Chrome lädt Dateien runter bei aufruf neuer Seite

#0
11.10.2013, 18:23
Member

Beiträge: 32
#1 Hi,

habe einen Win 7 Rechner. Problem ist vor ca 2 Tagen das erste mal aufgetreten. Windows Patchday war vorher. Das Problem äußert sich wie folgt:
Wenn ich im Browser eine neue Website aufrufe, wird automatisch eine 1kb Datei runter geladen die Namen sind verschieden: fastbutton, CheckCOnnection, Jq-eD36DHGM....
1KB groß. Virenscanner ergab bisher nichts. Logfiles siehe unten.

Vielen Dank für eure Hilfe

OTL ergab:

Code

 OTL logfile created on: 11.10.2013 18:04:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Silver\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,71 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 24,15% Memory free
7,42 Gb Paging File | 4,34 Gb Available in Paging File | 58,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,08 Gb Total Space | 36,50 Gb Free Space | 45,58% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,72 Mb Free Space | 71,73% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 1,86 Gb Free Space | 4,77% Space Free | Partition Type: NTFS
Drive F: | 455,03 Gb Total Space | 356,86 Gb Free Space | 78,42% Space Free | Partition Type: NTFS

Computer Name: SILVER-PC | User Name: Silver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Silver\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe (Kaspersky Lab)
PRC - c:\program files (x86)\trillian\plugins\skypekit.exe ()
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\QNAP\QGet\QGet.exe ()
PRC - C:\Program Files (x86)\QNAP\QGet\QGetServer.exe ()
PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\QNAP\NetBak\NetBak.exe (QNAP Systems, Inc.)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\a0ed19750b1ea64f047dc715dd06ddb3\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef63e29e24bf73b2a8659e13aa18fbbb\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6a71efa7248119b0875d6cd2dd1e204c\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2154273cb2d7a8b1a47d672b6d0808bf\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll ()
MOD - c:\program files (x86)\trillian\plugins\skypekit.exe ()
MOD - C:\Program Files (x86)\Trillian\libpng15.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\program files (x86)\trillian\languages\en\buddy.dll ()
MOD - c:\program files (x86)\trillian\languages\en\talk.dll ()
MOD - c:\program files (x86)\trillian\languages\en\trillian.dll ()
MOD - c:\program files (x86)\trillian\languages\en\events.dll ()
MOD - c:\program files (x86)\trillian\languages\en\toolkit.dll ()
MOD - C:\Program Files (x86)\QNAP\QGet\Lang\0x0407.dll ()
MOD - C:\Program Files (x86)\QNAP\QGet\QGet.exe ()
MOD - C:\Program Files (x86)\QNAP\QGet\QGetServer.exe ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avpapplication.dll ()
MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (avp) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros)
SRV - (cFosSpeedS) -- C:\Programme\ASRock\XFast LAN\spd.exe (cFos Software GmbH)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:[b]64bit:[/b] - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:[b]64bit:[/b] - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola Mobility Inc)
DRV:[b]64bit:[/b] - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV:[b]64bit:[/b] - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV:[b]64bit:[/b] - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola Mobility Inc)
DRV:[b]64bit:[/b] - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:[b]64bit:[/b] - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:[b]64bit:[/b] - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:[b]64bit:[/b] - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:[b]64bit:[/b] - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:[b]64bit:[/b] - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:[b]64bit:[/b] - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:[b]64bit:[/b] - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola Mobility Inc)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (AsrRamDisk) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys (ASRock Inc.)
DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:[b]64bit:[/b] - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:[b]64bit:[/b] - (CSCrySec) -- C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch)
DRV:[b]64bit:[/b] - (CSVirtualDiskDrv) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:[b]64bit:[/b] - (nuviocir) -- C:\Windows\SysNative\drivers\nuviocir_win7_x64.sys (Nuvoton Technology Corp.)
DRV:[b]64bit:[/b] - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:[b]64bit:[/b] - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:[b]64bit:[/b] - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 35 8E BF 3A C7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0BB1B166-D8D1-40EE-8C9D-5CBFFBC54C8D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A4B8C02E-3EC2-43CC-A8F5-4DBE66272577&apn_sauid=393C609E-4216-48D8-81A1-9504954E2C75
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Kaspersky PURE: C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\npkpmAutofill.dll (Kaspersky Lab)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\autodesk.com/Autodesk123D: C:\Users\Silver\AppData\Roaming\Autodesk\Autodesk123D32\1.0.6\npAutodesk123D32.dll (Autodesk)
FF - HKCU\Software\MozillaPlugins\autodesk.com/Autodesk123DShapes: C:\Users\Silver\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.107\npAutodesk123DShapes32.dll (Autodesk)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2013.06.02 12:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.06.03 17:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013.07.15 18:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013.07.15 18:47:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013.07.15 18:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013.07.15 18:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013.07.15 18:47:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013.06.03 18:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.06.03 17:23:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{72CA2996-F580-47DF-98FF-0B853D09CEC8}: C:\Users\Silver\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill [2013.06.03 18:55:29 | 000,000,000 | ---D | M]

