012  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
01:51:37.0827 6012  ============================================================
01:51:37.0862 6012  C: <-> \Device\Harddisk0\DR0\Partition2
01:51:37.0862 6012  ============================================================
01:51:37.0862 6012  Initialize success
01:51:37.0862 6012  ============================================================
01:51:43.0843 3520  ============================================================
01:51:43.0843 3520  Scan started
01:51:43.0843 3520  Mode: Manual;
01:51:43.0844 3520  ============================================================
01:51:44.0957 3520  ================ Scan system memory ========================
01:51:44.0957 3520  System memory - ok
01:51:44.0957 3520  ================ Scan services =============================
01:51:45.0388 3520  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:51:45.0410 3520  1394ohci - ok
01:51:45.0471 3520  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
01:51:45.0483 3520  AAV UpdateService - ok
01:51:45.0522 3520  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:51:45.0527 3520  ACPI - ok
01:51:45.0557 3520  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
01:51:45.0562 3520  AcpiPmi - ok
01:51:45.0689 3520  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:51:45.0755 3520  AdobeFlashPlayerUpdateSvc - ok
01:51:45.0816 3520  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
01:51:45.0849 3520  adp94xx - ok
01:51:45.0898 3520  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
01:51:45.0920 3520  adpahci - ok
01:51:45.0952 3520  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
01:51:45.0964 3520  adpu320 - ok
01:51:46.0023 3520  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
01:51:46.0025 3520  AeLookupSvc - ok
01:51:46.0076 3520  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
01:51:46.0082 3520  AFD - ok
01:51:46.0118 3520  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:51:46.0127 3520  agp440 - ok
01:51:46.0153 3520  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
01:51:46.0162 3520  ALG - ok
01:51:46.0195 3520  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:51:46.0201 3520  aliide - ok
01:51:46.0226 3520  [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:51:46.0238 3520  AMD External Events Utility - ok
01:51:46.0279 3520  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:51:46.0285 3520  amdide - ok
01:51:46.0310 3520  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
01:51:46.0320 3520  AmdK8 - ok
01:51:46.0495 3520  [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
01:51:46.0822 3520  amdkmdag - ok
01:51:46.0871 3520  [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
01:51:46.0882 3520  amdkmdap - ok
01:51:46.0911 3520  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:51:46.0920 3520  AmdPPM - ok
01:51:46.0963 3520  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
01:51:46.0972 3520  amdsata - ok
01:51:46.0991 3520  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:51:47.0002 3520  amdsbs - ok
01:51:47.0020 3520  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
01:51:47.0027 3520  amdxata - ok
01:51:47.0072 3520  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
01:51:47.0081 3520  AmUStor - ok
01:51:47.0150 3520  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:51:47.0162 3520  AntiVirSchedulerService - ok
01:51:47.0210 3520  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:51:47.0211 3520  AntiVirService - ok
01:51:47.0243 3520  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
01:51:47.0251 3520  AppID - ok
01:51:47.0274 3520  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:51:47.0283 3520  AppIDSvc - ok
01:51:47.0306 3520  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
01:51:47.0307 3520  Appinfo - ok
01:51:47.0388 3520  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:51:47.0399 3520  Apple Mobile Device - ok
01:51:47.0439 3520  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
01:51:47.0449 3520  arc - ok
01:51:47.0470 3520  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:51:47.0481 3520  arcsas - ok
01:51:47.0501 3520  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:51:47.0507 3520  AsyncMac - ok
01:51:47.0552 3520  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
01:51:47.0559 3520  atapi - ok
01:51:47.0648 3520  [ 70260C7C98CC0101316F5B2650C3BB44 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
01:51:47.0720 3520  athr - ok
01:51:47.0806 3520  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
01:51:47.0815 3520  AtiHdmiService - ok
01:51:47.0870 3520  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:51:47.0879 3520  AudioEndpointBuilder - ok
01:51:47.0893 3520  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:51:47.0899 3520  AudioSrv - ok
01:51:47.0955 3520  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
01:51:47.0966 3520  avgntflt - ok
01:51:48.0009 3520  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
01:51:48.0021 3520  avipbb - ok
01:51:48.0035 3520  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
01:51:48.0043 3520  avkmgr - ok
01:51:48.0078 3520  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:51:48.0090 3520  AxInstSV - ok
01:51:48.0133 3520  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
01:51:48.0153 3520  b06bdrv - ok
01:51:48.0234 3520  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:51:48.0248 3520  b57nd60a - ok
01:51:48.0366 3520  [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
01:51:48.0480 3520  BCM43XX - ok
01:51:48.0542 3520  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:51:48.0552 3520  BDESVC - ok
01:51:48.0591 3520  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:51:48.0595 3520  Beep - ok
01:51:48.0648 3520  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
01:51:48.0658 3520  BFE - ok
01:51:48.0748 3520  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:51:48.0777 3520  BITS - ok
01:51:48.0840 3520  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:51:48.0847 3520  blbdrive - ok
01:51:48.0943 3520  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:51:48.0958 3520  Bonjour Service - ok
01:51:48.0997 3520  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:51:49.0005 3520  bowser - ok
01:51:49.0031 3520  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:51:49.0036 3520  BrFiltLo - ok
01:51:49.0049 3520  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:51:49.0053 3520  BrFiltUp - ok
01:51:49.0087 3520  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
01:51:49.0089 3520  Browser - ok
01:51:49.0106 3520  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
01:51:49.0120 3520  Brserid - ok
01:51:49.0139 3520  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:51:49.0145 3520  BrSerWdm - ok
01:51:49.0170 3520  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:51:49.0171 3520  BrUsbMdm - ok
01:51:49.0177 3520  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:51:49.0177 3520  BrUsbSer - ok
01:51:49.0183 3520  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:51:49.0191 3520  BTHMODEM - ok
01:51:49.0231 3520  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
01:51:49.0241 3520  bthserv - ok
01:51:49.0268 3520  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:51:49.0275 3520  cdfs - ok
01:51:49.0309 3520  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
01:51:49.0321 3520  cdrom - ok
01:51:49.0357 3520  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
01:51:49.0359 3520  CertPropSvc - ok
01:51:49.0431 3520  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:51:49.0432 3520  circlass - ok
01:51:49.0466 3520  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:51:49.0471 3520  CLFS - ok
01:51:49.0562 3520  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:51:49.0575 3520  clr_optimization_v2.0.50727_32 - ok
01:51:49.0626 3520  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:51:49.0638 3520  clr_optimization_v2.0.50727_64 - ok
01:51:49.0717 3520  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:51:49.0737 3520  clr_optimization_v4.0.30319_32 - ok
01:51:49.0769 3520  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:51:49.0771 3520  clr_optimization_v4.0.30319_64 - ok
01:51:49.0816 3520  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:51:49.0820 3520  CmBatt - ok
01:51:49.0850 3520  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:51:49.0856 3520  cmdide - ok
01:51:49.0905 3520  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
01:51:49.0938 3520  CNG - ok
01:51:49.0975 3520  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:51:49.0982 3520  Compbatt - ok
01:51:50.0013 3520  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:51:50.0021 3520  CompositeBus - ok
01:51:50.0037 3520  COMSysApp - ok
01:51:50.0054 3520  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
01:51:50.0062 3520  crcdisk - ok
01:51:50.0118 3520  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:51:50.0133 3520  CryptSvc - ok
01:51:50.0161 3520  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
01:51:50.0166 3520  CVirtA - ok
01:51:50.0266 3520  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND          C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
01:51:50.0345 3520  CVPND - ok
01:51:50.0427 3520  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
01:51:50.0433 3520  CVPNDRVA - ok
01:51:50.0482 3520  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:51:50.0491 3520  DcomLaunch - ok
01:51:50.0601 3520  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
01:51:50.0623 3520  defragsvc - ok
01:51:50.0682 3520  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:51:50.0691 3520  DfsC - ok
01:51:50.0726 3520  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:51:50.0747 3520  Dhcp - ok
01:51:50.0780 3520  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:51:50.0781 3520  discache - ok
01:51:50.0813 3520  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:51:50.0823 3520  Disk - ok
01:51:50.0871 3520  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE            C:\Windows\system32\DRIVERS\dne64x.sys
01:51:50.0872 3520  DNE - ok
01:51:50.0920 3520  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:51:50.0922 3520  Dnscache - ok
01:51:50.0951 3520  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
01:51:50.0971 3520  dot3svc - ok
01:51:51.0007 3520  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
01:51:51.0009 3520  DPS - ok
01:51:51.0049 3520  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
01:51:51.0053 3520  drmkaud - ok
01:51:51.0115 3520  [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
01:51:51.0132 3520  DsiWMIService - ok
01:51:51.0521 3520  [ E346B688AFAD029978FA030299F614E6 ] DSUDiskOptimizer C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe
01:51:51.0542 3520  DSUDiskOptimizer - ok
01:51:51.0640 3520  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
01:51:51.0679 3520  DXGKrnl - ok
01:51:51.0762 3520  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
01:51:51.0764 3520  EapHost - ok
01:51:51.0868 3520  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
01:51:52.0024 3520  ebdrv - ok
01:51:52.0076 3520  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
01:51:52.0078 3520  EFS - ok
01:51:52.0141 3520  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
01:51:52.0171 3520  ehRecvr - ok
01:51:52.0229 3520  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
01:51:52.0242 3520  ehSched - ok
01:51:52.0292 3520  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
01:51:52.0325 3520  elxstor - ok
01:51:52.0406 3520  [ 679EFB7FB5FAB13A68ADB9AE9C6ED4EF ] ePowerSvc      C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
01:51:52.0434 3520  ePowerSvc - ok
01:51:52.0475 3520  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:51:52.0481 3520  ErrDev - ok
01:51:52.0526 3520  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
01:51:52.0558 3520  EventSystem - ok
01:51:52.0590 3520  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
01:51:52.0601 3520  exfat - ok
01:51:52.0616 3520  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
01:51:52.0627 3520  fastfat - ok
01:51:52.0671 3520  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
01:51:52.0682 3520  Fax - ok
01:51:52.0735 3520  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