[2013.04.14 11:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silver\AppData\Roaming\mozilla\Extensions
[2013.04.14 11:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silver\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.09.17 17:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Kaspersky Password Manager (Enabled) = C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Autodesk 123D Shapes (Enabled) = C:\Users\Silver\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.107\npAutodesk123DShapes32.dll
CHR - plugin: Autodesk 123D (Enabled) = C:\Users\Silver\AppData\Roaming\Autodesk\Autodesk123D32\1.0.6\npAutodesk123D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - Extension: Engineering Dictionary = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdhlhefececlgjagpcefcmncehmgalc\0.0.0.1_0\
CHR - Extension: TV = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\
CHR - Extension: Desmos Graphing Calculator = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\2.0_0\
CHR - Extension: Web2PDFConverter = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk\2.4.4_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_1\
CHR - Extension: Password Manager plugin = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\7.0.1.75\
CHR - Extension: Speed Dial = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Google Kalender = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DoNotTrackMe = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
CHR - Extension: AdBlock = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: AdBlock = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.5_0\
CHR - Extension: AdBlock = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: AdBlock = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: AdBlock = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Isoball 3 = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.3.0_0\
CHR - Extension: Isoball 3 = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.558_0\
CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0\
CHR - Extension: TouristEye Planner = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Evernote Web = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_1\
CHR - Extension: Google Play Books = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Hover Zoom = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: Hover Zoom = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.20_0\
CHR - Extension: Hover Zoom = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0\
CHR - Extension: Scientific Calculator = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog\1.0.0_0\
CHR - Extension: Scientific Calculator = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog\1.0.1_0\
CHR - Extension: Scientific Calculator = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog\1.0.2_0\
CHR - Extension: TypingClub = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\5.0_0\
CHR - Extension: TypingClub = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah\6.0_0\
CHR - Extension: AT_DJTiesto = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2_0\
CHR - Extension: Picasa = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Anti-Banner = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0\
CHR - Extension: iReader = C:\Users\Silver\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [QGet] C:\Program Files (x86)\QNAP\QGet\QGet.exe ()
O4 - HKLM..\Run: [QNAP_NASNetBak] C:\Program Files (x86)\QNAP\NetBak\NetBak.exe (QNAP Systems, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_3B4592126B7C11B46B56769ECDE0B298] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:[b]64bit:[/b] - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:[b]64bit:[/b] - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube Download - C:\Users\Silver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Silver\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:[b]64bit:[/b] - Extra context menu item: Über QGet herunterladen - C:\Program Files (x86)\QNAP\QGet\QGetCatch.htm ()
O8:[b]64bit:[/b] - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Bild ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Silver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Silver\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Über QGet herunterladen - C:\Program Files (x86)\QNAP\QGet\QGetCatch.htm ()
O8 - Extra context menu item: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O9:[b]64bit:[/b] - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C58829A1-9C7E-4669-BC63-F33F30316683}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9CC4407-4C68-4E17-A425-98485A516097}: DhcpNameServer = 192.168.178.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013.10.11 17:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.10.10 17:04:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.10.10 17:04:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.10.10 17:04:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.10.10 17:04:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.10.10 17:04:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.10.10 17:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.10.10 17:04:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.10.10 17:04:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.10.10 17:04:07 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.10.10 17:04:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.10.10 17:04:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.10.10 17:04:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.10.10 17:04:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.10.10 17:04:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.10.10 17:04:05 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.10.10 16:55:09 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013.10.10 16:55:08 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013.10.10 16:55:08 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.10.10 16:55:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.10.10 16:55:08 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.10.10 16:55:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.10.10 16:55:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.10.10 16:55:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.10.10 16:55:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013.10.10 16:55:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.10.10 16:55:08 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013.10.10 16:55:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013.10.10 16:55:07 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013.10.10 16:55:06 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.10.10 16:55:06 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013.10.10 16:55:05 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.10.10 16:55:05 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.10.10 16:55:05 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.10.10 16:55:05 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013.10.10 16:55:05 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013.10.10 16:55:05 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.10.10 16:55:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.10.10 16:55:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.10.10 16:55:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.10.10 16:55:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.10.10 16:55:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.10.10 16:55:03 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013.10.10 16:55:03 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013.10.10 16:54:44 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013.10.10 16:54:44 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013.10.07 17:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.09.20 21:23:28 | 000,000,000 | ---D | C] -- C:\Users\Silver\AppData\Roaming\vlc
[2013.09.20 21:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.09.18 17:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.09.18 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\Silver\Desktop\mbar
[2013.09.17 18:35:27 | 000,000,000 | ---D | C] -- C:\Users\Silver\Documents\SleepyHeadData
[2013.09.17 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SleepyHead
[2013.09.17 18:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SleepyHead
[2013.09.17 18:13:04 | 000,000,000 | ---D | C] -- C:\Users\Silver\Documents\ResScan
[2013.09.17 18:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ResMed
[2013.09.17 18:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ResMed
[2013.09.17 18:10:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ResMed
[2013.09.17 18:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResMed
[2013.09.17 18:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{39B331EB-24EF-4A79-BD73-9F09C4AF00AA}
[2013.09.17 18:02:06 | 000,000,000 | ---D | C] -- C:\Users\Silver\AppData\Roaming\Malwarebytes
[2013.09.17 18:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.17 17:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.09.17 17:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.09.12 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Silver\AppData\Local\calibre-cache
[2013.09.12 20:05:24 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013.09.12 20:05:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.09.12 20:05:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.09.12 20:05:23 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.09.12 20:05:23 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.09.12 20:05:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.09.12 20:05:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.09.12 20:05:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.09.12 20:05:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013.09.12 20:05:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.09.12 20:05:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.09.12 20:05:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.09.12 20:05:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.09.12 20:05:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.09.12 20:05:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.09.12 20:05:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013.10.11 17:53:02 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.11 17:53:02 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.11 17:51:43 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.11 17:51:43 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.11 17:51:43 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.11 17:51:43 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.11 17:51:43 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.11 17:45:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.11 17:45:49 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.10.11 17:45:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.11 17:45:43 | 2987,986,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.10 21:27:00 | 000,123,541 | ---- | M] () -- C:\Users\Silver\Desktop\Bestellnummer_ 20140248.pdf
[2013.10.10 21:18:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.10 21:00:18 | 000,296,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.10 17:02:50 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.07 18:42:43 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2013.10.07 18:04:51 | 000,001,021 | ---- | M] () -- C:\Users\Silver\Desktop\Dropbox.lnk
[2013.10.07 18:02:44 | 020,307,517 | ---- | M] () -- C:\Users\Silver\Desktop\CT09013.pdf
[2013.09.27 18:54:35 | 000,020,981 | ---- | M] () -- C:\Users\Silver\Documents\Übungen HWS, Rücken und Fuß.odt
[2013.09.23 01:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.09.23 01:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.09.23 01:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.09.23 01:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.09.23 01:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.09.23 00:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.09.23 00:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.09.23 00:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.09.23 00:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.09.23 00:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.09.23 00:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.09.23 00:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.09.23 00:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.09.22 20:46:16 | 000,000,656 | ---- | M] () -- C:\Users\Silver\AppData\Roaming\MidiRocker.xml
[2013.09.21 19:00:03 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.21 19:00:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.21 11:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.09.21 04:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.09.21 04:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.09.20 21:23:23 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.09.19 17:56:32 | 000,257,124 | ---- | M] () -- C:\Users\Silver\Desktop\Tilgungsplan Wohnung.pdf
[2013.09.19 16:01:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2013.09.17 18:10:11 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\ResScan.lnk
[2013.09.12 20:56:41 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013.10.10 21:27:00 | 000,123,541 | ---- | C] () -- C:\Users\Silver\Desktop\Bestellnummer_ 20140248.pdf
[2013.10.07 18:02:24 | 020,307,517 | ---- | C] () -- C:\Users\Silver\Desktop\CT09013.pdf
[2013.09.27 18:54:33 | 000,020,981 | ---- | C] () -- C:\Users\Silver\Documents\Übungen HWS, Rücken und Fuß.odt
[2013.09.20 21:23:23 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.09.19 17:56:32 | 000,257,124 | ---- | C] () -- C:\Users\Silver\Desktop\Tilgungsplan Wohnung.pdf
[2013.09.19 16:01:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2013.09.17 18:10:11 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\ResScan.lnk
[2013.06.12 17:58:52 | 000,000,656 | ---- | C] () -- C:\Users\Silver\AppData\Roaming\MidiRocker.xml
[2013.06.03 17:20:59 | 000,262,533 | ---- | C] () -- C:\Windows\hpwins23.dat
[2013.06.03 17:20:59 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2013.06.03 16:59:23 | 000,078,861 | ---- | C] () -- C:\Windows\hpqins05.dat
[2013.04.28 14:40:28 | 000,262,564 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2013.04.28 14:40:28 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.18 11:23:34 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.26 20:04:08 | 000,017,408 | ---- | C] () -- C:\Users\Silver\AppData\Local\WebpageIcons.db
[2012.10.26 19:39:34 | 000,000,003 | ---- | C] () -- C:\Users\Silver\AppData\Local\user_data.ini
[2012.10.26 19:26:42 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.10.26 19:26:42 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2013.04.03 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\0ad
[2013.01.11 19:45:10 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Amazon
[2012.11.18 11:28:45 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Animal Software
[2013.01.09 15:23:09 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Autodesk
[2013.05.27 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\CadSoft
[2013.07.12 23:39:13 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\calibre
[2013.04.02 16:29:52 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013.02.04 22:18:25 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\DAEMON Tools Lite
[2013.10.07 18:13:20 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Dropbox
[2013.01.15 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\DVDVideoSoft
[2013.01.14 18:32:29 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.24 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\ffDiaporama
[2013.04.18 20:58:05 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Foxit Software
[2012.11.18 12:40:01 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\GHISLER
[2013.01.13 14:31:59 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\MAGIX
[2013.09.29 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\MediaMonkey
[2013.02.17 12:37:58 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Motorola
[2013.02.17 12:38:28 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Motorola Mobility
[2012.10.26 19:54:32 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\NetBak
[2013.09.23 16:53:36 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Notepad++
[2012.10.27 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\OpenOffice.org
[2012.11.18 13:13:40 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Samsung
[2013.01.31 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\TeamViewer
[2012.10.26 19:58:17 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Thunderbird
[2013.04.14 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\TomTom
[2013.07.11 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\Silver\AppData\Roaming\Trillian