01:51:52.0741 3520  fdc - ok
01:51:52.0780 3520  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
01:51:52.0781 3520  fdPHost - ok
01:51:52.0794 3520  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:51:52.0803 3520  FDResPub - ok
01:51:52.0839 3520  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:51:52.0849 3520  FileInfo - ok
01:51:52.0854 3520  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
01:51:52.0861 3520  Filetrace - ok
01:51:52.0872 3520  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:51:52.0879 3520  flpydisk - ok
01:51:52.0908 3520  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:51:52.0929 3520  FltMgr - ok
01:51:53.0002 3520  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
01:51:53.0031 3520  FontCache - ok
01:51:53.0104 3520  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:51:53.0114 3520  FontCache3.0.0.0 - ok
01:51:53.0151 3520  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
01:51:53.0160 3520  FsDepends - ok
01:51:53.0188 3520  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:51:53.0194 3520  Fs_Rec - ok
01:51:53.0234 3520  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:51:53.0237 3520  fvevol - ok
01:51:53.0266 3520  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:51:53.0275 3520  gagp30kx - ok
01:51:53.0297 3520  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:51:53.0303 3520  GEARAspiWDM - ok
01:51:53.0345 3520  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
01:51:53.0379 3520  gpsvc - ok
01:51:53.0455 3520  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
01:51:53.0462 3520  GREGService - ok
01:51:53.0535 3520  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:51:53.0536 3520  gupdate - ok
01:51:53.0564 3520  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:51:53.0565 3520  gupdatem - ok
01:51:53.0587 3520  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc          C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:51:53.0589 3520  gusvc - ok
01:51:53.0608 3520  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:51:53.0616 3520  hcw85cir - ok
01:51:53.0663 3520  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:51:53.0696 3520  HdAudAddService - ok
01:51:53.0728 3520  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:51:53.0729 3520  HDAudBus - ok
01:51:53.0762 3520  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
01:51:53.0769 3520  HECIx64 - ok
01:51:53.0794 3520  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
01:51:53.0800 3520  HidBatt - ok
01:51:53.0820 3520  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:51:53.0828 3520  HidBth - ok
01:51:53.0856 3520  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
01:51:53.0863 3520  HidIr - ok
01:51:53.0891 3520  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
01:51:53.0899 3520  hidserv - ok
01:51:53.0925 3520  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:51:53.0931 3520  HidUsb - ok
01:51:53.0958 3520  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:51:53.0961 3520  hkmsvc - ok
01:51:54.0010 3520  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:51:54.0014 3520  HomeGroupListener - ok
01:51:54.0047 3520  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:51:54.0061 3520  HomeGroupProvider - ok
01:51:54.0098 3520  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:51:54.0107 3520  HpSAMD - ok
01:51:54.0186 3520  [ 917AD8239B7FFE908FF8F715A534D273 ] hshld          C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
01:51:54.0207 3520  hshld - ok
01:51:54.0250 3520  [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv          C:\Windows\system32\DRIVERS\HssDrv.sys
01:51:54.0257 3520  HssDrv - ok
01:51:54.0283 3520  [ E521D91D1A3DDEB2867AA091A8A9D156 ] HssSrv          C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
01:51:54.0299 3520  HssSrv - ok
01:51:54.0352 3520  [ 443156D4CA230724B8FF5234B0C9FFFC ] HssTrayService  C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
01:51:54.0354 3520  HssTrayService - ok
01:51:54.0408 3520  [ BB4B1326F64C3E1C1102258DC453851E ] HssWd          C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
01:51:54.0426 3520  HssWd - ok
01:51:54.0492 3520  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:51:54.0502 3520  HTTP - ok
01:51:54.0529 3520  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:51:54.0530 3520  hwpolicy - ok
01:51:54.0562 3520  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:51:54.0573 3520  i8042prt - ok
01:51:54.0644 3520  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
01:51:54.0649 3520  iaStor - ok
01:51:54.0723 3520  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:51:54.0724 3520  IAStorDataMgrSvc - ok
01:51:54.0765 3520  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
01:51:54.0786 3520  iaStorV - ok
01:51:54.0838 3520  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:51:54.0883 3520  idsvc - ok
01:51:54.0910 3520  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
01:51:54.0918 3520  iirsp - ok
01:51:54.0982 3520  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:51:54.0999 3520  IKEEXT - ok
01:51:55.0088 3520  [ C48567D80AD357613CD0EEADE18780AE ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
01:51:55.0098 3520  Impcd - ok
01:51:55.0200 3520  [ A0EAB13A78CC5FB960EC76E3D6408DA3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:51:55.0314 3520  IntcAzAudAddService - ok
01:51:55.0346 3520  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:51:55.0352 3520  intelide - ok
01:51:55.0554 3520  [ 90AFAB2B5962B1CD5BB23320675D6174 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
01:51:55.0819 3520  intelkmd - ok
01:51:55.0851 3520  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:51:55.0852 3520  intelppm - ok
01:51:55.0882 3520  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
01:51:55.0892 3520  IPBusEnum - ok
01:51:55.0924 3520  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:51:55.0933 3520  IpFilterDriver - ok
01:51:55.0967 3520  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:51:55.0975 3520  iphlpsvc - ok
01:51:56.0010 3520  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
01:51:56.0021 3520  IPMIDRV - ok
01:51:56.0044 3520  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
01:51:56.0053 3520  IPNAT - ok
01:51:56.0144 3520  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:51:56.0151 3520  iPod Service - ok
01:51:56.0193 3520  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:51:56.0199 3520  IRENUM - ok
01:51:56.0260 3520  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:51:56.0267 3520  isapnp - ok
01:51:56.0382 3520  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:51:56.0400 3520  iScsiPrt - ok
01:51:56.0471 3520  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
01:51:56.0480 3520  kbdclass - ok
01:51:56.0507 3520  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:51:56.0514 3520  kbdhid - ok
01:51:56.0542 3520  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:51:56.0545 3520  KeyIso - ok
01:51:56.0572 3520  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:51:56.0583 3520  KSecDD - ok
01:51:56.0625 3520  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
01:51:56.0638 3520  KSecPkg - ok
01:51:56.0679 3520  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
01:51:56.0684 3520  ksthunk - ok
01:51:56.0716 3520  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
01:51:56.0750 3520  KtmRm - ok
01:51:56.0779 3520  [ 6E0698CEA0901FD1A2B9CE0859E2D8FE ] L1C            C:\Windows\system32\DRIVERS\L1C62x64.sys
01:51:56.0788 3520  L1C - ok
01:51:56.0827 3520  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:51:56.0831 3520  LanmanServer - ok
01:51:56.0862 3520  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:51:56.0865 3520  LanmanWorkstation - ok
01:51:56.0901 3520  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:51:56.0908 3520  lltdio - ok
01:51:56.0950 3520  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
01:51:56.0963 3520  lltdsvc - ok
01:51:56.0987 3520  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
01:51:56.0995 3520  lmhosts - ok
01:51:57.0052 3520  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:51:57.0068 3520  LMS - ok
01:51:57.0126 3520  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:51:57.0137 3520  LSI_FC - ok
01:51:57.0144 3520  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
01:51:57.0154 3520  LSI_SAS - ok
01:51:57.0187 3520  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:51:57.0195 3520  LSI_SAS2 - ok
01:51:57.0216 3520  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:51:57.0225 3520  LSI_SCSI - ok
01:51:57.0278 3520  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
01:51:57.0289 3520  luafv - ok
01:51:57.0337 3520  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
01:51:57.0344 3520  MBAMProtector - ok
01:51:57.0397 3520  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:51:57.0401 3520  MBAMScheduler - ok
01:51:57.0432 3520  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:51:57.0451 3520  MBAMService - ok
01:51:57.0500 3520  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
01:51:57.0511 3520  Mcx2Svc - ok
01:51:57.0541 3520  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
01:51:57.0542 3520  megasas - ok
01:51:57.0565 3520  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:51:57.0579 3520  MegaSR - ok
01:51:57.0604 3520  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
01:51:57.0606 3520  MMCSS - ok
01:51:57.0638 3520  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
01:51:57.0645 3520  Modem - ok
01:51:57.0664 3520  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
01:51:57.0665 3520  monitor - ok
01:51:57.0687 3520  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:51:57.0696 3520  mouclass - ok
01:51:57.0719 3520  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:51:57.0725 3520  mouhid - ok
01:51:57.0768 3520  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:51:57.0770 3520  mountmgr - ok
01:51:57.0846 3520  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:51:57.0859 3520  MozillaMaintenance - ok
01:51:57.0918 3520  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:51:57.0933 3520  mpio - ok
01:51:57.0955 3520  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:51:57.0963 3520  mpsdrv - ok
01:51:58.0009 3520  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:51:58.0026 3520  MpsSvc - ok
01:51:58.0055 3520  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:51:58.0066 3520  MRxDAV - ok
01:51:58.0093 3520  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:51:58.0104 3520  mrxsmb - ok
01:51:58.0133 3520  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:51:58.0147 3520  mrxsmb10 - ok
01:51:58.0154 3520  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:51:58.0164 3520  mrxsmb20 - ok
01:51:58.0199 3520  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:51:58.0206 3520  msahci - ok
01:51:58.0229 3520  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
01:51:58.0240 3520  msdsm - ok
01:51:58.0257 3520  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
01:51:58.0269 3520  MSDTC - ok
01:51:58.0297 3520  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:51:58.0303 3520  Msfs - ok
01:51:58.0328 3520  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
01:51:58.0329 3520  mshidkmdf - ok
01:51:58.0365 3520  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:51:58.0372 3520  msisadrv - ok
01:51:58.0404 3520  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
01:51:58.0416 3520  MSiSCSI - ok
01:51:58.0422 3520  msiserver - ok
01:51:58.0451 3520  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
01:51:58.0455 3520  MSKSSRV - ok
01:51:58.0462 3520  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:51:58.0468 3520  MSPCLOCK - ok
01:51:58.0473 3520  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
01:51:58.0477 3520  MSPQM - ok
01:51:58.0514 3520  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
01:51:58.0536 3520  MsRPC - ok
01:51:58.0595 3520  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:51:58.0596 3520  mssmbios - ok
01:51:58.0616 3520  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
01:51:58.0620 3520  MSTEE - ok
01:51:58.0637 3520  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:51:58.0642 3520  MTConfig - ok