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


OTL EXTRAS:

Code

OTL Extras logfile created on: 11.10.2013 18:04:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Silver\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,71 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 24,15% Memory free
7,42 Gb Paging File | 4,34 Gb Available in Paging File | 58,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,08 Gb Total Space | 36,50 Gb Free Space | 45,58% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,72 Mb Free Space | 71,73% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 1,86 Gb Free Space | 4,77% Space Free | Partition Type: NTFS
Drive F: | 455,03 Gb Total Space | 356,86 Gb Free Space | 78,42% Space Free | Partition Type: NTFS

Computer Name: SILVER-PC | User Name: Silver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1"
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0134FF0E-C2BF-453C-81D2-FBEC048D4EEA}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{116A9C07-19BF-4F20-A2CF-05426ED91F5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E9B0B16-D50F-4862-BF29-46C9BB71E99E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22E537C8-6B2F-42ED-A624-A80F3741BB29}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2D8EB282-61EE-4D89-86C3-5F5A86C5CC01}" = lport=139 | protocol=6 | dir=in | app=system |
"{324903DD-9034-405E-B746-A7A0E75C4964}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33B88E2C-B540-43DF-A644-BC453486DE11}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DA95592-C36D-4174-9BCB-8A520BA8B11F}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FD37070-23CC-4B1F-AFF7-4E4AF9C19C06}" = rport=138 | protocol=17 | dir=out | app=system |
"{55D8A56F-8C95-4644-B3DB-01DAE36B5450}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5F3E1347-DEC8-4C02-B878-1F814BB07BB1}" = rport=445 | protocol=6 | dir=out | app=system |
"{616DB9A2-F233-4FA1-82A7-72976CCB5A09}" = lport=445 | protocol=6 | dir=in | app=system |
"{66D7C6DC-4C61-44E2-8125-6D0A58E84228}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6E760AA1-804E-4F13-ABC5-F727C481480B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72F3AF8F-C45A-471D-A14D-4DCFCE0CA0EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{792FAA8B-BB63-4FEC-B3E4-226968F594D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D864BE7-4B63-4564-BBFE-8B24349A4B41}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A2E01A3A-70DF-4F32-AD06-2E7EB429B1F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4627744-DE2B-4F04-82EC-574AA8A0FFCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C92010B6-A483-4FFA-8C70-52A63C01FB58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9B04805-418A-4830-999C-720C60E93DCD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D8507E22-00D2-405E-A526-A608F188518D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E0DD1A8F-B388-4A07-A433-975A43899D24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5D09E83-A035-4586-8EE7-A377AE21E60F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F2E8FABB-935E-4F62-8A0D-CD0DBC53C93E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F32C2623-8A06-485C-8140-0ABF4C3EE518}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3C575BA-C920-43BF-B19C-5F2902E07065}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7D1DEA5-7783-4BAD-9E2C-631867C72F14}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9D1A8F0-3731-4B64-886A-9309C1384FB7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01083842-7715-445B-80FB-A0AAEAAD9F25}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{0A5F6D6A-D6C2-4AD1-B8DE-C556C249B020}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{0A79C66A-DB83-40BB-96CC-8C712AAC6C91}" = dir=in | app=c:\users\silver\appdata\local\temp\7zs29e9\oj6500ve709_full_14\setup\hpznui40.exe |
"{1136316C-2CA7-40A0-8452-F8CF7E7E6340}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{12063A60-AFA8-4C04-81A8-7E9EA8CAE6F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19D9AB8A-2790-466C-8426-79F605F5B51A}" = protocol=6 | dir=in | app=c:\users\silver\appdata\local\temp\7zs4fca\hpdiagnosticcoreui.exe |
"{22F7AA89-0C2F-4A9B-867B-703AD1A21CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{2383D98A-E4F5-4855-B1B7-C0953BEBEC7C}" = protocol=6 | dir=in | app=c:\users\silver\appdata\local\temp\7zs476f\hpdiagnosticcoreui.exe |
"{278F2D7E-98BD-4B28-8734-9D113674C22E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B15262F-292B-4D31-8E3D-593608F8F52D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{2DB09D91-BB6A-4024-B1DC-6555239DB926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{32F7DB28-4F15-429C-B44B-7AB6DA45A23C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{371884DE-E609-4D37-A9C3-F72F3F5E4F1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3DFA8CB4-EEDA-44A7-8EDC-5D079D11ED9C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{403A396E-00B4-4D70-8F06-B83E9EEED479}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{408DB0E4-4169-47BD-8707-F60488144E58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{425B96EF-FC1B-4CD1-B4B4-8715112D846E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{44177267-64E2-4381-B66F-4CBCC209FD28}" = protocol=17 | dir=in | app=c:\users\silver\appdata\local\temp\7zs4fca\hpdiagnosticcoreui.exe |
"{4470A80D-9AF6-49DF-830B-AC1CB06D91ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45497CE8-EBC7-4CAD-B5AD-418752395A15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45D30C3C-5EF5-4AFD-84A6-CED87C516EA7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{464F7474-4628-400C-95B0-BA51F334CA6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{46E5F791-A121-49FF-AC43-1B4197545E92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B2A4BD1-4054-4344-B3C8-13B5F7E0AFB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{4C84A6B3-BD8B-45C0-BBCC-A3431931507B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{4D01DD42-AC65-457A-ACCC-63AD00616BE1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{553A3AE8-7941-438E-AF9C-706E566758A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A2CBE2C-8003-405F-81B3-367C99C3FC4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A804AE7-09D8-4E22-8390-0A6D98836B22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{69299C70-F321-4E26-88A9-76BF3898558E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{69A8269B-1C5B-413F-8CF1-B659092A080B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6BE05737-BD40-4191-AAAC-0761B53CD471}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BF1C3A2-6B0E-42E1-B503-224785FABEE2}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{73C3BD65-43EB-4428-BBD9-D8D49753D9EA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7F0A0D95-301A-4BD2-83F5-FD9629444805}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86F7D348-9FA2-4AC4-9C25-1C2FD18B94B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{87B0ADF5-488E-4CF1-9AB8-F37C246B0392}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8965C0BC-186D-4246-B519-0FB5E4399522}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9014CEB3-4FAA-4A16-AAF1-87963AFC17C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90E64CBD-CD2A-43A3-A622-F56B8B7AE449}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{978EAF8F-AB30-4E4D-99EF-AF597D3434AA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{9BD6B90B-4A20-49CD-983F-B6919EC9DEB1}" = protocol=6 | dir=out | app=system |
"{9EB468AA-D4B2-4493-B243-F66B9459A79E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{9F0A7F90-B02D-4231-8079-8077313BFDF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3A7A937-7CF4-4918-AA51-408E47DC13F5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A81AEFA8-9A67-4CEA-A979-144B2E6D5DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{AAABBB11-F684-4A3A-B4CC-E109EE93224A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{AED17E68-5E8B-4ABF-B9E5-25E11A89E537}" = protocol=17 | dir=in | app=c:\users\silver\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3D818A5-EAA0-4C83-B841-08DF1CA160A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4BF7922-9E2E-4314-8D6F-AA0D5472EFD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{BC9A470A-DA00-44B6-A3B7-01292956D6EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BDDCD8E7-4E28-4098-9C7F-4C92470451ED}" = protocol=17 | dir=in | app=c:\users\silver\appdata\local\temp\7zs476f\hpdiagnosticcoreui.exe |