01:51:58.0660 3520  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
01:51:58.0669 3520  Mup - ok
01:51:58.0704 3520  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
01:51:58.0710 3520  mwlPSDFilter - ok
01:51:58.0726 3520  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ    C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
01:51:58.0732 3520  mwlPSDNServ - ok
01:51:58.0750 3520  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk    C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
01:51:58.0759 3520  mwlPSDVDisk - ok
01:51:58.0814 3520  [ 0036634E5C92BE109056F7E2380103A9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
01:51:58.0827 3520  MWLService - ok
01:51:58.0860 3520  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:51:58.0867 3520  napagent - ok
01:51:58.0926 3520  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
01:51:58.0946 3520  NativeWifiP - ok
01:51:59.0000 3520  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:51:59.0029 3520  NDIS - ok
01:51:59.0078 3520  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
01:51:59.0085 3520  NdisCap - ok
01:51:59.0108 3520  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:51:59.0114 3520  NdisTapi - ok
01:51:59.0151 3520  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
01:51:59.0159 3520  Ndisuio - ok
01:51:59.0202 3520  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
01:51:59.0226 3520  NdisWan - ok
01:51:59.0273 3520  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
01:51:59.0281 3520  NDProxy - ok
01:51:59.0318 3520  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
01:51:59.0325 3520  NetBIOS - ok
01:51:59.0361 3520  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
01:51:59.0365 3520  NetBT - ok
01:51:59.0399 3520  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:51:59.0400 3520  Netlogon - ok
01:51:59.0441 3520  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:51:59.0446 3520  Netman - ok
01:51:59.0473 3520  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:51:59.0504 3520  netprofm - ok
01:51:59.0531 3520  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:51:59.0544 3520  NetTcpPortSharing - ok
01:51:59.0586 3520  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
01:51:59.0594 3520  nfrd960 - ok
01:51:59.0631 3520  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:51:59.0636 3520  NlaSvc - ok
01:51:59.0652 3520  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:51:59.0659 3520  Npfs - ok
01:51:59.0677 3520  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
01:51:59.0679 3520  nsi - ok
01:51:59.0697 3520  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:51:59.0697 3520  nsiproxy - ok
01:51:59.0757 3520  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:51:59.0878 3520  Ntfs - ok
01:51:59.0973 3520  [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
01:51:59.0989 3520  NTI IScheduleSvc - ok
01:52:00.0028 3520  [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
01:52:00.0039 3520  NTIBackupSvc - ok
01:52:00.0080 3520  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
01:52:00.0085 3520  NTIDrvr - ok
01:52:00.0105 3520  [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
01:52:00.0147 3520  NTISchedulerSvc - ok
01:52:00.0169 3520  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:52:00.0174 3520  Null - ok
01:52:00.0204 3520  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:52:00.0213 3520  nvraid - ok
01:52:00.0234 3520  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:52:00.0245 3520  nvstor - ok
01:52:00.0275 3520  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:52:00.0285 3520  nv_agp - ok
01:52:00.0380 3520  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:52:00.0424 3520  odserv - ok
01:52:00.0475 3520  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:52:00.0485 3520  ohci1394 - ok
01:52:00.0542 3520  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:52:00.0556 3520  ose - ok
01:52:00.0589 3520  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:52:00.0595 3520  p2pimsvc - ok
01:52:00.0634 3520  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:52:00.0641 3520  p2psvc - ok
01:52:00.0677 3520  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
01:52:00.0686 3520  Parport - ok
01:52:00.0710 3520  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
01:52:00.0720 3520  partmgr - ok
01:52:00.0778 3520  [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe
01:52:00.0855 3520  Partner Service - ok
01:52:00.0882 3520  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:52:00.0885 3520  PcaSvc - ok
01:52:00.0899 3520  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
01:52:00.0901 3520  pci - ok
01:52:00.0934 3520  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:52:00.0940 3520  pciide - ok
01:52:00.0973 3520  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:52:00.0988 3520  pcmcia - ok
01:52:00.0994 3520  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
01:52:01.0004 3520  pcw - ok
01:52:01.0042 3520  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:52:01.0097 3520  PEAUTH - ok
01:52:01.0183 3520  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:52:01.0192 3520  PerfHost - ok
01:52:01.0248 3520  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
01:52:01.0300 3520  pla - ok
01:52:01.0365 3520  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:52:01.0373 3520  PlugPlay - ok
01:52:01.0402 3520  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
01:52:01.0411 3520  PNRPAutoReg - ok
01:52:01.0433 3520  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
01:52:01.0437 3520  PNRPsvc - ok
01:52:01.0473 3520  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
01:52:01.0480 3520  PolicyAgent - ok
01:52:01.0513 3520  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
01:52:01.0517 3520  Power - ok
01:52:01.0548 3520  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:52:01.0560 3520  PptpMiniport - ok
01:52:01.0628 3520  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
01:52:01.0638 3520  Processor - ok
01:52:01.0667 3520  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
01:52:01.0671 3520  ProfSvc - ok
01:52:01.0687 3520  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:52:01.0689 3520  ProtectedStorage - ok
01:52:01.0714 3520  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:52:01.0715 3520  Psched - ok
01:52:01.0766 3520  [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
01:52:01.0775 3520  PxHlpa64 - ok
01:52:01.0830 3520  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:52:01.0901 3520  ql2300 - ok
01:52:01.0925 3520  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:52:01.0937 3520  ql40xx - ok
01:52:01.0962 3520  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
01:52:01.0984 3520  QWAVE - ok
01:52:02.0000 3520  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:52:02.0007 3520  QWAVEdrv - ok
01:52:02.0017 3520  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:52:02.0022 3520  RasAcd - ok
01:52:02.0059 3520  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
01:52:02.0067 3520  RasAgileVpn - ok
01:52:02.0100 3520  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
01:52:02.0111 3520  RasAuto - ok
01:52:02.0133 3520  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
01:52:02.0142 3520  Rasl2tp - ok
01:52:02.0181 3520  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:52:02.0215 3520  RasMan - ok
01:52:02.0260 3520  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:52:02.0269 3520  RasPppoe - ok
01:52:02.0290 3520  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
01:52:02.0299 3520  RasSstp - ok
01:52:02.0331 3520  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
01:52:02.0354 3520  rdbss - ok
01:52:02.0378 3520  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:52:02.0385 3520  rdpbus - ok
01:52:02.0410 3520  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:52:02.0411 3520  RDPCDD - ok
01:52:02.0424 3520  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:52:02.0425 3520  RDPENCDD - ok
01:52:02.0436 3520  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:52:02.0436 3520  RDPREFMP - ok
01:52:02.0462 3520  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
01:52:02.0473 3520  RDPWD - ok
01:52:02.0503 3520  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:52:02.0517 3520  rdyboost - ok
01:52:02.0544 3520  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:52:02.0554 3520  RemoteAccess - ok
01:52:02.0584 3520  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:52:02.0598 3520  RemoteRegistry - ok
01:52:02.0645 3520  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo      C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
01:52:02.0659 3520  RichVideo - ok
01:52:02.0717 3520  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:52:02.0719 3520  RpcEptMapper - ok
01:52:02.0740 3520  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:52:02.0746 3520  RpcLocator - ok
01:52:02.0782 3520  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
01:52:02.0789 3520  RpcSs - ok
01:52:02.0825 3520  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:52:02.0833 3520  rspndr - ok
01:52:02.0843 3520  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
01:52:02.0845 3520  SamSs - ok
01:52:02.0871 3520  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:52:02.0880 3520  sbp2port - ok
01:52:02.0911 3520  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:52:02.0925 3520  SCardSvr - ok
01:52:02.0976 3520  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:52:02.0984 3520  scfilter - ok
01:52:03.0033 3520  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:52:03.0106 3520  Schedule - ok
01:52:03.0135 3520  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
01:52:03.0136 3520  SCPolicySvc - ok
01:52:03.0148 3520  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:52:03.0170 3520  SDRSVC - ok
01:52:03.0209 3520  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:52:03.0215 3520  secdrv - ok
01:52:03.0239 3520  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:52:03.0248 3520  seclogon - ok
01:52:03.0279 3520  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:52:03.0289 3520  SENS - ok
01:52:03.0306 3520  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:52:03.0315 3520  SensrSvc - ok
01:52:03.0331 3520  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
01:52:03.0337 3520  Serenum - ok
01:52:03.0364 3520  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:52:03.0373 3520  Serial - ok
01:52:03.0407 3520  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:52:03.0413 3520  sermouse - ok
01:52:03.0449 3520  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:52:03.0459 3520  SessionEnv - ok
01:52:03.0483 3520  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
01:52:03.0488 3520  sffdisk - ok
01:52:03.0500 3520  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:52:03.0506 3520  sffp_mmc - ok
01:52:03.0518 3520  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
01:52:03.0523 3520  sffp_sd - ok
01:52:03.0551 3520  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
01:52:03.0556 3520  sfloppy - ok
01:52:03.0584 3520  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:52:03.0605 3520  SharedAccess - ok
01:52:03.0678 3520  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:52:03.0696 3520  ShellHWDetection - ok
01:52:03.0717 3520  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:52:03.0725 3520  SiSRaid2 - ok
01:52:03.0745 3520  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:52:03.0753 3520  SiSRaid4 - ok
01:52:03.0824 3520  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
01:52:03.0891 3520  SkypeUpdate - ok
01:52:03.0914 3520  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
01:52:03.0923 3520  Smb - ok
01:52:03.0961 3520  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:52:03.0967 3520  SNMPTRAP - ok
01:52:03.0988 3520  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
01:52:03.0994 3520  spldr - ok
01:52:04.0024 3520  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
01:52:04.0043 3520  Spooler - ok
01:52:04.0146 3520  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:52:04.0218 3520  sppsvc - ok
01:52:04.0244 3520  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
01:52:04.0254 3520  sppuinotify - ok
01:52:04.0290 3520  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