"{C3BA8643-3D3D-4F83-813C-CFD4EBE09B1C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C9049C6D-A0A6-4AD2-B9AA-EDC7A7175E00}" = protocol=6 | dir=in | app=c:\users\silver\appdata\roaming\dropbox\bin\dropbox.exe |
"{CC9EF6FD-4475-4016-A82F-F9D0D985EA7C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{CE6B0AC6-449A-4353-ABE0-D14630570B96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF43AF5D-A676-49A7-B1EA-942E06EFBA3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D5A24FC4-4359-439B-816F-05244E31F897}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E65F3171-279B-4580-B3EA-20237CF3F860}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F28A20F9-00EC-4295-A991-2BED38D06A41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{FA49B5BC-FB88-4D3F-83A1-546B9C5C4FE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"TCP Query User{CC2A5638-9FFB-41F2-BB5B-974892F20513}C:\program files (x86)\qnap\netbak\netbak.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\netbak\netbak.exe |
"TCP Query User{FA40E948-F478-4557-B6E4-70DFAEAE0514}C:\program files (x86)\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"UDP Query User{A4EECEC6-2B45-4EBA-88FB-BAEEA8569376}C:\program files (x86)\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\finder\finder.exe |
"UDP Query User{F764ABD1-1872-4487-B002-CEAA2E4B8B08}C:\program files (x86)\qnap\netbak\netbak.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\netbak\netbak.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{98308D2E-57F7-4F76-9D85-CB00810426B5}" = Motorola MMCP Drivers Installation 1.0.3
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"{FFA77D12-F183-4B97-8AFC-F9FB7339287A}" = calibre 64bit
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"VLC media player" = VLC media player 2.0.8
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{241C1CF5-9112-442C-B919-F0ADB50F343E}" = Motorola Software Update
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2FAECEAF-0EBE-48FF-B60A-B4577C0EFDAB}" = CIR Tool Kit
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{429228B9-3CB2-47DA-A772-E6FBD05FD3D2}_is1" = SleepyHead version 0.9.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BB0D82A-4EED-477B-858E-1D5B01560BF5}" = inSSIDer 3
"{5CF10879-E779-4db8-AE32-25204EE81C8A}" = Enterprise
"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{77FFBDB9-B919-4738-923A-E7B63794E71A}" = ResScan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDFFAAF-E1BE-470C-8533-D5C186056922}" = Autodesk 123D 32 Bit
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C9A19950-2341-4BA8-8CBD-E9DBF097D638}" = MAGIX Slideshow Maker 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"{DDA3A044-F6AE-442F-9ED5-E212618A93B9}" = Motorola Device Software Update
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{EAC93E1D-4807-43E2-B39A-8170B731B7D0}" = RSDLite
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.226
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"com.ynab.YNAB4.LiveCaptive_is1" = YNAB 4 version 4.3.75
"CSVed_is1" = CSVed 2.2.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"EAGLE 5.10.0" = EAGLE 5.10.0
"EAGLE 6.4.0" = EAGLE 6.4.0
"Foxit Reader_is1" = Foxit Reader
"Free Studio_is1" = Free Studio version 5.9.0.1212
"Google Chrome" = Google Chrome
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"LiveUSB Creator" = LiveUSB Creator (remove only)
"MAGIX_MSI_Slideshow_Maker_2" = MAGIX Slideshow Maker 2
"MediaMonkey_is1" = MediaMonkey 4.0
"MIDI Rocker LX_is1" = MIDI Rocker LX version V2013.3.20.1
"Mozilla Thunderbird 24.0.1 (x86 de)" = Mozilla Thunderbird 24.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCloudNAS Connect" = QNAP MyCloudNAS Connect
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"QGet" = QNAP QGet
"QNAP_FINDER" = QNAP Finder
"QNAP_NASNetBak" = QNAP NetBak Replicator
"SopCast" = SopCast 3.5.0
"TeamViewer 8" = TeamViewer 8
"Trillian" = Trillian
"XFastUSB" = XFastUSB

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 30.09.2013 14:23:37 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 01.10.2013 14:19:35 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.10.2013 11:04:05 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 07.10.2013 12:09:16 | Computer Name = Silver-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 29.0.1547.76,
Zeitstempel: 0x5237a3c2  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18229,
Zeitstempel: 0x51fb1072  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce753  ID des fehlerhaften
Prozesses: 0xbd8  Startzeit der fehlerhaften Anwendung: 0x01cec36f1faa3765  Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: cfe93653-2f6a-11e3-843a-bc5ff4486e65

Error - 08.10.2013 10:35:01 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 09.10.2013 11:56:31 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.10.2013 10:52:00 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.10.2013 15:00:38 | Computer Name = Silver-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 10.10.2013 15:02:07 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.10.2013 11:47:39 | Computer Name = Silver-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 06.05.2013 10:45:48 | Computer Name = Silver-PC | Source = DCOM | ID = 10010
Description =

Error - 06.05.2013 10:45:48 | Computer Name = Silver-PC | Source = DCOM | ID = 10010
Description =

Error - 06.05.2013 10:46:18 | Computer Name = Silver-PC | Source = DCOM | ID = 10010
Description =

Error - 06.05.2013 10:46:48 | Computer Name = Silver-PC | Source = DCOM | ID = 10010
Description =

Error - 06.05.2013 11:13:43 | Computer Name = Silver-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?05.?2013 um 16:49:27 unerwartet heruntergefahren.

Error - 06.05.2013 11:26:37 | Computer Name = Silver-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 06.05.2013 11:26:53 | Computer Name = Silver-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 06.05.2013 11:27:00 | Computer Name = Silver-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 07.05.2013 11:07:04 | Computer Name = Silver-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error - 09.05.2013 04:41:13 | Computer Name = Silver-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Samsung AllShare PC" wurde nicht richtig gestartet.


< End of report >



gmer.log:

Code

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-11 18:21:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 119,24GB
Running: bvu6sb6o.exe; Driver: C:\Users\Silver\AppData\Local\Temp\ufdiqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                              fffff800031bb000 45 bytes [40, 9C, CC, 00, 80, F8, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                              fffff800031bb02f 16 bytes [00, 50, 28, 32, 04, 80, FA, ...]
.text     C:\Windows\system32\drivers\USBPORT.SYS!DllUnload                                                                                                               fffff8800631dd8c 12 bytes {MOV RAX, 0xfffffa80049032a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                             00000000773bfaa8 5 bytes JMP 00000001731a19b0
.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe[1840] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                      00000000773c0038 5 bytes JMP 00000001731a2066
.text     C:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\QNAP\Finder\iSCSIAgent.exe[1692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2960] C:\Windows\syswow64\user32.DLL!GetClipboardData                      0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[3552] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\QNAP\QGet\QGet.exe[3796] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                 0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\QNAP\QGet\QGet.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\QNAP\QGet\QGet.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe[3992] C:\Windows\syswow64\USER32.dll!GetClipboardData                                              0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\QNAP\QGet\QGetServer.exe[4332] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                           0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\QNAP\QGet\QGetServer.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\QNAP\QGet\QGetServer.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4464] C:\Windows\syswow64\USER32.dll!GetClipboardData  0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\XFastUSB\XFastUsb.exe[4836] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                              0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\QNAP\NetBak\NetBak.exe[4916] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                             0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[5044] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                 0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe[5044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[4444] C:\Windows\syswow64\USER32.dll!GetClipboardData                                       0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[4444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe[4996] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                   0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4364] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5228] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[5772] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe[5224] C:\Windows\syswow64\USER32.dll!LoadStringW                                                            0000000076858eb9 6 bytes JMP 71af0f5a
.text     C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe[5224] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                       0000000076899f1d 6 bytes JMP 71a90f5a
.text     C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe[5224] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                               0000000074ee1465 2 bytes [EE, 74]
.text     C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe[5224] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                              0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6808] C:\Windows\syswow64\USER32.dll!GetClipboardData                             0000000076899f1d 6 bytes JMP 71af0f5a
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6808] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                     0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6808] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                    0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000074ee1465 2 bytes [EE, 74]
.text     C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074ee14bb 2 bytes [EE, 74]
.text     ...                                                                                                                                                             * 2