01:52:04.0323 3520  srv - ok
01:52:04.0334 3520  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:52:04.0353 3520  srv2 - ok
01:52:04.0362 3520  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:52:04.0389 3520  srvnet - ok
01:52:04.0432 3520  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
01:52:04.0437 3520  SSDPSRV - ok
01:52:04.0456 3520  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
01:52:04.0467 3520  SstpSvc - ok
01:52:04.0504 3520  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:52:04.0511 3520  stexstor - ok
01:52:04.0560 3520  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:52:04.0593 3520  stisvc - ok
01:52:04.0672 3520  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:52:04.0678 3520  swenum - ok
01:52:04.0750 3520  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
01:52:04.0771 3520  swprv - ok
01:52:04.0839 3520  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
01:52:04.0852 3520  SynTP - ok
01:52:04.0915 3520  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
01:52:04.0953 3520  SysMain - ok
01:52:04.0999 3520  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:52:05.0006 3520  TabletInputService - ok
01:52:05.0038 3520  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
01:52:05.0043 3520  taphss - ok
01:52:05.0081 3520  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
01:52:05.0094 3520  TapiSrv - ok
01:52:05.0136 3520  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
01:52:05.0139 3520  TBS - ok
01:52:05.0253 3520  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
01:52:05.0348 3520  Tcpip - ok
01:52:05.0414 3520  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:52:05.0431 3520  TCPIP6 - ok
01:52:05.0457 3520  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:52:05.0464 3520  tcpipreg - ok
01:52:05.0505 3520  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:52:05.0510 3520  TDPIPE - ok
01:52:05.0543 3520  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
01:52:05.0549 3520  TDTCP - ok
01:52:05.0577 3520  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
01:52:05.0586 3520  tdx - ok
01:52:05.0617 3520  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:52:05.0626 3520  TermDD - ok
01:52:05.0682 3520  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
01:52:05.0693 3520  TermService - ok
01:52:05.0756 3520  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:52:05.0758 3520  Themes - ok
01:52:05.0782 3520  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
01:52:05.0785 3520  THREADORDER - ok
01:52:05.0809 3520  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:52:05.0812 3520  TrkWks - ok
01:52:05.0868 3520  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:52:05.0870 3520  TrustedInstaller - ok
01:52:05.0909 3520  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:52:05.0915 3520  tssecsrv - ok
01:52:05.0965 3520  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:52:05.0976 3520  TsUsbFlt - ok
01:52:06.0022 3520  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:52:06.0033 3520  tunnel - ok
01:52:06.0073 3520  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
01:52:06.0079 3520  TurboB - ok
01:52:06.0129 3520  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
01:52:06.0144 3520  TurboBoost - ok
01:52:06.0174 3520  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:52:06.0183 3520  uagp35 - ok
01:52:06.0199 3520  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
01:52:06.0205 3520  UBHelper - ok
01:52:06.0216 3520  UCORESYS - ok
01:52:06.0225 3520  UCOREW64 - ok
01:52:06.0265 3520  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:52:06.0287 3520  udfs - ok
01:52:06.0320 3520  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
01:52:06.0332 3520  UI0Detect - ok
01:52:06.0346 3520  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:52:06.0355 3520  uliagpkx - ok
01:52:06.0382 3520  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
01:52:06.0391 3520  umbus - ok
01:52:06.0423 3520  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:52:06.0429 3520  UmPass - ok
01:52:06.0551 3520  [ 41118D920B2B268C0ADC36421248CDCF ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:52:06.0571 3520  UNS - ok
01:52:06.0677 3520  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
01:52:06.0696 3520  Updater Service - ok
01:52:06.0726 3520  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:52:06.0748 3520  upnphost - ok
01:52:06.0783 3520  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
01:52:06.0791 3520  USBAAPL64 - ok
01:52:06.0838 3520  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
01:52:06.0848 3520  usbaudio - ok
01:52:06.0885 3520  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
01:52:06.0894 3520  usbccgp - ok
01:52:06.0922 3520  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:52:06.0937 3520  usbcir - ok
01:52:06.0991 3520  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
01:52:06.0999 3520  usbehci - ok
01:52:07.0037 3520  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:52:07.0059 3520  usbhub - ok
01:52:07.0122 3520  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
01:52:07.0128 3520  usbohci - ok
01:52:07.0165 3520  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:52:07.0172 3520  usbprint - ok
01:52:07.0209 3520  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
01:52:07.0217 3520  usbscan - ok
01:52:07.0239 3520  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:52:07.0248 3520  USBSTOR - ok
01:52:07.0287 3520  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
01:52:07.0295 3520  usbuhci - ok
01:52:07.0377 3520  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
01:52:07.0388 3520  usbvideo - ok
01:52:07.0407 3520  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
01:52:07.0409 3520  UxSms - ok
01:52:07.0420 3520  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:52:07.0423 3520  VaultSvc - ok
01:52:07.0436 3520  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:52:07.0444 3520  vdrvroot - ok
01:52:07.0487 3520  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
01:52:07.0532 3520  vds - ok
01:52:07.0578 3520  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
01:52:07.0584 3520  vga - ok
01:52:07.0599 3520  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
01:52:07.0605 3520  VgaSave - ok
01:52:07.0630 3520  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
01:52:07.0646 3520  vhdmp - ok
01:52:07.0667 3520  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:52:07.0673 3520  viaide - ok
01:52:07.0693 3520  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:52:07.0702 3520  volmgr - ok
01:52:07.0717 3520  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
01:52:07.0722 3520  volmgrx - ok
01:52:07.0731 3520  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
01:52:07.0746 3520  volsnap - ok
01:52:07.0785 3520  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
01:52:07.0795 3520  vsmraid - ok
01:52:07.0869 3520  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
01:52:07.0942 3520  VSS - ok
01:52:07.0964 3520  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:52:07.0971 3520  vwifibus - ok
01:52:07.0985 3520  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:52:07.0993 3520  vwififlt - ok
01:52:08.0025 3520  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
01:52:08.0031 3520  W32Time - ok
01:52:08.0064 3520  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:52:08.0071 3520  WacomPen - ok
01:52:08.0113 3520  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:52:08.0122 3520  WANARP - ok
01:52:08.0141 3520  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:52:08.0142 3520  Wanarpv6 - ok
01:52:08.0204 3520  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
01:52:08.0259 3520  WatAdminSvc - ok
01:52:08.0323 3520  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:52:08.0412 3520  wbengine - ok
01:52:08.0434 3520  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:52:08.0448 3520  WbioSrvc - ok
01:52:08.0484 3520  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
01:52:08.0506 3520  wcncsvc - ok
01:52:08.0517 3520  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:52:08.0526 3520  WcsPlugInService - ok
01:52:08.0550 3520  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:52:08.0556 3520  Wd - ok
01:52:08.0592 3520  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:52:08.0625 3520  Wdf01000 - ok
01:52:08.0636 3520  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:52:08.0647 3520  WdiServiceHost - ok
01:52:08.0652 3520  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
01:52:08.0655 3520  WdiSystemHost - ok
01:52:08.0690 3520  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
01:52:08.0712 3520  WebClient - ok
01:52:08.0743 3520  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:52:08.0757 3520  Wecsvc - ok
01:52:08.0775 3520  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
01:52:08.0778 3520  wercplsupport - ok
01:52:08.0800 3520  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:52:08.0803 3520  WerSvc - ok
01:52:08.0842 3520  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:52:08.0846 3520  WfpLwf - ok
01:52:08.0861 3520  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:52:08.0869 3520  WIMMount - ok
01:52:08.0902 3520  WinDefend - ok
01:52:08.0910 3520  WinHttpAutoProxySvc - ok
01:52:08.0976 3520  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
01:52:08.0998 3520  Winmgmt - ok
01:52:09.0082 3520  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
01:52:09.0179 3520  WinRM - ok
01:52:09.0243 3520  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:52:09.0253 3520  WinUsb - ok
01:52:09.0302 3520  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
01:52:09.0346 3520  Wlansvc - ok
01:52:09.0383 3520  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
01:52:09.0384 3520  WmiAcpi - ok
01:52:09.0415 3520  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:52:09.0427 3520  wmiApSrv - ok
01:52:09.0468 3520  WMPNetworkSvc - ok
01:52:09.0501 3520  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:52:09.0508 3520  WPCSvc - ok
01:52:09.0535 3520  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:52:09.0539 3520  WPDBusEnum - ok
01:52:09.0563 3520  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
01:52:09.0569 3520  ws2ifsl - ok
01:52:09.0585 3520  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:52:09.0588 3520  wscsvc - ok
01:52:09.0592 3520  WSearch - ok
01:52:09.0678 3520  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:52:09.0745 3520  wuauserv - ok
01:52:09.0777 3520  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:52:09.0785 3520  WudfPf - ok
01:52:09.0834 3520  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:52:09.0846 3520  WUDFRd - ok
01:52:09.0870 3520  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
01:52:09.0881 3520  wudfsvc - ok
01:52:09.0904 3520  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
01:52:09.0918 3520  WwanSvc - ok
01:52:09.0939 3520  ================ Scan global ===============================
01:52:09.0952 3520  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:52:09.0987 3520  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:52:09.0998 3520  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:52:10.0023 3520  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:52:10.0059 3520  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:52:10.0074 3520  [Global] - ok
01:52:10.0075 3520  ================ Scan MBR ==================================
01:52:10.0095 3520  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:52:10.0420 3520  \Device\Harddisk0\DR0 - ok
01:52:10.0421 3520  ================ Scan VBR ==================================
01:52:10.0424 3520  [ 529BECEC1D138A736620B790656F39D1 ] \Device\Harddisk0\DR0\Partition1
01:52:10.0427 3520  \Device\Harddisk0\DR0\Partition1 - ok
01:52:10.0450 3520  [ D6AD901CF5C9D0B044A5CD500C773A4C ] \Device\Harddisk0\DR0\Partition2
01:52:10.0452 3520  \Device\Harddisk0\DR0\Partition2 - ok
01:52:10.0453 3520  ============================================================
01:52:10.0453 3520  Scan finished
01:52:10.0453 3520  ============================================================
01:52:10.0469 2460  Detected object count: 0
01:52:10.0469 2460  Actual detected object count: 0
schöne weihnachtstage und grüße! anna

Larusso 25.12.2012 18:30
So sieht alles Okay aus.

Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
  • Starte den Rechner neu auf.
  • Sobald du den Rechner das erste mal piepen hörst, drücke die F8 Taste. ( Dies kann von System zu System variieren )
  • Windows wird dir ein Auswahlmenu geben anstatt sich normal zu starten.
  • Wähle hier Abgesicherter Modus mit Netzwerktreibern und drücke Enter.


Berichte mal ob das hier auch auftritt.

skyfly 25.12.2012 21:22
im abgesicherten modus genau das selbe, 3,5 minuten bis chrome startet, genauso lang explorer, firefox 4 minuten. ich muss jetzt mal ganz dumm fragen, hört sich das für dich nach malware an oder eher nach wer weiß was für nem anderen fehler? alle anderen programme starten normal, schnell und problemlos.
gruß, anna

Larusso 26.12.2012 14:35
Zitat:
eher nach wer weiß was für nem anderen fehler?
:rofl: :daumenhoc
Genau nach dem hört es sich für mich an.

Ich sehe auch keinen Grund warum alle Browser so langsam starten. Eventuell sind da die ganzen Extensions schuld bzw kann es auch nur eine einzelne sein.
Mal sehen was das tool so findet :)

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


Code:
:files
ipconfig /flushdns /c
:commands
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread



Berichte mal wie es nach nem neustart aussieht

skyfly 27.12.2012 17:53
so, hier die beiden textdateien ... ich wünschte, ich könnte irgendwas davon verstehen^^... doof,wenn man keine ahnung hat.
Code:
# AdwCleaner v2.103 - Datei am 27/12/2012 um 17:37:46 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ANNE11 - SKYFLY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ANNE11\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKU\S-1-5-21-601352848-747209243-374771248-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v12.0 (de)

Datei : C:\Users\ANNE11\AppData\Roaming\Mozilla\Firefox\Profiles\r6sbwekk.default\prefs.js

Gefunden : user_pref("browser.startup.homepage", "hxxp://search.hotspotshield.com/g/?c=h");
Gefunden : user_pref("keyword.URL", "hxxp://search.hotspotshield.com/g/results.php?c=s&q=");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3366 octets] - [27/12/2012 17:37:46]

########## EOF - C:\AdwCleaner[R1].txt - [3426 octets] ##########
Code:
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\ANNE11\Desktop\cmd.bat deleted successfully.
C:\Users\ANNE11\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ANNE11
->Temp folder emptied: 903972773 bytes
->Temporary Internet Files folder emptied: 279316742 bytes
->Java cache emptied: 1745730 bytes
->FireFox cache emptied: 87783276 bytes
->Google Chrome cache emptied: 403148293 bytes
->Flash cache emptied: 5089277 bytes
 
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4938272 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102609 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 96632539 bytes
 
Total Files Cleaned = 1.702,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12272012_174008

Files\Folders moved on Reboot...
C:\Users\ANNE11\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
schöne grüße, anna

Larusso 27.12.2012 18:16
Starte bitte ADWCleaner erneut und drücke auf löschen.

Berichte wie sich deine Browser machen.

skyfly 27.12.2012 23:07
irgendwas hats gebracht, der explorer ist sofort da, firefox auch fix, nur chrome ziert sich noch ein bißchen, aber im 30 sec bereich und nicht mehr minutenlang wie vorher! damit könnte ich leben!

Larusso 28.12.2012 03:21
Freut mich. Versuchen wir mal folgendes von hier: Erweiterungen verwalten - Google Chrome-Hilfe

Zitat:
Erweiterungen vorübergehend deaktivieren

Klicken Sie auf das Chrome-Menü Chrome menu auf der Symbolleiste des Browsers.
Wählen Sie Tools aus.
Wählen Sie Erweiterungen.
Klicken Sie auf der Erweiterungsseite bei der Erweiterung, die vorläufig entfernt werden soll, auf Deaktivieren.
Deaktiviere alle Erweiterungen und berichte bitte.

skyfly 30.12.2012 13:47
hi daniel,
ich hab alles deaktiviert, war sowieso nur eine, aber chrome braucht immer noch ca. 30 sec. um zu starten. wie gesagt, könnte damit gut leben, wenn du natürlich noch eine idee hast, jederzeit ;)
schöne grüße, anna

Larusso 30.12.2012 17:22
Okay,

Versuch einmal eine Neuinstallation von Chrome. Wenn das auch nicht hilft, bin ich Ahnungslos

skyfly 31.12.2012 01:45
:dankeschoen::dankeschoen::dankeschoen:
vielen dank für deine hilfe, ist ne riesenverbesserung!.ich wünsche dir einen guten rutsch!
lg anna

Larusso 31.12.2012 10:21
Freut mich. Lass mich noch paar Kleinigkeiten überprüfen.

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.

skyfly 31.12.2012 14:59
Code:
Results of screen317's Security Check version 0.99.56 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.65.1.1000 
 Java(TM) 6 Update 37 
 Java version out of Date!
 Adobe Flash Player 11.5.502.135 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 12.0 Firefox out of Date! 
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
 Google Chrome 22.0.1229.79 
 Google Chrome 22.0.1229.92 
 Google Chrome 22.0.1229.94 
 Google Chrome 23.0.1271.64 
 Google Chrome 23.0.1271.91 
 Google Chrome 23.0.1271.95 
 Google Chrome 23.0.1271.97 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
p.s.: auf zur silvesterfeier ;)

Larusso 02.01.2013 10:45
So, ich bin auch wieder unter den Lebenden :D


Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.



Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 10 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.



In Firefox auf Extras --> Einstellungen --> Erweitert --> Update.

Gehe sicher, dass Firefox automatisch nach Updates sucht und diese auch installiert werden.




Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

skyfly 02.01.2013 12:59
jahrewechsel überlebt!!! :balla:
oki, hier die logs
Code:
OTL logfile created on: 02.01.2013 12:32:44 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\ANNE11\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 62,68% Memory free
7,35 Gb Paging File | 5,67 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 339,07 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
 
Computer Name: SKYFLY | User Name: ANNE11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.23 04:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ANNE11\Desktop\OTL.exe
PRC - [2012.10.13 02:27:56 | 000,523,632 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.10.13 02:27:54 | 001,269,616 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.10.12 01:38:28 | 000,413,040 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.10.12 01:37:42 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.08 18:45:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.04.23 17:46:32 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.04.17 06:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 00:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.05.19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008.12.19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 16:50:52 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\c9df7b9913344bb7c80a50e59d7e48f6\System.Messaging.ni.dll
MOD - [2012.11.16 16:50:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll
MOD - [2012.11.16 15:51:39 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.16 15:51:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.16 15:51:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.16 15:51:02 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.16 15:50:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.16 15:50:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.16 15:50:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.16 15:50:39 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.16 15:50:34 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.03.02 17:12:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.15 14:11:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.14 12:35:41 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.13 02:27:56 | 000,523,632 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.10.12 01:47:38 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.10.12 01:38:28 | 000,413,040 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.10.12 01:37:42 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.20 17:21:58 | 000,691,040 | ---- | M] (Systweak Inc., (www.systweak.com)) [Auto | Running] -- C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe -- (DSUDiskOptimizer)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.17 06:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 08:36:42 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.09.30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.25 00:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.05.25 00:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.07 03:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.01 09:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 17:23:12 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.02 16:08:12 | 007,843,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.03.02 16:07:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.28 03:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.19 00:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.07 06:33:16 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 13:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.27 06:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.10.24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360111v706l04e3z1h5t5691l555
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=skyp&ocid=skydhp
IE - HKCU\..\SearchScopes,DefaultScope = {C80945D2-5DE6-4E5E-A4B7-F1129EB0B319}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE413
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C80945D2-5DE6-4E5E-A4B7-F1129EB0B319}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ACAW_deDE413
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.selectedEngine: "Hotspot Shield Private Search"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.08 22:50:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.02 12:06:55 | 000,000,000 | ---D | M]
 
[2012.08.15 13:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ANNE11\AppData\Roaming\mozilla\Extensions
[2012.09.15 17:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ANNE11\AppData\Roaming\mozilla\Firefox\Profiles\r6sbwekk.default\extensions
[2011.04.02 14:23:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ANNE11\AppData\Roaming\mozilla\Firefox\Profiles\r6sbwekk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.12.27 22:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.27 20:56:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.28 08:52:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.03 17:48:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.14 12:35:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012.10.14 12:35:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 12:35:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.14 12:35:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.14 12:35:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.25 00:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2012.10.14 12:35:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.14 12:35:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmidas.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Deactivate Or Disable Facebook Timeline = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\jloifipfpidfdknplfjndcomgebnlcon\3.0_0\
CHR - Extension: Google Mail = C:\Users\ANNE11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\ANNE11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ANNE11\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D220239-50E0-4BE5-9B52-FCE3B8BC24FA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d91495d-7891-11df-8f1a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d91495d-7891-11df-8f1a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.02 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\logs alt
[2013.01.02 12:10:36 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.02 12:10:25 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.02 12:10:25 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.02 12:10:25 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.27 17:40:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.25 01:50:18 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ANNE11\Desktop\tdsskiller.exe
[2012.12.23 04:38:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ANNE11\Desktop\OTL.exe
[2012.12.23 03:48:27 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Malwarebytes
[2012.12.23 03:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.23 03:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.23 03:48:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.23 03:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.20 23:46:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.20 23:46:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.20 23:46:33 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.20 23:46:31 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.20 13:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.20 13:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.18 22:46:46 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\webkit
[2012.12.18 21:31:47 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Documents\Einkommensteuer
[2012.12.18 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\KONZ
[2012.12.18 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\KONZ
[2012.12.18 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Konz Steuer-Software
[2012.12.18 21:30:46 | 000,693,248 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmbr10.dll
[2012.12.18 21:30:45 | 002,702,336 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10.dll
[2012.12.18 21:30:45 | 001,215,488 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmct10.dll
[2012.12.18 21:30:45 | 000,660,992 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmdw10.dll
[2012.12.18 21:30:43 | 000,933,376 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmll10bc.llx
[2012.12.18 21:30:43 | 000,663,552 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmll10ex.llx
[2012.12.18 21:30:43 | 000,375,808 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll1000.lng
[2012.12.18 21:30:43 | 000,375,808 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmll10@@.lng
[2012.12.18 21:30:42 | 001,176,576 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cmls10.dll
[2012.12.18 21:30:42 | 000,681,472 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmll10xl.dll
[2012.12.18 21:30:41 | 001,232,896 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cuct10.dll
[2012.12.18 21:30:41 | 000,713,728 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cubr10.dll
[2012.12.18 21:30:41 | 000,707,072 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmmx01.dll
[2012.12.18 21:30:41 | 000,212,992 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmpr10.dll
[2012.12.18 21:30:41 | 000,159,232 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cmut10.dll
[2012.12.18 21:30:40 | 002,760,192 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cull10.dll
[2012.12.18 21:30:40 | 000,678,400 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cudw10.dll
[2012.12.18 21:30:39 | 001,215,488 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\culs10.dll
[2012.12.18 21:30:39 | 000,378,368 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cull1000.lng
[2012.12.18 21:30:39 | 000,164,248 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\cull10o.ocx
[2012.12.18 21:30:38 | 000,225,280 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cupr10.dll
[2012.12.18 21:30:38 | 000,177,152 | ---- | C] (combit GmbH) -- C:\Windows\SysWow64\Cuut10.dll
[2012.12.18 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KONZ
[2012.12.18 21:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Konz
[2012.12.18 21:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\KONZ
[2012.12.18 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\Steuersoft
[2012.12.18 19:34:37 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\.thumbnails
[2012.12.18 19:32:50 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\fontconfig
[2012.12.18 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\gegl-0.2
[2012.12.18 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\.gimp-2.8
[2012.12.18 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.12.18 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.12.18 14:04:13 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\mamapics
[2012.12.17 08:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012.12.16 03:02:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.16 03:02:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.16 03:02:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.16 03:02:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.16 03:02:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.16 03:02:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.16 03:02:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.16 03:02:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.16 03:02:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.16 03:02:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.16 03:02:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.16 03:02:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.16 03:02:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.16 03:02:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.16 03:02:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.15 11:45:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.15 11:45:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.15 11:45:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.15 11:45:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.15 11:45:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.15 11:45:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.15 11:45:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.15 11:45:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.15 11:45:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.15 11:45:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.15 11:45:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.15 11:45:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.15 11:45:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 11:45:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 11:45:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 11:45:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 11:45:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 11:45:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 11:45:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 11:45:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 11:45:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 11:45:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 11:45:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 11:45:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 11:45:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 11:45:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.15 11:43:57 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.15 11:43:57 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.08 20:48:31 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Roaming\Corel
[2012.12.08 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Documents\Corel PaintShop Pro
[2012.12.08 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\AppData\Local\Corel PaintShop Pro
[2012.12.08 20:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.12.08 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.12.08 17:59:22 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\ursula ok
[2012.12.08 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\ANNE11\Desktop\ursi
[2012.12.06 12:18:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.02 12:26:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 12:26:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 12:25:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.02 12:18:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.02 12:18:26 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.02 12:17:33 | 000,001,949 | ---- | M] () -- C:\Users\ANNE11\Desktop\trojabo.rtf
[2013.01.02 12:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.02 12:10:11 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.02 12:10:10 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.01.02 12:10:10 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.02 12:10:10 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.02 12:10:10 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.02 12:10:10 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.02 12:06:55 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.02 11:55:15 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.01 15:02:20 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.01.01 14:37:35 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.01 14:37:35 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.01 14:37:35 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.01 14:37:35 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.01 14:37:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.25 01:50:26 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ANNE11\Desktop\tdsskiller.exe
[2012.12.23 04:38:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ANNE11\Desktop\OTL.exe
[2012.12.23 03:48:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 03:25:20 | 000,000,000 | ---- | M] () -- C:\Users\ANNE11\defogger_reenable
[2012.12.23 02:38:47 | 000,050,477 | ---- | M] () -- C:\Users\ANNE11\Desktop\Defogger.exe
[2012.12.21 00:00:35 | 000,311,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 13:08:13 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.19 20:32:15 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012.12.18 23:29:29 | 429,477,663 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.18 22:57:32 | 000,002,657 | ---- | M] () -- C:\Users\ANNE11\AppData\Local\recently-used.xbel
[2012.12.18 21:30:47 | 000,001,281 | ---- | M] () -- C:\Users\ANNE11\Desktop\KONZ.lnk
[2012.12.18 19:26:37 | 000,000,896 | ---- | M] () -- C:\Users\ANNE11\Desktop\GIMP 2.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.15 16:57:05 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.15 14:11:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.15 14:11:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.01.02 12:17:33 | 000,001,949 | ---- | C] () -- C:\Users\ANNE11\Desktop\trojabo.rtf
[2013.01.02 12:06:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.02 12:06:55 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.12.23 03:48:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.23 03:25:20 | 000,000,000 | ---- | C] () -- C:\Users\ANNE11\defogger_reenable
[2012.12.23 02:38:46 | 000,050,477 | ---- | C] () -- C:\Users\ANNE11\Desktop\Defogger.exe
[2012.12.20 13:08:13 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.18 22:57:32 | 000,002,657 | ---- | C] () -- C:\Users\ANNE11\AppData\Local\recently-used.xbel
[2012.12.18 21:30:47 | 000,001,281 | ---- | C] () -- C:\Users\ANNE11\Desktop\KONZ.lnk
[2012.12.18 21:30:44 | 000,741,845 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.chm
[2012.12.18 21:30:43 | 000,156,164 | ---- | C] () -- C:\Windows\SysWow64\cmll1000.inf
[2012.12.18 21:30:43 | 000,156,164 | ---- | C] () -- C:\Windows\SysWow64\cmll10@@.inf
[2012.12.18 21:30:42 | 000,060,416 | ---- | C] () -- C:\Windows\SysWow64\cmls1000.lng
[2012.12.18 19:27:11 | 000,000,896 | ---- | C] () -- C:\Users\ANNE11\Desktop\GIMP 2.lnk
[2012.12.18 19:26:37 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.12.18 18:40:59 | 001,402,826 | ---- | C] () -- C:\Users\ANNE11\DSC00893.JPG
[2011.08.19 18:56:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.07.06 13:59:43 | 000,000,234 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011.05.25 18:24:53 | 000,008,192 | ---- | C] () -- C:\Users\ANNE11\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.01 12:07:13 | 000,000,208 | ---- | C] () -- C:\Windows\SCHMIDT.INI
[2011.01.13 07:33:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.11 08:59:48 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.01.10 00:38:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.14 03:29:27 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >
und die extra:
Code:
OTL Extras logfile created on: 02.01.2013 12:32:44 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\ANNE11\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 62,68% Memory free
7,35 Gb Paging File | 5,67 Gb Available in Paging File | 77,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 339,07 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
 
Computer Name: SKYFLY | User Name: ANNE11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Users\ANNE11\Downloads\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Steuersoftware\STSInstall.exe" = D:\Steuersoftware\STSInstall.exe:*:Enabled:STSInstall
"C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe" = C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe:*:Enabled:EP_Konz -- (Steuersoft GmbH)
"C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe" = C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe:*:Enabled:KonzSteuersoftware -- (Steuersoft GmbH)
"D:\Steuersoftware\STSInstall.exe" = D:\Steuersoftware\STSInstall.exe:*:Enabled:STSInstall
"C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe" = C:\Program Files (x86)\Konz\Steuer-Software\EP_Konz.exe:*:Enabled:EP_Konz -- (Steuersoft GmbH)
"C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe" = C:\Program Files (x86)\Konz\Steuer-Software\KonzSteuersoftware.exe:*:Enabled:KonzSteuersoftware -- (Steuersoft GmbH)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAE2AB9-3D18-4DA2-8BFE-032C9DC624BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2DF8E987-0981-4DEF-8908-0A42BD9D4326}" = lport=137 | protocol=17 | dir=in | app=system |
"{44099291-BD49-492A-B091-CF22A575E59A}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{47F10C21-D8B4-4835-9452-4DC44F4C66C4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4917C69A-C988-42C7-8045-D1384189609F}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C6DF94D-73A6-47B1-80BE-DF8BC0E990D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC5125D-4332-45F3-AA09-CE13F52AD4A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BD308E2-FF0D-4DC4-AEC3-DCE816F55DBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77432827-988D-4767-A9A1-1025D938234F}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B560251-B7E0-4A2F-800F-D7D8843FC37A}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{7E2DB73C-8AB2-4969-8FB2-2D6E076BCF5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86B65792-FC40-4243-9BF0-7F9621AB1911}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C515F09-E0D7-48EB-BE29-3988DF3E58BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B032357C-D8F4-4FEA-BD0A-1D9FC94A3FDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B7045421-6D11-44F8-9FC3-3FEC760D0A69}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7617A82-9E30-4D0B-A675-56B3F2A3F1F6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B9C5733E-44D6-429F-98F5-44E3C12F0891}" = rport=138 | protocol=17 | dir=out | app=system |
"{C39D1452-1954-48D2-89FF-65994FC4A5DA}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{C3E0BE63-F1D4-4B78-9496-EEAFD7341730}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{CB5ACE02-1E08-4891-AC43-09A88BEE7030}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D28C5486-B982-4ED8-AE48-2283DA4DA472}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB2AA74A-3209-4290-B77D-3F3BCF311D57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E5318C49-B157-4841-8E11-609F19051B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F47EF266-3517-4973-8AA4-2ABBD9DEDDA7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6DA2564-652C-4F7E-93D1-CD8D3E044B1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F79C3787-9333-457F-B0BC-B86EFE857921}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC823C0D-EFA3-448D-963A-B1CE8661CF15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0381118F-6544-4A5A-BA10-3670340D57C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{038805CC-0FD5-495F-9809-20563096A337}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0CE65554-2345-4D78-B7E3-01100DDCB571}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{12ADA536-652F-4FD7-9B60-F0150084D470}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{196BCEC3-B25B-4880-A266-D2F4C63A48C8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{1A3F4136-20C0-4A7B-977E-01CF79ECBF83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E39426F-3D32-447D-BB14-D59E25791D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{29CD4701-413E-49D3-A07B-AE91E6EECA41}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2AF6E782-B4EB-437D-9027-D3605987525B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2D31C242-76C8-48D9-B4F8-5F0DDC4DF041}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{31CE4215-BBE7-4C55-AFAC-E2726F1E0336}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{3238093F-B8B3-4316-9764-C88A34A0560D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{35B864C4-C2FD-44D3-90BF-41AC0473DEB2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3AD28418-A19D-48AD-B4AE-0EB440F5DCC0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{401C6471-E469-407B-9EE2-3D7AAF476D46}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"{44C30B6A-0D9C-479A-9977-EA86DB60D812}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{48456D78-3DA5-404B-8B96-7912F46F4F82}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{5347CA29-3959-4366-AB39-A66EE6ED8C0E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{5640DF60-2FC5-4AB3-B50C-DE815A801A36}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{584B1FD7-A287-4DF6-9DE8-7A4F3E2F5E0C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F7BA9F8-DF8D-4E31-896B-351EECEEBCEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{611C9B9B-C4A7-459E-9C3D-9C942B544AFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{6169B587-267A-4DC5-AA2B-3A1ADFA84C37}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"{65639C1F-E4C1-4BE8-91C3-2049E4F8E588}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{65C8E09C-759E-4D24-8047-8CDC8B3938A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6AD1B789-BD79-49C6-A721-3224E0DF0CBC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6DC57190-C2AC-4B7D-831A-0E6C47F2BE9C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7041608D-284F-4867-A41A-0E3C14ACFEC2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{755EFE40-A16A-43E6-BBEF-2EEFCAA5D62E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{76941532-9439-468A-8D97-8E599A24C721}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7760EB0A-21AB-406F-B47C-8B3D25EA959A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{782D38F2-FC81-482D-8198-D6AE61301860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A8E445E-F282-4E1B-A90D-8D5B0AA7CD89}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7C3322D3-06D5-4271-BB81-DC0375831B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E893359-AC92-42C9-92CE-5A5AFF672E68}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{80760A66-AF76-49EE-B2CF-6C6284106786}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82101DBE-3B25-4341-BA89-BA39B650F3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8243B70C-76F9-4FFB-958F-73C313D2117E}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"{84F1B699-48C7-4F1F-A20C-0610E22EB902}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{861BAED0-8B55-4213-AC22-D7D35F1EE634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9339AF8A-4EAD-44C7-8E63-59D4172CE466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0105137-FE50-49FE-A3B1-61BFAC39825D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0A91C33-D62E-4D10-A08D-E5D39ACC9055}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A20D6E66-D3B0-481B-886D-66D2320B66EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A57D4B2D-8428-4A90-9700-5F9621BF45F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7369C15-2CCE-4D98-B075-02B260403021}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{B331F2DD-045F-48A0-9485-7E2047608104}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6F39C95-ED27-4070-BBE5-1F32BD0CD787}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BEDBDBC8-88D9-4DEF-A360-8ACD1D315233}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D16F97BA-4B88-4E1D-9FEC-69873118FEF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D49070BC-F066-4981-9695-5A9F7FEC54A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D593F0B9-F8D9-490E-B5CA-A647C852F026}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{D5D83F70-A646-4E1D-9772-77C18ACDAFE5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D5E6C3AC-85F1-4707-9C2D-D3FD25F50FDA}" = protocol=6 | dir=out | app=system |
"{D87F03F3-73F4-4795-8557-CF1F0FBFD5C2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{DC09DB82-8BB1-483F-BAC9-D0668CF409DE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{DDC39649-0962-43F2-9452-FFECA4EBA984}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DF261A1A-872F-4852-A8B8-FD3C8CB8F15B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EDF90D30-C3A4-4865-A27D-4016B66C3C89}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2A72AAF-E65A-4E65-A266-CC8FB216AEEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3CCE475-4741-4606-B393-F98B7C55B4B1}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"{F98F3238-906D-431B-B53C-7716B09CE8DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE31CD9E-D3E9-4FC9-BB6D-0A45FE67588E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{300F0AFF-88BA-4C24-B02E-8BA800AAC6E5}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe |
"TCP Query User{397377C9-3BF9-4640-B3EA-51F7F67C024B}C:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{3D184137-C852-4C6C-AE9A-BFBD49D9E496}C:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{93D0C956-7C12-4848-8ED9-EB22C2D0C0D8}C:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{9DBA4B17-6638-4AD0-866A-5BF1B4B3A391}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"TCP Query User{B2174488-AB05-4BD5-8901-58B50319ABB7}C:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"TCP Query User{C2EADCD8-63DD-4ABD-A93E-BBB161ABF324}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{FCC9E43D-F770-4E37-9535-3B9EBA6BE875}C:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{12572BED-7660-4653-8F18-53882CCA68E5}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe |
"UDP Query User{3B022059-298E-4A1A-A53E-8E17B2FC4870}C:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe |
"UDP Query User{4010B8BF-A6BA-48FD-9A96-62B582127B48}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe |
"UDP Query User{5CB11E7E-34B2-4E18-8E8A-1260932836F7}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{A0F230DF-E102-4EEB-8B5C-EDC611875F7C}C:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{CE40830D-C038-437B-9D7A-6B8ABD84FB33}C:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{D6A6EF4D-16A0-4510-9991-28E5975E039E}C:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{DD304801-4955-4E45-9A5F-40227B29385D}C:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish
"{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{37A4C887-CD6A-46A5-9902-E8EA6D97AE61}" = Steuer-Sparer 2010
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New
"{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish
"{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish
"{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek
"{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai
"{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German
"{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard
"{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish
"{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian
"{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian
"{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch
"{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC7E771F-8170-4573-825D-EDB6723C804F}_is1" = Disk Speedup
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.4 by MixMeister
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.3.5
"Free YouTube Download_is1" = Free YouTube Download version 3.1.29.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.3.4
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.74
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"king.com" = king.com (remove only)
"KonzESt" = Konz Steuer-Software
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"posterjack CEWE Fotobuch und Kalender" = posterjack CEWE Fotobuch und Kalender
"RegClean Pro_is1" = RegClean Pro
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.01.2013 21:29:57 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7831
 
Error - 01.01.2013 21:29:58 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.01.2013 21:29:58 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8829
 
Error - 01.01.2013 21:29:58 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8829
 
Error - 01.01.2013 21:29:59 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.01.2013 21:29:59 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9828
 
Error - 01.01.2013 21:29:59 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9828
 
Error - 01.01.2013 21:30:00 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.01.2013 21:30:00 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10826
 
Error - 01.01.2013 21:30:00 | Computer Name = SKYFLY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10826
 
[ Media Center Events ]
Error - 07.10.2012 07:36:58 | Computer Name = SKYFLY | Source = MCUpdate | ID = 0
Description = 13:36:58 - Fehler beim Herstellen der Internetverbindung.  13:36:58
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 25.12.2012 16:10:15 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 25.12.2012 16:10:15 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 25.12.2012 16:12:21 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 25.12.2012 16:12:21 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 25.12.2012 16:12:21 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 26.12.2012 04:51:49 | Computer Name = SKYFLY | Source = BROWSER | ID = 8017
Description =
 
Error - 26.12.2012 04:51:49 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7038
Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.12.2012 04:51:49 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1069
 
Error - 26.12.2012 04:51:49 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1115
 
Error - 29.12.2012 04:28:40 | Computer Name = SKYFLY | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
 
< End of report >
p.s.: chrome weiter 30+ sec :kloppen:

Larusso 02.01.2013 13:04
War bisschen anstrengend :D

WIe ich Chrome hasse. Hast du ein Google Konto mit dem sich Chrome automatisch syncronisiert.
Weil ich kann mir nicht vorstellen, dass Chrome 20 Plugins bei der installation einbaut ^^

skyfly 03.01.2013 19:14
hi daniel!
ne, ich hab zwar ein googlekonto, da lass ich müllmail hinschicken, aber automatisch synchronisieren tut es sich nicht, ich nutze es auch fast nicht. 20 plug ins???...hilfe, was hat der denn da alles drin??? kann ich das in den otl files erkennen? wie kann ichs rausschmeissen? o mann, diese beschi**** automatischen installationen... irgendwann, wenn ich groß und stark bin lern ich computer...
gruß anna

Larusso 03.01.2013 21:01
Okay, dann mit dem Holzhammer.


Downloade und installiere bitte Erunt.
Bitte belasse die Einstellungen wie sie sind.
  • Starte Erunt und bestätige die "Willkommen" Box mit OK
  • Wähle bitte folgende Sicherungsoptionen

    • Systemregistrierung
    • Registrierung des aktuellen Benutzers
    • Andere geöffnete Benutzerregistrierungen

  • Klicke OK und warte bis die Sicherung abgeschlossen ist.



Downloade Dir bitte den Revo Uninstaller
  • Doppelklick auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklick auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    Google Chrome
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.
Bebilderte Anleitung

Starte den Rechner neu auf.


Danach kannst du Chrome neu installieren. Mal sehen ob es dann klappt

skyfly 03.01.2013 23:25
hey, du bist ein held!!! :party: google neu installiert und zack, da! :Boogie:
ich weiß gar nicht, was ich sagen soll, top! vielen, vielen dank!
ganz ganz lieber gruß, anna

Larusso 04.01.2013 12:47
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Es öffnet sich eine Textdatei, welche für mich nicht wichtig ist.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Larusso 09.01.2013 14:38
Froh das wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131