---- Devices - GMER 2.1 ----

Device    \Driver\aafpj598 \Device\Scsi\aafpj5981                                                                                                                         fffffa8006cbc2c0
Device    \FileSystem\Ntfs \Ntfs                                                                                                                                          fffffa8003df52c0
Device    \Driver\usbehci \Device\USBPDO-1                                                                                                                                fffffa80049052c0
Device    \Driver\AsrRamDisk \Device\RaidPort0                                                                                                                            fffffa8003c8e2c0
Device    \Driver\cdrom \Device\CdRom0                                                                                                                                    fffffa80046c62c0
Device    \Driver\iScsiPrt \Device\RaidPort1                                                                                                                              fffffa8006ccf2c0
Device    \Driver\usbehci \Device\USBFDO-0                                                                                                                                fffffa80049052c0
Device    \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                                                        fffffa8006edc2c0
Device    \Driver\NetBT \Device\NetBT_Tcpip_{57217731-56FD-4774-AF91-120B29391A56}                                                                                        fffffa800481e2c0
Device    \Driver\NetBT \Device\NetBT_Tcpip_{C58829A1-9C7E-4669-BC63-F33F30316683}                                                                                        fffffa800481e2c0
Device    \Driver\usbehci \Device\USBFDO-1                                                                                                                                fffffa80049052c0
Device    \Driver\NetBT \Device\NetBT_Tcpip_{E9CC4407-4C68-4E17-A425-98485A516097}                                                                                        fffffa800481e2c0
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                         fffffa800481e2c0
Device    \Driver\usbehci \Device\USBPDO-0                                                                                                                                fffffa80049052c0
Device    \Driver\AsrRamDisk \Device\ScsiPort1                                                                                                                            fffffa8003c8e2c0
Device    \Driver\iScsiPrt \Device\ScsiPort2                                                                                                                              fffffa8006ccf2c0
Device    \Driver\aafpj598 \Device\ScsiPort3                                                                                                                              fffffa8006cbc2c0

---- Modules - GMER 2.1 ----

Module    \SystemRoot\System32\Drivers\aafpj598.SYS                                                                                                                       fffff8800641c000-fffff8800646d000 (331776 bytes)

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1296:1976]                                                                                          0000000074f07587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1296:3364]                                                                                          000000006fc90cb3
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1296:1880]                                                                                          00000000773f2e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1296:2260]                                                                                          00000000773f3e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1296:4584]                                                                                          00000000773f3e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [1296:4264]                                                                                          00000000773f3e85

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dc85de5724d5                                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                                 19289
Reg       HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                13729
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                             C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                             0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                             0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                          0xF1 0xB4 0xBE 0x27 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                      
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                    0xA0 0x02 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                 0x85 0x91 0x5D 0xFD ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                  
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                            0xA3 0xFF 0x91 0xE6 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dc85de5724d5 (not active ControlSet)                                                                
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                 0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                 0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                              0xF1 0xB4 0xBE 0x27 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                  
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                        0xA0 0x02 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                     0x85 0x91 0x5D 0xFD ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                              
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                0xA3 0xFF 0x91 0xE6 ...

---- EOF - GMER 2.1 ----
Seitenanfang Seitenende
17.10.2013, 18:19
Member

Themenstarter

Beiträge: 32
#2 Ich hab mal ein Bild der Dateien angehängt

Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »