Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC sauber? Spybot kann Funde nicht bereinigen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.01.2013, 18:24   #1
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Hey liebe Trojaners ,

erstmal danke, dass es Euch gibt, ihr seid ein Lichtblick in der Welt, konntet mir schon einige Male helfen.
Ich habe keine akuten Probleme, aber die aktuell vorliegende Installation musste ich schon ein paar mal von Bösewichten befreien, alles immer self-made, somit war ich nie sicher ob denn wirklich alles weg ist. Nun hab' ich mich mal wieder aufgemacht und diverse Anti-Malware-Programme etc. durchlaufen lassen und festgestellt, dass Spybot einige Funde nicht beheben kann.
Ich will einfach von Profis mal das System angeschaut bekommen, denn ich vermute, dass da noch Leichen schlummern....... Der Quick-Scan von " Malwarebytes Anti-Malware " war übrigens ergebnislos.

Die OTL-Log war 2kb größer als die erlaubte maximale Upload-Größe, daher hab' ich sie geteilt.

Vielen Dank schon mal für jegliche Mühe!

Gruß,
Fritschii

Alt 18.01.2013, 15:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.01.2013, 19:45   #3
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Ich habe versucht die Anleitung zur Thread-Erstellung so ganau wie möglich zu befolgen, wofür ich folgendes gemacht habe:

In der "Log-Analyse und Auswertung"-Rubrik habe ich die "Ankündigung: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" geöffnet, dort bei "Bitte unbedingt lesen und Beachten!" dem Link "http://www.trojaner-board.de/69886-f...-beachten.html" zur Anleitung von "Sunny" gefolgt.
Dort heißt es am Ende von Punkt "3":
Code:
ATTFilter
Erstelle ein neues Thema und poste den Inhalt von

    OTL.txt
    EXTRAS.txt
    Gmer.txt
         
Nachdem ich aus dieser Ansage nicht einwandfrei ersehen konnte WIE ich nun die Inhalte posten soll, habe ich einige andere Themen geöffnet und festgestellt, dass dort immer als Anhang gepostet wurde, weswegen ich mich dem dann angeschlossen habe.

Um Deine Frage also zumindest was meine Vorgehensweise betrifft zu beantworten, so hätte Deine Anleitung zum Inhaltposten, die Du mir hier als Antwort gegeben hast, in Sunnys Anleitung stehen müssen. Übrigens habe ich festgestellt, dass anscheinend automatisch Titel für die Codes erstellt werden, zumindest für OTL. Wenn ihr für alle Codes auch noch passende Überschriften haben wollt, könnte man das in Deine Anleitung mit aufnehmen.

Ich gehe mal davon aus, dass Du mir versuchen wirst zu helfen nachdem ich meine Anhänge als Code gepostet habe, darum tu ich das jetzt hier. Für die Spybot-Logfile war die zulässige Beitragslänge überschritten und nachdem diese von Euch sowieso nicht explizit angefordert ist, lass ich die jetzt raus (ist ja als Anhang oben enthalten), womit die Beitragslänge nun zulässig wurde.

Nun, nachdem ich ein braver User war, hoffe ich auf Hilfe

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 15/01/2013 (Oraleva)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.01.2013 16:35:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,07% Memory free
15,99 Gb Paging File | 14,14 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 19,51 Gb Free Space | 20,00% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 100,17 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,36 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.15 16:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.12.18 15:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:12:20 | 003,084,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe
PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.07 20:20:56 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.07 20:20:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.12.30 11:27:34 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2010.09.09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Treiber\EPU\EPU.exe
PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.18 15:28:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Treiber\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Treiber\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Treiber\EPU\AsusService.dll
MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.11 18:43:12 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:12:20 | 003,084,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.08.07 20:20:56 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.07 20:20:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.08.06 11:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.02.29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.30 11:27:34 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011.09.18 00:10:40 | 000,167,936 | ---- | M] (Softomotive) [On_Demand | Stopped] -- C:\Programme\WinAutomation\WinAutomation.ServiceAgent.exe -- (WinAutomation Service)
SRV - [2010.12.14 16:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.05.27 17:18:08 | 000,103,512 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stdriver64.sys -- (stdriver)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.10 01:38:43 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.10 01:38:43 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.23 04:11:05 | 000,037,888 | ---- | M] (IC Plus Corp.                                                                                                                                                                                                                                                ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfnd51.sys -- (ip100Avista)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.01.11 12:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012.12.14 15:53:18 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 4E 67 51 BA D5 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.11 17:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 18:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 18:43:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 18:43:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 18:43:10 | 000,000,000 | ---D | M]
 
[2011.02.26 14:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Extensions
[2013.01.11 19:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions
[2013.01.11 17:54:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.11 19:28:52 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.01.07 15:56:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.01.11 18:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.11 18:43:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.11 17:38:03 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2013.01.11 18:43:12 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 17:46:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 14:36:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.10 17:46:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 17:46:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.10 17:46:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.10 17:46:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.14 22:54:29 | 000,888,494 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: ::1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15286 more lines...
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG 2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Treiber\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm ()
O8:64bit: - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0991080A-0A03-479D-9950-7F865179AD56}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72E52CF6-1902-46CB-8434-BE0DB963E4A2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun
O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{d668dede-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun
O33 - MountPoints2\{d668dede-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\ME1_DE.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.11 15:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.01.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.03 21:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.22 03:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.20 17:19:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.20 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.18 04:16:13 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe
[2012.12.18 04:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012.12.18 04:16:12 | 000,000,000 | ---D | C] -- C:\Users\Oraleva\AppData\Roaming\FreeFLVConverter
[2012.12.18 04:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 16:38:28 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 16:38:28 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 16:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 16:30:47 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 16:29:05 | 000,000,020 | ---- | M] () -- C:\Users\Oraleva\defogger_reenable
[2013.01.15 15:35:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.14 22:54:29 | 000,888,494 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.14 19:53:45 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.14 19:53:45 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.14 19:53:45 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.14 19:53:45 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.14 19:53:45 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.11 15:31:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.01.11 15:24:07 | 000,415,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 17:27:53 | 001,598,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.07 22:54:30 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect Deluxe Edition.lnk
[2012.12.25 05:04:51 | 000,000,598 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.12.20 17:32:04 | 000,007,609 | ---- | M] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 16:29:05 | 000,000,020 | ---- | C] () -- C:\Users\Oraleva\defogger_reenable
[2013.01.07 22:54:30 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect Deluxe Edition.lnk
[2013.01.03 21:31:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.25 05:04:51 | 000,000,598 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.12.20 17:32:04 | 000,007,609 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg
[2012.12.20 17:19:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.18 04:16:18 | 000,001,177 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2012.12.18 04:16:12 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2012.12.18 04:16:12 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2012.12.18 04:16:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2012.11.07 15:49:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.08.07 20:20:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.07 20:20:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.11 05:18:14 | 000,019,002 | ---- | C] () -- C:\Users\Oraleva\.recently-used.xbel
[2012.05.24 22:09:56 | 000,114,688 | ---- | C] () -- C:\Windows\Lavish.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.31 15:00:29 | 000,010,639 | ---- | C] () -- C:\Users\Oraleva\WiehlerZ_elster_2048.pfx
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.29 08:28:08 | 000,000,798 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.19 18:46:33 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.02.19 18:46:33 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.01.06 21:49:45 | 000,000,393 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.01.06 20:11:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.06 20:11:52 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.06 20:11:52 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.01.06 20:11:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.06 20:11:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.06 19:23:55 | 000,007,680 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.12 18:00:09 | 000,001,526 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\No23 Recorder.lnk
[2011.11.08 16:21:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.24 23:33:01 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.06.24 23:33:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.06.24 23:33:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.06.24 23:11:35 | 000,027,089 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.04.02 13:03:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2011.04.02 13:03:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2011.04.02 13:03:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2011.04.02 13:03:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2011.04.02 13:03:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2011.04.02 13:03:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2011.04.02 13:03:14 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2011.04.02 13:03:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2011.04.02 13:03:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2011.04.02 13:03:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2011.04.02 13:03:14 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2011.04.02 13:03:14 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2011.04.02 13:03:14 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2011.04.02 13:03:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2011.04.02 13:03:14 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2011.04.02 13:03:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2011.04.02 13:03:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2011.03.20 18:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.03.08 13:08:07 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.01 19:12:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.26 01:17:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.26 00:30:19 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.26 00:30:19 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.26 00:30:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.02.26 00:30:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.02.25 23:55:21 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.02.25 23:52:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.23 08:55:05 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Acoustica
[2012.05.02 02:59:11 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Advanced Combat Tracker
[2012.01.06 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Ashampoo
[2013.01.10 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Audacity
[2011.11.06 17:32:43 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\AVG2012
[2012.12.13 22:50:54 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\AVG2013
[2011.05.31 12:11:48 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Canneverbe Limited
[2012.03.01 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Canon
[2012.11.28 01:31:47 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Crossword Compiler Deutsch 8
[2012.08.07 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools
[2013.01.14 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools Lite
[2012.08.07 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools Pro
[2012.06.25 23:41:49 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Dropbox
[2012.05.27 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DVDVideoSoft
[2012.08.04 12:58:51 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\FileZilla
[2013.01.08 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\foobar2000
[2012.12.20 01:18:53 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\FreeFLVConverter
[2012.06.10 04:11:11 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\gtk-2.0
[2011.02.26 23:57:07 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\LockHunter
[2012.08.31 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\LolClient
[2011.07.26 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Notepad++
[2011.12.01 15:20:19 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\POB
[2012.12.13 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\TuneUp Software
[2011.12.10 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\UAs
[2012.12.12 04:11:26 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Ubisoft
[2011.09.05 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Unity
[2011.12.03 05:38:31 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\VDownloader
[2012.01.06 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Video DVD Maker FREE
[2011.11.06 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Xilisoft
[2011.12.10 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2013 16:35:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,07% Memory free
15,99 Gb Paging File | 14,14 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 19,51 Gb Free Space | 20,00% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 100,17 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,36 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E241E2F-D648-4A90-9903-CDC3288418C4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0ED54C44-85D3-4B4E-9BCA-EDE056CDB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{161473B2-340C-48B1-A63A-597A4637E1CC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{356C42EB-2EE2-46B8-98D0-A29381AE1B60}" = lport=138 | protocol=17 | dir=in | app=system | 
"{46E25BB4-321B-4A28-BCA5-7946876A59F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6C3C665F-A0D7-4EF9-924A-7A717B025898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6EE50CD5-E6D4-4A56-8656-69A5CF192C66}" = lport=139 | protocol=6 | dir=in | app=system | 
"{98D466BA-423A-45A9-ACC9-FB1F8DE99DC6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9FDEEB32-05FF-4E9B-B8D5-9FD1EB9CA812}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A834399E-A280-42E5-BC37-0067CF41A34D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0559A10-B482-4D4E-9E02-D8F2429CBFBB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CED7293A-C683-463F-AF4D-3D042DE3D32C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C87976-1071-4FF8-BB1F-12F832B9D656}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{04B93F66-CC9A-4A26-928D-2DE3CFEF1CAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2B6238AB-AD3F-4648-A63C-201EE0FC2F59}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe | 
"{4371750A-C02B-4EA0-911C-07D2A330EBA8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{52C26434-7AFD-4661-9A83-F9F32ACFEE2B}" = protocol=58 | dir=in | app=system | 
"{6A61D799-AB1E-4DAA-BB2E-AEFB9ECB9746}" = dir=in | name=lisa pc | 
"{72D7C9D7-BA9C-438C-8B85-990184FC8910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A5F29929-E36D-49F7-9AFB-AF533174C737}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe | 
"{DD2D2D60-118F-4249-8A91-CAEFB054CD27}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe | 
"{E3D3E0D4-3928-4F87-BDB5-DF9010805AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EFF03BBE-152D-48E7-A711-362DE1DE1F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe | 
"{FE20DE68-5F3C-449A-81DB-081A44A25F8F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"TCP Query User{10CAB2F0-4F68-4162-9B50-C7DB400DFBDF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{14EF3ACF-9647-4DC2-B237-4D0B02661A9A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{297E2A22-1418-440E-B96C-6DEAA3FB58EA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{42426BF4-1288-4D96-962F-E89D4E084FCC}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{66A0F974-5E12-4E9D-A123-B1C6B6BA9804}" = Classic Shell
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1" = Half-Life Singleplayer Edition 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3844035A-9429-4E54-86B0-6EE3778BA3FB}_is1" = The Elder Scrolls V: Skyrim
"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"5513-1208-7298-9440" = JDownloader 0.9
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"BOSS" = BOSS
"Broken Sword: Shadow of the Templar's Directors Cut_is1" = Broken Sword: Shadow of the Templar's Directors Cut
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Crossword Compiler Deutsch 8 Testversion" = Crossword Compiler Deutsch 8 Testversion
"Debut" = Debut Video Capture Software
"Determinance_is1" = Determinance
"Diablo II" = Diablo II
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DiskSpeed32" = DiskSpeed32
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.5.1
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.22.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.1
"GeoGebra" = GeoGebra
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MetaProducts Portable Offline Browser" = MetaProducts Portable Offline Browser
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"Sonique15" = Sonique
"Soulseek" = SoulSeek Client 156c
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steamless_FakeFactory_CM10" = Steamless_FakeFactory_CM10
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The Elder Scrolls V Hearthfire DLC Englische Version 1.00" = The Elder Scrolls V Hearthfire DLC Englische Version 1.00
"The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00" = The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00
"The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00" = The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"TheHive_is1" = The Hive 1.2
"Ultima Online Second Age" = Ultima Online Second Age 5.0.8.3
"VLC media player" = VLC media player 1.1.7
"WinAutomation" = WinAutomation
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned©  Zevran" = Dragon Age Redesigned©  Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"GeoGebra WebStart" = GeoGebra WebStart
"SOE-EverQuest" = EverQuest
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Xilisoft DVD Audio Ripper 6" = Xilisoft DVD Audio Ripper 6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2013 19:31:02 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.01.2013 01:54:03 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x718  Startzeit der fehlerhaften Anwendung: 0x01cdf0074ed16c95
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 77ab9ff9-5c7c-11e2-bc4a-bcaec52abc04
 
Error - 12.01.2013 19:54:08 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 13.01.2013 02:02:01 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x750  Startzeit der fehlerhaften Anwendung: 0x01cdf0b6a7f9e0ee
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 becd7989-5d46-11e2-b3c7-bcaec52abc04
 
Error - 13.01.2013 22:23:13 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 14.01.2013 02:37:19 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x760  Startzeit der fehlerhaften Anwendung: 0x01cdf194761f6ff8
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 d7c50fec-5e14-11e2-b8b7-bcaec52abc04
 
Error - 15.01.2013 00:45:33 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x73c  Startzeit der fehlerhaften Anwendung: 0x01cdf26996f75024
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 64b13282-5ece-11e2-89f0-00059a3c7a00
 
Error - 15.01.2013 10:59:53 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.01.2013 11:09:56 | Computer Name = Nightfall | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x7a0  Startzeit der fehlerhaften Anwendung: 0x01cdf324f5e1bae1
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 5a84df1d-5f28-11e2-9f78-bcaec52abc04
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
 101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
 
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return 
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED 
 
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 15.01.2013 11:31:02 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 15.01.2013 11:31:34 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 15.01.2013 11:31:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 15.01.2013 11:31:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1127 NULL object. Cannot establish a connection at this time.
 
[ OSession Events ]
Error - 31.10.2011 12:15:53 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1026
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 01.10.2012 13:58:44 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1313
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ Spybot - Search and Destroy Events ]
Error - 13.12.2012 17:08:20 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 17:09:05 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 17:12:40 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 17:15:32 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 18:13:19 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 18:14:07 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 18:29:49 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 14.01.2013 19:19:39 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 14.01.2013 19:19:55 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 15.01.2013 09:36:59 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 15.01.2013 09:33:53 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 15.01.2013 09:33:54 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.01.2013 09:34:24 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.01.2013 09:34:55 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description = 
 
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.01.2013 11:29:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 15.01.2013 11:30:59 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.01.2013 11:31:07 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 15.01.2013 11:32:00 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---


Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 17:54:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Oraleva\AppData\Local\Temp\fxlirpow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                  0000000074cf17fa 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                              0000000074cf1860 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                            0000000074cf1942 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                           0000000074cf194d 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000076cb1401 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000076cb1419 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000076cb1431 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    0000000076cb144a 2 bytes [CB, 76]
.text    ...                                                                                                                               * 9
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                       0000000076cb14dd 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                0000000076cb14f5 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                       0000000076cb150d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000076cb1525 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      0000000076cb153d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                           0000000076cb1555 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    0000000076cb156d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000076cb1585 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                         0000000076cb159d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      0000000076cb15b5 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    0000000076cb15cd 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                0000000076cb16b2 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                0000000076cb16bd 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                  0000000074cf17fa 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                              0000000074cf1860 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                            0000000074cf1942 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                           0000000074cf194d 2 bytes [CF, 74]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                    0000000076cb1401 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                      0000000076cb1419 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                    0000000076cb1431 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                    0000000076cb144a 2 bytes [CB, 76]
.text    ...                                                                                                                               * 9
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                       0000000076cb14dd 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                0000000076cb14f5 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                       0000000076cb150d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                0000000076cb1525 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                      0000000076cb153d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                           0000000076cb1555 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                    0000000076cb156d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                      0000000076cb1585 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                         0000000076cb159d 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                      0000000076cb15b5 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                    0000000076cb15cd 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                0000000076cb16b2 2 bytes [CB, 76]
.text    C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                0000000076cb16bd 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17      0000000076cb1401 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17        0000000076cb1419 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17      0000000076cb1431 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42      0000000076cb144a 2 bytes [CB, 76]
.text    ...                                                                                                                               * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17         0000000076cb14dd 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17  0000000076cb14f5 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17         0000000076cb150d 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17  0000000076cb1525 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17        0000000076cb153d 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17             0000000076cb1555 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17      0000000076cb156d 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17        0000000076cb1585 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17           0000000076cb159d 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17        0000000076cb15b5 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17      0000000076cb15cd 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  0000000076cb16b2 2 bytes [CB, 76]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31  0000000076cb16bd 2 bytes [CB, 76]

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\AVG 2013\avgidsagent.exe [2028:4128]                                                                       0000000074cb62ee
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3468]                                                             000007fef4c7cc10
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3532]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:5100]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4192]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4248]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4532]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4564]                                                             000007fef4c4f718
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4632]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4472]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4476]                                                             000007fef4b3143c
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4892]                                                             000007fef5176050
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3248]                                                             000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:656]                                                              000007fef4b3b564
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:4444]                                                             000007fefae72a7c
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5436]                                                             000000006d746c88
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5516]                                                             000007fee9186380
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5520]                                                             000007fee9186380
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5524]                                                             000007fee9186380
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5528]                                                             000007fee9186380
Thread   C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5616]                                                             000007fee848e480
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\AVG 2013\avgidsagent.exe [2028]                                                   0000000072500000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2916]                                               0000000002fe0000
Library  ? (*** suspicious ***) @ C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312]                                         000007fef54c0000
Library  ? (*** suspicious ***) @ C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944]                                         000007fefc5c0000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                               0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0x05 0x75 0xA1 0x74 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                               C:\Program Files (x86)\DAEMON Tools Lite 4.35\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                      0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                   0x2D 0xF6 0x9A 0xD8 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                              0xDA 0xEF 0x72 0x8B ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                            0x6B 0x35 0x99 0xA6 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                              
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                   0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                   0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0x05 0x75 0xA1 0x74 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                   C:\Program Files (x86)\DAEMON Tools Lite 4.35\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                       0x2D 0xF6 0x9A 0xD8 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0xDA 0xEF 0x72 0x8B ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0x6B 0x35 0x99 0xA6 ...

---- EOF - GMER 2.0 ----
         
__________________

Alt 20.01.2013, 19:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Ok, danke für die Erklärung

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601)
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.01.2013, 06:49   #5
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Zitat:
Zitat von cosinus Beitrag anzeigen
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
Weder noch, wobei der Tipp mit der Uni nicht ganz schlecht ist. Es handelt sich um einen Privat-PC, der von einem Studenten mit kostenlosem Windows von der Uni betrieben wird, da meine Uni dies eben allen Studenten anbietet.


Alt 21.01.2013, 10:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> PC sauber? Spybot kann Funde nicht bereinigen

Alt 21.01.2013, 20:44   #7
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



1.Scan = 1 Bedrohung
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Oraleva :: NIGHTFALL [administrator]

21.01.2013 19:00:10
mbar-log-2013-01-21 (19-00-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30313
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\System32\gema.exe (Trojan.Ransom) -> Delete on reboot.

(end)
         
2.Scan = 0 Bedrohungen
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Oraleva :: NIGHTFALL [administrator]

21.01.2013 19:42:32
mbar-log-2013-01-21 (19-42-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30357
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 22.01.2013, 09:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.01.2013, 08:42   #9
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 19:20:11
-----------------------------
19:20:11.020    OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:11.020    Number of processors: 4 586 0x403
19:20:11.020    ComputerName: NIGHTFALL  UserName: Oraleva
19:20:11.540    Initialize success
19:22:47.061    AVAST engine defs: 13012200
19:23:58.810    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:23:58.817    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
19:23:58.832    Disk 0 MBR read successfully
19:23:58.840    Disk 0 MBR scan
19:23:58.852    Disk 0 Windows 7 default MBR code
19:23:58.870    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:23:58.887    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99899 MB offset 206848
19:23:58.900    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       853868 MB offset 204800000
19:23:58.927    Disk 0 scanning C:\Windows\system32\drivers
19:24:07.325    Service scanning
19:24:23.903    Modules scanning
19:24:23.933    Disk 0 trace - called modules:
19:24:23.950    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:24:23.955    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b71790]
19:24:23.965    3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa8007abb9b0]
19:24:23.973    5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b6f680]
19:24:24.210    AVAST engine scan C:\Windows
19:24:25.855    AVAST engine scan C:\Windows\system32
19:26:55.267    AVAST engine scan C:\Windows\system32\drivers
19:27:03.623    AVAST engine scan C:\Users\Oraleva
19:31:15.949    AVAST engine scan C:\ProgramData
19:32:03.860    Scan finished successfully
04:29:01.478    Disk 0 MBR has been saved successfully to "C:\Users\Oraleva\Desktop\MBR.dat"
04:29:01.483    The log file has been saved successfully to "C:\Users\Oraleva\Desktop\aswMBR.txt"
         
TDSSKiller
Code:
ATTFilter
04:29:23.0995 4392  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:29:24.0307 4392  ============================================================
04:29:24.0307 4392  Current date / time: 2013/01/23 04:29:24.0307
04:29:24.0307 4392  SystemInfo:
04:29:24.0307 4392  
04:29:24.0307 4392  OS Version: 6.1.7601 ServicePack: 1.0
04:29:24.0307 4392  Product type: Workstation
04:29:24.0307 4392  ComputerName: NIGHTFALL
04:29:24.0307 4392  UserName: Oraleva
04:29:24.0307 4392  Windows directory: C:\Windows
04:29:24.0307 4392  System windows directory: C:\Windows
04:29:24.0307 4392  Running under WOW64
04:29:24.0307 4392  Processor architecture: Intel x64
04:29:24.0307 4392  Number of processors: 4
04:29:24.0307 4392  Page size: 0x1000
04:29:24.0307 4392  Boot type: Normal boot
04:29:24.0307 4392  ============================================================
04:29:25.0110 4392  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:29:25.0112 4392  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:29:34.0565 4392  ============================================================
04:29:34.0565 4392  \Device\Harddisk0\DR0:
04:29:34.0565 4392  MBR partitions:
04:29:34.0565 4392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:29:34.0565 4392  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
04:29:34.0565 4392  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
04:29:34.0565 4392  \Device\Harddisk1\DR1:
04:29:34.0568 4392  MBR partitions:
04:29:34.0568 4392  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xE8E07481
04:29:34.0568 4392  ============================================================
04:29:34.0600 4392  C: <-> \Device\Harddisk0\DR0\Partition2
04:29:34.0633 4392  D: <-> \Device\Harddisk0\DR0\Partition3
04:29:34.0665 4392  I: <-> \Device\Harddisk1\DR1\Partition1
04:29:34.0665 4392  ============================================================
04:29:34.0665 4392  Initialize success
04:29:34.0665 4392  ============================================================
04:30:52.0684 4712  ============================================================
04:30:52.0684 4712  Scan started
04:30:52.0684 4712  Mode: Manual; SigCheck; TDLFS; 
04:30:52.0684 4712  ============================================================
04:30:53.0219 4712  ================ Scan system memory ========================
04:30:53.0219 4712  System memory - ok
04:30:53.0219 4712  ================ Scan services =============================
04:30:53.0356 4712  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
04:30:53.0504 4712  1394ohci - ok
04:30:53.0574 4712  [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc           C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
04:30:53.0614 4712  a2acc - ok
04:30:53.0709 4712  [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware   C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
04:30:53.0751 4712  a2AntiMalware - ok
04:30:53.0769 4712  [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA           C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
04:30:53.0776 4712  A2DDA - ok
04:30:53.0786 4712  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
04:30:53.0799 4712  ACPI - ok
04:30:53.0829 4712  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
04:30:53.0899 4712  AcpiPmi - ok
04:30:53.0946 4712  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
04:30:53.0976 4712  acsock - ok
04:30:54.0081 4712  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:30:54.0096 4712  AdobeARMservice - ok
04:30:54.0136 4712  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
04:30:54.0156 4712  adp94xx - ok
04:30:54.0176 4712  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
04:30:54.0191 4712  adpahci - ok
04:30:54.0211 4712  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
04:30:54.0224 4712  adpu320 - ok
04:30:54.0251 4712  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
04:30:54.0376 4712  AeLookupSvc - ok
04:30:54.0416 4712  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
04:30:54.0481 4712  AFD - ok
04:30:54.0504 4712  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
04:30:54.0514 4712  agp440 - ok
04:30:54.0534 4712  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
04:30:54.0566 4712  ALG - ok
04:30:54.0581 4712  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
04:30:54.0591 4712  aliide - ok
04:30:54.0634 4712  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
04:30:54.0694 4712  AMD External Events Utility - ok
04:30:54.0736 4712  AMD FUEL Service - ok
04:30:54.0746 4712  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
04:30:54.0756 4712  amdide - ok
04:30:54.0769 4712  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
04:30:54.0776 4712  amdiox64 - ok
04:30:54.0794 4712  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
04:30:54.0841 4712  AmdK8 - ok
04:30:54.0979 4712  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
04:30:55.0144 4712  amdkmdag - ok
04:30:55.0166 4712  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
04:30:55.0194 4712  amdkmdap - ok
04:30:55.0211 4712  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
04:30:55.0231 4712  AmdPPM - ok
04:30:55.0269 4712  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
04:30:55.0294 4712  amdsata - ok
04:30:55.0304 4712  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
04:30:55.0316 4712  amdsbs - ok
04:30:55.0329 4712  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
04:30:55.0341 4712  amdxata - ok
04:30:55.0404 4712  AODDriver4.01 - ok
04:30:55.0444 4712  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys
04:30:55.0469 4712  AODDriver4.2 - ok
04:30:55.0514 4712  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
04:30:55.0636 4712  AppID - ok
04:30:55.0661 4712  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
04:30:55.0746 4712  AppIDSvc - ok
04:30:55.0781 4712  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
04:30:55.0846 4712  Appinfo - ok
04:30:55.0881 4712  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
04:30:55.0916 4712  AppMgmt - ok
04:30:55.0929 4712  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
04:30:55.0941 4712  arc - ok
04:30:55.0956 4712  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
04:30:55.0969 4712  arcsas - ok
04:30:56.0054 4712  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
04:30:56.0079 4712  AsIO - ok
04:30:56.0161 4712  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:30:56.0189 4712  aspnet_state - ok
04:30:56.0211 4712  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
04:30:56.0294 4712  AsyncMac - ok
04:30:56.0321 4712  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
04:30:56.0331 4712  atapi - ok
04:30:56.0351 4712  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
04:30:56.0381 4712  AtiHDAudioService - ok
04:30:56.0406 4712  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
04:30:56.0414 4712  AtiPcie - ok
04:30:56.0456 4712  [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
04:30:56.0489 4712  atksgt - ok
04:30:56.0519 4712  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:30:56.0579 4712  AudioEndpointBuilder - ok
04:30:56.0586 4712  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
04:30:56.0611 4712  AudioSrv - ok
04:30:56.0816 4712  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG 2013\avgidsagent.exe
04:30:56.0889 4712  AVGIDSAgent - ok
04:30:56.0931 4712  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
04:30:56.0939 4712  AVGIDSDriver - ok
04:30:56.0979 4712  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
04:30:57.0006 4712  AVGIDSHA - ok
04:30:57.0029 4712  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
04:30:57.0059 4712  Avgldx64 - ok
04:30:57.0096 4712  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
04:30:57.0131 4712  Avgloga - ok
04:30:57.0171 4712  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
04:30:57.0201 4712  Avgmfx64 - ok
04:30:57.0229 4712  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
04:30:57.0256 4712  Avgrkx64 - ok
04:30:57.0279 4712  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
04:30:57.0304 4712  Avgtdia - ok
04:30:57.0331 4712  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG 2013\avgwdsvc.exe
04:30:57.0361 4712  avgwd - ok
04:30:57.0399 4712  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
04:30:57.0444 4712  AxInstSV - ok
04:30:57.0479 4712  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
04:30:57.0526 4712  b06bdrv - ok
04:30:57.0554 4712  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
04:30:57.0601 4712  b57nd60a - ok
04:30:57.0631 4712  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
04:30:57.0681 4712  BDESVC - ok
04:30:57.0704 4712  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
04:30:57.0771 4712  Beep - ok
04:30:57.0826 4712  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
04:30:57.0871 4712  BFE - ok
04:30:57.0931 4712  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
04:30:58.0039 4712  BITS - ok
04:30:58.0061 4712  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
04:30:58.0076 4712  blbdrive - ok
04:30:58.0114 4712  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
04:30:58.0159 4712  bowser - ok
04:30:58.0176 4712  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:30:58.0234 4712  BrFiltLo - ok
04:30:58.0241 4712  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:30:58.0254 4712  BrFiltUp - ok
04:30:58.0284 4712  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
04:30:58.0296 4712  Browser - ok
04:30:58.0311 4712  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
04:30:58.0346 4712  Brserid - ok
04:30:58.0359 4712  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
04:30:58.0379 4712  BrSerWdm - ok
04:30:58.0391 4712  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
04:30:58.0414 4712  BrUsbMdm - ok
04:30:58.0429 4712  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
04:30:58.0439 4712  BrUsbSer - ok
04:30:58.0459 4712  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
04:30:58.0474 4712  BTHMODEM - ok
04:30:58.0489 4712  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
04:30:58.0526 4712  bthserv - ok
04:30:58.0539 4712  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
04:30:58.0574 4712  cdfs - ok
04:30:58.0601 4712  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
04:30:58.0619 4712  cdrom - ok
04:30:58.0646 4712  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
04:30:58.0699 4712  CertPropSvc - ok
04:30:58.0709 4712  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
04:30:58.0734 4712  circlass - ok
04:30:58.0761 4712  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
04:30:58.0776 4712  CLFS - ok
04:30:58.0816 4712  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:30:58.0829 4712  clr_optimization_v2.0.50727_32 - ok
04:30:58.0879 4712  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:30:58.0906 4712  clr_optimization_v2.0.50727_64 - ok
04:30:58.0956 4712  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:30:58.0984 4712  clr_optimization_v4.0.30319_32 - ok
04:30:58.0996 4712  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:30:59.0006 4712  clr_optimization_v4.0.30319_64 - ok
04:30:59.0021 4712  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
04:30:59.0056 4712  CmBatt - ok
04:30:59.0081 4712  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
04:30:59.0091 4712  cmdide - ok
04:30:59.0126 4712  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
04:30:59.0151 4712  CNG - ok
04:30:59.0166 4712  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
04:30:59.0174 4712  Compbatt - ok
04:30:59.0204 4712  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
04:30:59.0239 4712  CompositeBus - ok
04:30:59.0246 4712  COMSysApp - ok
04:30:59.0256 4712  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
04:30:59.0264 4712  crcdisk - ok
04:30:59.0296 4712  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
04:30:59.0324 4712  CryptSvc - ok
04:30:59.0364 4712  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
04:30:59.0434 4712  CSC - ok
04:30:59.0466 4712  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
04:30:59.0511 4712  CscService - ok
04:30:59.0569 4712  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
04:30:59.0591 4712  DAUpdaterSvc - ok
04:30:59.0634 4712  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
04:30:59.0681 4712  DcomLaunch - ok
04:30:59.0714 4712  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
04:30:59.0759 4712  defragsvc - ok
04:30:59.0796 4712  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
04:30:59.0866 4712  DfsC - ok
04:30:59.0896 4712  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
04:30:59.0921 4712  Dhcp - ok
04:30:59.0931 4712  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
04:30:59.0971 4712  discache - ok
04:30:59.0994 4712  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
04:31:00.0004 4712  Disk - ok
04:31:00.0026 4712  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
04:31:00.0041 4712  Dnscache - ok
04:31:00.0074 4712  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
04:31:00.0159 4712  dot3svc - ok
04:31:00.0189 4712  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
04:31:00.0229 4712  DPS - ok
04:31:00.0261 4712  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
04:31:00.0304 4712  drmkaud - ok
04:31:00.0329 4712  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
04:31:00.0354 4712  DXGKrnl - ok
04:31:00.0374 4712  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
04:31:00.0396 4712  EapHost - ok
04:31:00.0481 4712  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
04:31:00.0554 4712  ebdrv - ok
04:31:00.0581 4712  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
04:31:00.0614 4712  EFS - ok
04:31:00.0674 4712  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
04:31:00.0709 4712  ehRecvr - ok
04:31:00.0739 4712  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
04:31:00.0774 4712  ehSched - ok
04:31:00.0806 4712  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
04:31:00.0826 4712  elxstor - ok
04:31:00.0851 4712  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
04:31:00.0866 4712  ErrDev - ok
04:31:00.0901 4712  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
04:31:00.0949 4712  EventSystem - ok
04:31:00.0966 4712  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
04:31:00.0996 4712  exfat - ok
04:31:01.0014 4712  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
04:31:01.0049 4712  fastfat - ok
04:31:01.0096 4712  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
04:31:01.0136 4712  Fax - ok
04:31:01.0151 4712  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
04:31:01.0161 4712  fdc - ok
04:31:01.0179 4712  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
04:31:01.0221 4712  fdPHost - ok
04:31:01.0231 4712  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
04:31:01.0254 4712  FDResPub - ok
04:31:01.0264 4712  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
04:31:01.0271 4712  FileInfo - ok
04:31:01.0284 4712  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
04:31:01.0311 4712  Filetrace - ok
04:31:01.0329 4712  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
04:31:01.0341 4712  flpydisk - ok
04:31:01.0359 4712  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
04:31:01.0369 4712  FltMgr - ok
04:31:01.0426 4712  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
04:31:01.0469 4712  FontCache - ok
04:31:01.0526 4712  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:31:01.0574 4712  FontCache3.0.0.0 - ok
04:31:01.0746 4712  [ 37C2FF67A2565286F1C1C1072BE74678 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
04:31:01.0759 4712  Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
04:31:01.0759 4712  Freemake Improver - detected UnsignedFile.Multi.Generic (1)
04:31:01.0774 4712  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
04:31:01.0801 4712  FsDepends - ok
04:31:01.0831 4712  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
04:31:01.0841 4712  Fs_Rec - ok
04:31:01.0934 4712  [ BD8B74DA98783BCDB410461E65868A60 ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
04:31:01.0964 4712  Futuremark SystemInfo Service - ok
04:31:01.0999 4712  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
04:31:02.0041 4712  fvevol - ok
04:31:02.0059 4712  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
04:31:02.0071 4712  gagp30kx - ok
04:31:02.0106 4712  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
04:31:02.0166 4712  gpsvc - ok
04:31:02.0214 4712  GPU-Z - ok
04:31:02.0234 4712  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
04:31:02.0261 4712  hcw85cir - ok
04:31:02.0311 4712  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:31:02.0346 4712  HdAudAddService - ok
04:31:02.0386 4712  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
04:31:02.0429 4712  HDAudBus - ok
04:31:02.0439 4712  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
04:31:02.0451 4712  HidBatt - ok
04:31:02.0466 4712  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
04:31:02.0476 4712  HidBth - ok
04:31:02.0484 4712  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
04:31:02.0499 4712  HidIr - ok
04:31:02.0524 4712  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
04:31:02.0559 4712  hidserv - ok
04:31:02.0591 4712  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
04:31:02.0599 4712  HidUsb - ok
04:31:02.0644 4712  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
04:31:02.0696 4712  hkmsvc - ok
04:31:02.0721 4712  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:31:02.0744 4712  HomeGroupListener - ok
04:31:02.0774 4712  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:31:02.0799 4712  HomeGroupProvider - ok
04:31:02.0831 4712  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
04:31:02.0844 4712  HpSAMD - ok
04:31:02.0904 4712  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
04:31:02.0989 4712  HTTP - ok
04:31:03.0011 4712  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
04:31:03.0024 4712  hwpolicy - ok
04:31:03.0036 4712  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
04:31:03.0046 4712  i8042prt - ok
04:31:03.0079 4712  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
04:31:03.0096 4712  iaStorV - ok
04:31:03.0124 4712  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:31:03.0149 4712  idsvc - ok
04:31:03.0166 4712  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
04:31:03.0176 4712  iirsp - ok
04:31:03.0204 4712  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
04:31:03.0251 4712  IKEEXT - ok
04:31:03.0276 4712  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
04:31:03.0289 4712  intelide - ok
04:31:03.0304 4712  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
04:31:03.0314 4712  intelppm - ok
04:31:03.0351 4712  [ 733F61BC6995212518386812CE6FD40D ] ip100Avista     C:\Windows\system32\DRIVERS\ipfnd51.sys
04:31:03.0374 4712  ip100Avista - ok
04:31:03.0399 4712  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
04:31:03.0469 4712  IPBusEnum - ok
04:31:03.0494 4712  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:31:03.0531 4712  IpFilterDriver - ok
04:31:03.0566 4712  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
04:31:03.0589 4712  iphlpsvc - ok
04:31:03.0601 4712  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
04:31:03.0609 4712  IPMIDRV - ok
04:31:03.0629 4712  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
04:31:03.0651 4712  IPNAT - ok
04:31:03.0671 4712  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
04:31:03.0694 4712  IRENUM - ok
04:31:03.0706 4712  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
04:31:03.0714 4712  isapnp - ok
04:31:03.0729 4712  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
04:31:03.0739 4712  iScsiPrt - ok
04:31:03.0794 4712  [ 4A8A242FDA43765F4F73ECDE2BA0D62A ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
04:31:03.0821 4712  JRAID - ok
04:31:03.0846 4712  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
04:31:03.0874 4712  kbdclass - ok
04:31:03.0891 4712  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
04:31:03.0911 4712  kbdhid - ok
04:31:03.0926 4712  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
04:31:03.0936 4712  KeyIso - ok
04:31:03.0966 4712  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
04:31:03.0979 4712  KSecDD - ok
04:31:04.0004 4712  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
04:31:04.0019 4712  KSecPkg - ok
04:31:04.0036 4712  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
04:31:04.0069 4712  ksthunk - ok
04:31:04.0089 4712  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
04:31:04.0134 4712  KtmRm - ok
04:31:04.0159 4712  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
04:31:04.0194 4712  LanmanServer - ok
04:31:04.0216 4712  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:31:04.0279 4712  LanmanWorkstation - ok
04:31:04.0329 4712  [ 955982BF4421B77722196552B62E8DC2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
04:31:04.0359 4712  lirsgt - ok
04:31:04.0391 4712  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
04:31:04.0459 4712  lltdio - ok
04:31:04.0491 4712  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
04:31:04.0549 4712  lltdsvc - ok
04:31:04.0556 4712  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
04:31:04.0579 4712  lmhosts - ok
04:31:04.0594 4712  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
04:31:04.0604 4712  LSI_FC - ok
04:31:04.0616 4712  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
04:31:04.0624 4712  LSI_SAS - ok
04:31:04.0636 4712  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:31:04.0646 4712  LSI_SAS2 - ok
04:31:04.0659 4712  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:31:04.0669 4712  LSI_SCSI - ok
04:31:04.0694 4712  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
04:31:04.0724 4712  luafv - ok
04:31:04.0756 4712  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
04:31:04.0784 4712  Mcx2Svc - ok
04:31:04.0811 4712  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
04:31:04.0841 4712  megasas - ok
04:31:04.0874 4712  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
04:31:04.0916 4712  MegaSR - ok
04:31:04.0981 4712  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
04:31:05.0009 4712  Microsoft Office Groove Audit Service - ok
04:31:05.0021 4712  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
04:31:05.0064 4712  MMCSS - ok
04:31:05.0076 4712  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
04:31:05.0111 4712  Modem - ok
04:31:05.0121 4712  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
04:31:05.0136 4712  monitor - ok
04:31:05.0151 4712  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
04:31:05.0159 4712  mouclass - ok
04:31:05.0179 4712  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
04:31:05.0196 4712  mouhid - ok
04:31:05.0224 4712  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
04:31:05.0251 4712  mountmgr - ok
04:31:05.0314 4712  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:31:05.0341 4712  MozillaMaintenance - ok
04:31:05.0369 4712  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
04:31:05.0381 4712  mpio - ok
04:31:05.0396 4712  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
04:31:05.0429 4712  mpsdrv - ok
04:31:05.0469 4712  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
04:31:05.0539 4712  MpsSvc - ok
04:31:05.0569 4712  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
04:31:05.0614 4712  MRxDAV - ok
04:31:05.0644 4712  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
04:31:05.0689 4712  mrxsmb - ok
04:31:05.0724 4712  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:31:05.0749 4712  mrxsmb10 - ok
04:31:05.0779 4712  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:31:05.0789 4712  mrxsmb20 - ok
04:31:05.0816 4712  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
04:31:05.0844 4712  msahci - ok
04:31:05.0871 4712  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
04:31:05.0884 4712  msdsm - ok
04:31:05.0899 4712  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
04:31:05.0921 4712  MSDTC - ok
04:31:05.0929 4712  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
04:31:05.0961 4712  Msfs - ok
04:31:05.0971 4712  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
04:31:06.0001 4712  mshidkmdf - ok
04:31:06.0024 4712  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
04:31:06.0031 4712  msisadrv - ok
04:31:06.0066 4712  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
04:31:06.0136 4712  MSiSCSI - ok
04:31:06.0139 4712  msiserver - ok
04:31:06.0169 4712  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
04:31:06.0206 4712  MSKSSRV - ok
04:31:06.0221 4712  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
04:31:06.0244 4712  MSPCLOCK - ok
04:31:06.0251 4712  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
04:31:06.0276 4712  MSPQM - ok
04:31:06.0306 4712  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
04:31:06.0319 4712  MsRPC - ok
04:31:06.0334 4712  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
04:31:06.0341 4712  mssmbios - ok
04:31:06.0356 4712  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
04:31:06.0389 4712  MSTEE - ok
04:31:06.0399 4712  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
04:31:06.0416 4712  MTConfig - ok
04:31:06.0456 4712  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
04:31:06.0481 4712  MTsensor - ok
04:31:06.0504 4712  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
04:31:06.0519 4712  Mup - ok
04:31:06.0551 4712  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
04:31:06.0584 4712  napagent - ok
04:31:06.0616 4712  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
04:31:06.0661 4712  NativeWifiP - ok
04:31:06.0696 4712  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
04:31:06.0724 4712  NDIS - ok
04:31:06.0746 4712  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
04:31:06.0769 4712  NdisCap - ok
04:31:06.0781 4712  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
04:31:06.0824 4712  NdisTapi - ok
04:31:06.0849 4712  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
04:31:06.0869 4712  Ndisuio - ok
04:31:06.0884 4712  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
04:31:06.0906 4712  NdisWan - ok
04:31:06.0931 4712  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
04:31:06.0959 4712  NDProxy - ok
04:31:06.0966 4712  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
04:31:06.0994 4712  NetBIOS - ok
04:31:07.0016 4712  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
04:31:07.0094 4712  NetBT - ok
04:31:07.0114 4712  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
04:31:07.0124 4712  Netlogon - ok
04:31:07.0156 4712  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
04:31:07.0204 4712  Netman - ok
04:31:07.0259 4712  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0289 4712  NetMsmqActivator - ok
04:31:07.0299 4712  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0309 4712  NetPipeActivator - ok
04:31:07.0326 4712  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
04:31:07.0361 4712  netprofm - ok
04:31:07.0366 4712  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0376 4712  NetTcpActivator - ok
04:31:07.0381 4712  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0391 4712  NetTcpPortSharing - ok
04:31:07.0416 4712  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
04:31:07.0429 4712  nfrd960 - ok
04:31:07.0451 4712  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
04:31:07.0479 4712  NlaSvc - ok
04:31:07.0534 4712  [ C31FA031335EFF434B2D94278E74BCCE ] npf             C:\Windows\system32\drivers\npf.sys
04:31:07.0561 4712  npf - ok
04:31:07.0579 4712  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
04:31:07.0636 4712  Npfs - ok
04:31:07.0656 4712  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
04:31:07.0689 4712  nsi - ok
04:31:07.0694 4712  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
04:31:07.0729 4712  nsiproxy - ok
04:31:07.0789 4712  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
04:31:07.0831 4712  Ntfs - ok
04:31:07.0841 4712  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
04:31:07.0876 4712  Null - ok
04:31:07.0914 4712  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
04:31:07.0919 4712  nusb3hub - ok
04:31:07.0929 4712  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
04:31:07.0936 4712  nusb3xhc - ok
04:31:07.0961 4712  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
04:31:07.0971 4712  nvraid - ok
04:31:07.0984 4712  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
04:31:07.0991 4712  nvstor - ok
04:31:08.0034 4712  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
04:31:08.0041 4712  nv_agp - ok
04:31:08.0109 4712  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:31:08.0151 4712  odserv - ok
04:31:08.0176 4712  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
04:31:08.0196 4712  ohci1394 - ok
04:31:08.0236 4712  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:31:08.0249 4712  ose - ok
04:31:08.0279 4712  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
04:31:08.0294 4712  p2pimsvc - ok
04:31:08.0309 4712  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
04:31:08.0324 4712  p2psvc - ok
04:31:08.0339 4712  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
04:31:08.0349 4712  Parport - ok
04:31:08.0381 4712  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
04:31:08.0391 4712  partmgr - ok
04:31:08.0404 4712  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
04:31:08.0429 4712  PcaSvc - ok
04:31:08.0439 4712  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
04:31:08.0446 4712  pci - ok
04:31:08.0461 4712  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
04:31:08.0466 4712  pciide - ok
04:31:08.0489 4712  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
04:31:08.0499 4712  pcmcia - ok
04:31:08.0509 4712  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
04:31:08.0516 4712  pcw - ok
04:31:08.0529 4712  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
04:31:08.0569 4712  PEAUTH - ok
04:31:08.0604 4712  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
04:31:08.0631 4712  PeerDistSvc - ok
04:31:08.0689 4712  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
04:31:08.0731 4712  PerfHost - ok
04:31:08.0784 4712  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
04:31:08.0844 4712  pla - ok
04:31:08.0889 4712  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
04:31:08.0916 4712  PlugPlay - ok
04:31:08.0929 4712  PnkBstrA - ok
04:31:08.0934 4712  PnkBstrB - ok
04:31:08.0944 4712  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
04:31:08.0966 4712  PNRPAutoReg - ok
04:31:08.0971 4712  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
04:31:08.0986 4712  PNRPsvc - ok
04:31:09.0014 4712  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
04:31:09.0026 4712  Point64 - ok
04:31:09.0059 4712  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
04:31:09.0136 4712  PolicyAgent - ok
04:31:09.0159 4712  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
04:31:09.0206 4712  Power - ok
04:31:09.0234 4712  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
04:31:09.0312 4712  PptpMiniport - ok
04:31:09.0322 4712  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
04:31:09.0344 4712  Processor - ok
04:31:09.0382 4712  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
04:31:09.0412 4712  ProfSvc - ok
04:31:09.0439 4712  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:31:09.0452 4712  ProtectedStorage - ok
04:31:09.0492 4712  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
04:31:09.0557 4712  Psched - ok
04:31:09.0582 4712  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
04:31:09.0609 4712  ql2300 - ok
04:31:09.0619 4712  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
04:31:09.0629 4712  ql40xx - ok
04:31:09.0669 4712  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
04:31:09.0724 4712  QWAVE - ok
04:31:09.0729 4712  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
04:31:09.0754 4712  QWAVEdrv - ok
04:31:09.0769 4712  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
04:31:09.0802 4712  RasAcd - ok
04:31:09.0824 4712  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
04:31:09.0847 4712  RasAgileVpn - ok
04:31:09.0854 4712  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
04:31:09.0877 4712  RasAuto - ok
04:31:09.0904 4712  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
04:31:09.0944 4712  Rasl2tp - ok
04:31:09.0974 4712  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
04:31:10.0004 4712  RasMan - ok
04:31:10.0022 4712  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
04:31:10.0052 4712  RasPppoe - ok
04:31:10.0062 4712  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
04:31:10.0084 4712  RasSstp - ok
04:31:10.0097 4712  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
04:31:10.0122 4712  rdbss - ok
04:31:10.0129 4712  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
04:31:10.0147 4712  rdpbus - ok
04:31:10.0157 4712  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
04:31:10.0177 4712  RDPCDD - ok
04:31:10.0204 4712  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
04:31:10.0214 4712  RDPDR - ok
04:31:10.0234 4712  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
04:31:10.0262 4712  RDPENCDD - ok
04:31:10.0272 4712  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
04:31:10.0294 4712  RDPREFMP - ok
04:31:10.0339 4712  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
04:31:10.0359 4712  RdpVideoMiniport - ok
04:31:10.0392 4712  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
04:31:10.0434 4712  RDPWD - ok
04:31:10.0462 4712  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
04:31:10.0474 4712  rdyboost - ok
04:31:10.0499 4712  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
04:31:10.0537 4712  RemoteAccess - ok
04:31:10.0559 4712  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
04:31:10.0589 4712  RemoteRegistry - ok
04:31:10.0619 4712  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
04:31:10.0674 4712  RpcEptMapper - ok
04:31:10.0702 4712  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
04:31:10.0714 4712  RpcLocator - ok
04:31:10.0749 4712  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
04:31:10.0799 4712  RpcSs - ok
04:31:10.0852 4712  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
04:31:10.0932 4712  rspndr - ok
04:31:10.0974 4712  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
04:31:10.0989 4712  RTL8167 - ok
04:31:11.0017 4712  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
04:31:11.0042 4712  s3cap - ok
04:31:11.0054 4712  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
04:31:11.0064 4712  SamSs - ok
04:31:11.0082 4712  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
04:31:11.0094 4712  sbp2port - ok
04:31:11.0107 4712  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
04:31:11.0142 4712  SCardSvr - ok
04:31:11.0164 4712  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
04:31:11.0194 4712  scfilter - ok
04:31:11.0259 4712  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
04:31:11.0317 4712  Schedule - ok
04:31:11.0337 4712  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
04:31:11.0359 4712  SCPolicySvc - ok
04:31:11.0369 4712  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
04:31:11.0392 4712  SDRSVC - ok
04:31:11.0487 4712  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
04:31:11.0512 4712  SDScannerService - ok
04:31:11.0552 4712  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
04:31:11.0584 4712  SDUpdateService - ok
04:31:11.0594 4712  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
04:31:11.0604 4712  SDWSCService - ok
04:31:11.0622 4712  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
04:31:11.0657 4712  secdrv - ok
04:31:11.0682 4712  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
04:31:11.0709 4712  seclogon - ok
04:31:11.0727 4712  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
04:31:11.0749 4712  SENS - ok
04:31:11.0759 4712  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
04:31:11.0777 4712  SensrSvc - ok
04:31:11.0792 4712  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
04:31:11.0799 4712  Serenum - ok
04:31:11.0809 4712  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
04:31:11.0817 4712  Serial - ok
04:31:11.0837 4712  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
04:31:11.0844 4712  sermouse - ok
04:31:11.0877 4712  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
04:31:11.0932 4712  SessionEnv - ok
04:31:11.0962 4712  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
04:31:11.0992 4712  sffdisk - ok
04:31:12.0002 4712  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
04:31:12.0034 4712  sffp_mmc - ok
04:31:12.0037 4712  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
04:31:12.0054 4712  sffp_sd - ok
04:31:12.0074 4712  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
04:31:12.0099 4712  sfloppy - ok
04:31:12.0112 4712  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
04:31:12.0149 4712  SharedAccess - ok
04:31:12.0179 4712  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:31:12.0234 4712  ShellHWDetection - ok
04:31:12.0252 4712  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:31:12.0259 4712  SiSRaid2 - ok
04:31:12.0274 4712  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
04:31:12.0282 4712  SiSRaid4 - ok
04:31:12.0327 4712  [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
04:31:12.0339 4712  SkypeUpdate - ok
04:31:12.0369 4712  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
04:31:12.0407 4712  Smb - ok
04:31:12.0434 4712  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
04:31:12.0447 4712  SNMPTRAP - ok
04:31:12.0492 4712  [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan        C:\Windows\syswow64\speedfan.sys
04:31:12.0517 4712  speedfan - ok
04:31:12.0527 4712  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
04:31:12.0557 4712  spldr - ok
04:31:12.0604 4712  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
04:31:12.0652 4712  Spooler - ok
04:31:12.0727 4712  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
04:31:12.0807 4712  sppsvc - ok
04:31:12.0822 4712  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
04:31:12.0852 4712  sppuinotify - ok
04:31:12.0862 4712  sptd - ok
04:31:12.0902 4712  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
04:31:12.0919 4712  srv - ok
04:31:12.0937 4712  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
04:31:12.0954 4712  srv2 - ok
04:31:12.0964 4712  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
04:31:12.0977 4712  srvnet - ok
04:31:13.0002 4712  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
04:31:13.0034 4712  SSDPSRV - ok
04:31:13.0044 4712  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
04:31:13.0067 4712  SstpSvc - ok
04:31:13.0102 4712  [ C270C64B4F6CA87DAC2D7F68ED57A141 ] stdriver        C:\Windows\system32\DRIVERS\stdriver64.sys
04:31:13.0109 4712  stdriver - ok
04:31:13.0127 4712  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
04:31:13.0134 4712  stexstor - ok
04:31:13.0187 4712  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
04:31:13.0227 4712  stisvc - ok
04:31:13.0249 4712  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
04:31:13.0259 4712  storflt - ok
04:31:13.0277 4712  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
04:31:13.0294 4712  StorSvc - ok
04:31:13.0304 4712  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
04:31:13.0314 4712  storvsc - ok
04:31:13.0329 4712  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
04:31:13.0337 4712  swenum - ok
04:31:13.0357 4712  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
04:31:13.0394 4712  swprv - ok
04:31:13.0467 4712  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
04:31:13.0509 4712  SysMain - ok
04:31:13.0537 4712  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:31:13.0554 4712  TabletInputService - ok
04:31:13.0574 4712  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
04:31:13.0604 4712  TapiSrv - ok
04:31:13.0622 4712  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
04:31:13.0662 4712  TBS - ok
04:31:13.0704 4712  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
04:31:13.0737 4712  Tcpip - ok
04:31:13.0764 4712  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
04:31:13.0789 4712  TCPIP6 - ok
04:31:13.0804 4712  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
04:31:13.0812 4712  tcpipreg - ok
04:31:13.0822 4712  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
04:31:13.0834 4712  TDPIPE - ok
04:31:13.0859 4712  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
04:31:13.0874 4712  TDTCP - ok
04:31:13.0904 4712  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
04:31:13.0967 4712  tdx - ok
04:31:13.0979 4712  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
04:31:13.0987 4712  TermDD - ok
04:31:14.0019 4712  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
04:31:14.0049 4712  TermService - ok
04:31:14.0062 4712  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
04:31:14.0079 4712  Themes - ok
04:31:14.0092 4712  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
04:31:14.0112 4712  THREADORDER - ok
04:31:14.0129 4712  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
04:31:14.0159 4712  TrkWks - ok
04:31:14.0204 4712  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:31:14.0269 4712  TrustedInstaller - ok
04:31:14.0299 4712  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
04:31:14.0319 4712  tssecsrv - ok
04:31:14.0364 4712  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
04:31:14.0394 4712  TsUsbFlt - ok
04:31:14.0434 4712  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
04:31:14.0482 4712  tunnel - ok
04:31:14.0519 4712  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
04:31:14.0544 4712  uagp35 - ok
04:31:14.0577 4712  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
04:31:14.0624 4712  udfs - ok
04:31:14.0649 4712  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
04:31:14.0662 4712  UI0Detect - ok
04:31:14.0669 4712  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
04:31:14.0682 4712  uliagpkx - ok
04:31:14.0714 4712  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
04:31:14.0734 4712  umbus - ok
04:31:14.0747 4712  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
04:31:14.0757 4712  UmPass - ok
04:31:14.0769 4712  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
04:31:14.0782 4712  UmRdpService - ok
04:31:14.0797 4712  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
04:31:14.0842 4712  upnphost - ok
04:31:14.0872 4712  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
04:31:14.0879 4712  usbccgp - ok
04:31:14.0917 4712  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
04:31:14.0947 4712  usbcir - ok
04:31:14.0972 4712  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
04:31:14.0987 4712  usbehci - ok
04:31:15.0017 4712  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
04:31:15.0024 4712  usbfilter - ok
04:31:15.0062 4712  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
04:31:15.0094 4712  usbhub - ok
04:31:15.0107 4712  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
04:31:15.0124 4712  usbohci - ok
04:31:15.0139 4712  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
04:31:15.0159 4712  usbprint - ok
04:31:15.0192 4712  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:31:15.0204 4712  USBSTOR - ok
04:31:15.0229 4712  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
04:31:15.0254 4712  usbuhci - ok
04:31:15.0272 4712  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
04:31:15.0322 4712  UxSms - ok
04:31:15.0359 4712  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
04:31:15.0387 4712  VaultSvc - ok
04:31:15.0412 4712  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
04:31:15.0422 4712  vdrvroot - ok
04:31:15.0452 4712  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
04:31:15.0487 4712  vds - ok
04:31:15.0499 4712  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
04:31:15.0509 4712  vga - ok
04:31:15.0527 4712  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
04:31:15.0559 4712  VgaSave - ok
04:31:15.0572 4712  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
04:31:15.0582 4712  vhdmp - ok
04:31:15.0652 4712  [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
04:31:15.0697 4712  VIAHdAudAddService - ok
04:31:15.0712 4712  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
04:31:15.0722 4712  viaide - ok
04:31:15.0747 4712  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
04:31:15.0759 4712  vmbus - ok
04:31:15.0774 4712  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
04:31:15.0807 4712  VMBusHID - ok
04:31:15.0817 4712  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
04:31:15.0829 4712  volmgr - ok
04:31:15.0862 4712  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
04:31:15.0879 4712  volmgrx - ok
04:31:15.0892 4712  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
04:31:15.0909 4712  volsnap - ok
04:31:15.0989 4712  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
04:31:16.0024 4712  vpnagent - ok
04:31:16.0057 4712  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
04:31:16.0082 4712  vpnva - ok
04:31:16.0102 4712  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
04:31:16.0114 4712  vsmraid - ok
04:31:16.0164 4712  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
04:31:16.0217 4712  VSS - ok
04:31:16.0232 4712  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
04:31:16.0249 4712  vwifibus - ok
04:31:16.0264 4712  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
04:31:16.0292 4712  W32Time - ok
04:31:16.0307 4712  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
04:31:16.0319 4712  WacomPen - ok
04:31:16.0339 4712  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
04:31:16.0374 4712  WANARP - ok
04:31:16.0377 4712  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
04:31:16.0397 4712  Wanarpv6 - ok
04:31:16.0459 4712  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
04:31:16.0494 4712  wbengine - ok
04:31:16.0529 4712  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
04:31:16.0564 4712  WbioSrvc - ok
04:31:16.0592 4712  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
04:31:16.0622 4712  wcncsvc - ok
04:31:16.0629 4712  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:31:16.0637 4712  WcsPlugInService - ok
04:31:16.0669 4712  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
04:31:16.0677 4712  Wd - ok
04:31:16.0722 4712  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
04:31:16.0757 4712  Wdf01000 - ok
04:31:16.0772 4712  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
04:31:16.0792 4712  WdiServiceHost - ok
04:31:16.0794 4712  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
04:31:16.0804 4712  WdiSystemHost - ok
04:31:16.0834 4712  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
04:31:16.0859 4712  WebClient - ok
04:31:16.0889 4712  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
04:31:16.0927 4712  Wecsvc - ok
04:31:16.0939 4712  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
04:31:16.0982 4712  wercplsupport - ok
04:31:17.0007 4712  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
04:31:17.0029 4712  WerSvc - ok
04:31:17.0039 4712  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
04:31:17.0059 4712  WfpLwf - ok
04:31:17.0064 4712  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
04:31:17.0072 4712  WIMMount - ok
04:31:17.0147 4712  [ 835D6E72637A35A84889D7721019BD91 ] WinAutomation Service C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
04:31:17.0167 4712  WinAutomation Service ( UnsignedFile.Multi.Generic ) - warning
04:31:17.0167 4712  WinAutomation Service - detected UnsignedFile.Multi.Generic (1)
04:31:17.0182 4712  WinDefend - ok
04:31:17.0194 4712  WinHttpAutoProxySvc - ok
04:31:17.0242 4712  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
04:31:17.0272 4712  Winmgmt - ok
04:31:17.0359 4712  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM           C:\Windows\system32\WsmSvc.dll
04:31:17.0409 4712  WinRM - ok
04:31:17.0432 4712  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
04:31:17.0452 4712  WinUsb - ok
04:31:17.0479 4712  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
04:31:17.0509 4712  Wlansvc - ok
04:31:17.0547 4712  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
04:31:17.0564 4712  WmiAcpi - ok
04:31:17.0607 4712  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
04:31:17.0644 4712  wmiApSrv - ok
04:31:17.0657 4712  WMPNetworkSvc - ok
04:31:17.0677 4712  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
04:31:17.0689 4712  WPCSvc - ok
04:31:17.0722 4712  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
04:31:17.0734 4712  WPDBusEnum - ok
04:31:17.0747 4712  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
04:31:17.0774 4712  ws2ifsl - ok
04:31:17.0787 4712  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
04:31:17.0809 4712  wscsvc - ok
04:31:17.0852 4712  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
04:31:17.0889 4712  WSDPrintDevice - ok
04:31:17.0927 4712  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
04:31:17.0942 4712  WSDScan - ok
04:31:17.0944 4712  WSearch - ok
04:31:18.0027 4712  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
04:31:18.0077 4712  wuauserv - ok
04:31:18.0099 4712  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
04:31:18.0119 4712  WudfPf - ok
04:31:18.0142 4712  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
04:31:18.0162 4712  WUDFRd - ok
04:31:18.0187 4712  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
04:31:18.0204 4712  wudfsvc - ok
04:31:18.0229 4712  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
04:31:18.0242 4712  WwanSvc - ok
04:31:18.0259 4712  ================ Scan global ===============================
04:31:18.0279 4712  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:31:18.0304 4712  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
04:31:18.0319 4712  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
04:31:18.0354 4712  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:31:18.0377 4712  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:31:18.0379 4712  [Global] - ok
04:31:18.0379 4712  ================ Scan MBR ==================================
04:31:18.0389 4712  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:31:18.0572 4712  \Device\Harddisk0\DR0 - ok
04:31:18.0582 4712  [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
04:31:18.0912 4712  \Device\Harddisk1\DR1 - ok
04:31:18.0912 4712  ================ Scan VBR ==================================
04:31:18.0919 4712  [ A53C107BD317E979DAD6BB93774177B0 ] \Device\Harddisk0\DR0\Partition1
04:31:18.0922 4712  \Device\Harddisk0\DR0\Partition1 - ok
04:31:18.0949 4712  [ 42FB7E37A4708B7A622458A7D94D2DE7 ] \Device\Harddisk0\DR0\Partition2
04:31:18.0952 4712  \Device\Harddisk0\DR0\Partition2 - ok
04:31:18.0964 4712  [ EB6CD6E7AE47D9CA0C0478C056B40B1D ] \Device\Harddisk0\DR0\Partition3
04:31:18.0967 4712  \Device\Harddisk0\DR0\Partition3 - ok
04:31:18.0969 4712  [ EAE3E893465C0DE9BBF892211262D047 ] \Device\Harddisk1\DR1\Partition1
04:31:18.0972 4712  \Device\Harddisk1\DR1\Partition1 - ok
04:31:18.0972 4712  ============================================================
04:31:18.0972 4712  Scan finished
04:31:18.0972 4712  ============================================================
04:31:18.0984 3052  Detected object count: 2
04:31:18.0984 3052  Actual detected object count: 2
04:34:01.0922 3052  Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
04:34:01.0922 3052  Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
04:34:01.0922 3052  WinAutomation Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:34:01.0922 3052  WinAutomation Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
04:36:09.0270 4296  Deinitialize success
         

Alt 23.01.2013, 14:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Ist unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.01.2013, 19:57   #11
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.107 - Datei am 23/01/2013 um 19:55:50 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Oraleva - NIGHTFALL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oraleva\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\2aeb906629509643
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Oraleva\AppData\Roaming\Mozilla\Firefox\Profiles\q9kd1fj1.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1333 octets] - [23/01/2013 19:55:50]

########## EOF - C:\AdwCleaner[R1].txt - [1393 octets] ##########
         

Alt 23.01.2013, 21:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.01.2013, 06:50   #13
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.107 - Datei am 24/01/2013 um 04:51:23 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Oraleva - NIGHTFALL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oraleva\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\2aeb906629509643
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\Oraleva\AppData\Roaming\Mozilla\Firefox\Profiles\q9kd1fj1.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1458 octets] - [23/01/2013 19:55:50]
AdwCleaner[S1].txt - [1233 octets] - [24/01/2013 04:51:23]

########## EOF - C:\AdwCleaner[S1].txt - [1293 octets] ##########
         
OTL
Code:
ATTFilter
OTL logfile created on: 24.01.2013 05:57:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,38% Memory free
15,99 Gb Paging File | 13,76 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 21,54 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 59,98 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,28 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\AVG 2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG 2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Treiber\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Windows\DAODx.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Treiber\EPU\pngio.dll ()
MOD - C:\Treiber\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Treiber\EPU\AsusService.dll ()
MOD - C:\Windows\DAODx.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (WinAutomation Service) -- C:\Programme\WinAutomation\WinAutomation.ServiceAgent.exe (Softomotive)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ip100Avista) -- C:\Windows\SysNative\drivers\ipfnd51.sys (IC Plus Corp.                                                                                                                                                                                                                                                )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH)
DRV - (AODDriver4.2) -- C:\Programme\ATI\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 4E 67 51 BA D5 CB 01  [binary data]
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us01.personalitycores.com%3A8000%3B%20PROXY%20us02.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.11 17:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 04:08:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:08:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 04:08:56 | 000,000,000 | ---D | M]
 
[2011.02.26 14:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Extensions
[2013.01.21 20:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions
[2013.01.11 17:54:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.21 20:33:48 | 000,315,066 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.01.07 15:56:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.01.19 04:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 04:08:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.01.11 17:38:03 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2013.01.19 04:08:58 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 17:46:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 14:36:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.10 17:46:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 17:46:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.10 17:46:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.10 17:46:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.14 22:54:29 | 000,888,494 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: ::1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15286 more lines...
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Treiber\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm ()
O8:64bit: - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0991080A-0A03-479D-9950-7F865179AD56}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72E52CF6-1902-46CB-8434-BE0DB963E4A2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun
O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\autorun.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCountdownTimer
[2013.01.23 19:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013.01.23 19:43:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.23 19:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013.01.19 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.19 19:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.01.19 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.01.19 19:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013.01.19 19:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2013.01.19 04:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 15:23:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.18 15:23:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.18 15:23:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.11 15:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.01.10 17:19:51 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.10 17:19:51 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.10 17:19:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.10 17:19:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.10 17:19:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.10 17:19:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.10 17:19:51 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.10 17:19:51 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.10 17:19:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.10 17:19:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.10 17:19:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.10 17:19:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.10 17:19:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.10 17:19:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.10 17:19:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.10 17:19:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.10 17:19:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.10 17:19:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.10 17:19:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.10 17:19:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.10 17:19:51 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.10 17:19:51 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.10 17:19:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.10 17:19:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.10 17:19:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.10 17:19:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.10 17:19:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 17:19:41 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.10 17:19:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.10 17:19:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.10 17:19:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.10 17:19:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.10 17:19:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.10 17:19:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.10 17:19:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.10 17:19:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.10 17:19:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 17:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 17:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 17:19:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.10 17:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 17:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 17:19:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.10 17:19:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.10 17:19:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 17:19:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.10 17:19:34 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.10 17:19:34 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 17:19:34 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 17:19:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.04 13:34:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.04 13:34:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.04 13:34:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.04 13:34:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.03 21:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 05:59:46 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 05:59:46 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 05:52:31 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013.01.24 05:52:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 05:52:22 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.23 18:35:59 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.23 18:35:59 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.23 18:35:59 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.23 18:35:59 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.23 18:35:59 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.22 09:03:30 | 000,000,020 | ---- | M] () -- C:\Users\Oraleva\defogger_reenable
[2013.01.22 04:42:33 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 2 Deluxe Edition.lnk
[2013.01.15 15:35:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.14 22:54:29 | 000,888,494 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.11 15:31:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.01.11 15:24:07 | 000,415,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 17:27:53 | 001,598,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.03 21:20:21 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.03 21:20:21 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.23 19:46:53 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013.01.22 09:03:30 | 000,000,020 | ---- | C] () -- C:\Users\Oraleva\defogger_reenable
[2013.01.22 04:42:33 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 2 Deluxe Edition.lnk
[2013.01.03 21:31:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.20 17:32:04 | 000,007,609 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg
[2012.11.07 15:49:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.08.07 20:20:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.07 20:20:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.11 05:18:14 | 000,019,002 | ---- | C] () -- C:\Users\Oraleva\.recently-used.xbel
[2012.05.24 22:09:56 | 000,114,688 | ---- | C] () -- C:\Windows\Lavish.dll
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.31 15:00:29 | 000,010,639 | ---- | C] () -- C:\Users\Oraleva\WiehlerZ_elster_2048.pfx
[2012.02.29 08:28:08 | 000,000,798 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.19 18:46:33 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.02.19 18:46:33 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.01.06 21:49:45 | 000,000,393 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.01.06 20:11:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.06 20:11:52 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.06 20:11:52 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.01.06 20:11:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.06 20:11:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.06 19:23:55 | 000,007,680 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.12 18:00:09 | 000,001,526 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\No23 Recorder.lnk
[2011.11.08 16:21:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.24 23:33:01 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.06.24 23:33:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.06.24 23:33:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.06.24 23:11:35 | 000,027,089 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.04.02 13:03:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2011.04.02 13:03:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2011.04.02 13:03:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2011.04.02 13:03:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll
[2011.04.02 13:03:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2011.04.02 13:03:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2011.04.02 13:03:14 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe
[2011.04.02 13:03:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2011.04.02 13:03:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2011.04.02 13:03:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2011.04.02 13:03:14 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe
[2011.04.02 13:03:14 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2011.04.02 13:03:14 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe
[2011.04.02 13:03:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2011.04.02 13:03:14 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe
[2011.04.02 13:03:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2011.04.02 13:03:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2011.03.20 18:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.03.08 13:08:07 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.01 19:12:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.26 01:17:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.26 00:30:19 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.26 00:30:19 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.26 00:30:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.02.26 00:30:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.02.25 23:55:21 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.02.25 23:52:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 05:57:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,38% Memory free
15,99 Gb Paging File | 13,76 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 21,54 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 59,98 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,28 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
 
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E241E2F-D648-4A90-9903-CDC3288418C4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0ED54C44-85D3-4B4E-9BCA-EDE056CDB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{161473B2-340C-48B1-A63A-597A4637E1CC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{356C42EB-2EE2-46B8-98D0-A29381AE1B60}" = lport=138 | protocol=17 | dir=in | app=system | 
"{46E25BB4-321B-4A28-BCA5-7946876A59F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6C3C665F-A0D7-4EF9-924A-7A717B025898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6EE50CD5-E6D4-4A56-8656-69A5CF192C66}" = lport=139 | protocol=6 | dir=in | app=system | 
"{98D466BA-423A-45A9-ACC9-FB1F8DE99DC6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9FDEEB32-05FF-4E9B-B8D5-9FD1EB9CA812}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A834399E-A280-42E5-BC37-0067CF41A34D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0559A10-B482-4D4E-9E02-D8F2429CBFBB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CED7293A-C683-463F-AF4D-3D042DE3D32C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C87976-1071-4FF8-BB1F-12F832B9D656}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{03AB9238-3C07-4DB6-AA2E-E4BFADA3C16A}" = dir=out | app=%programfiles% (x86)\mozilla firefox\updater.exe | 
"{04B93F66-CC9A-4A26-928D-2DE3CFEF1CAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0E46E9FF-A87F-4179-8CBB-AEA33FABD101}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe | 
"{2B6238AB-AD3F-4648-A63C-201EE0FC2F59}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe | 
"{4371750A-C02B-4EA0-911C-07D2A330EBA8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4BE203BF-6A73-48FB-BFBC-64CEA37F2B51}" = dir=out | app=%programfiles% (x86)\mozilla firefox\firefox.exe | 
"{52B9A55D-5C31-46DF-BA4C-C14D5CE7D980}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe | 
"{52C26434-7AFD-4661-9A83-F9F32ACFEE2B}" = protocol=58 | dir=in | app=system | 
"{6A61D799-AB1E-4DAA-BB2E-AEFB9ECB9746}" = dir=in | name=lisa pc | 
"{72D7C9D7-BA9C-438C-8B85-990184FC8910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7B5ADEC0-ECEC-48B3-832D-2EF6E159338D}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe | 
"{8F3CCD99-CB17-4E6B-9622-3D6E14CD6881}" = dir=out | app=%programfiles% (x86)\mozilla firefox\webapprt-stub.exe | 
"{A5F29929-E36D-49F7-9AFB-AF533174C737}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe | 
"{B7E32E20-A915-457B-BFD4-AB6F4BCBDD6F}" = dir=out | app=%programfiles% (x86)\mozilla firefox\plugin-container.exe | 
"{DD2D2D60-118F-4249-8A91-CAEFB054CD27}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe | 
"{E3D3E0D4-3928-4F87-BDB5-DF9010805AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EFF03BBE-152D-48E7-A711-362DE1DE1F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe | 
"{F2F37803-E344-4E40-A6FE-0E2A8A9C06E4}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe | 
"{FE20DE68-5F3C-449A-81DB-081A44A25F8F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"TCP Query User{10CAB2F0-4F68-4162-9B50-C7DB400DFBDF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{14EF3ACF-9647-4DC2-B237-4D0B02661A9A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{7C6016D3-6AF9-42F9-90D8-6453B6F4667A}D:\mass effect 2 deluxe edition\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\mass effect 2 deluxe edition\binaries\masseffect2.exe | 
"UDP Query User{297E2A22-1418-440E-B96C-6DEAA3FB58EA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{42426BF4-1288-4D96-962F-E89D4E084FCC}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{60FEA785-54D0-4735-ACCF-4ACEAC03EDFC}D:\mass effect 2 deluxe edition\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\mass effect 2 deluxe edition\binaries\masseffect2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{66A0F974-5E12-4E9D-A123-B1C6B6BA9804}" = Classic Shell
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B165B42D-0291-D45A-ACE2-D0144CB9FD3E}" = AMD Fuel
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1" = Half-Life Singleplayer Edition 2012
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{022BC727-ACB7-4C1D-109C-177515714A32}" = AMD VISION Engine Control Center
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3844035A-9429-4E54-86B0-6EE3778BA3FB}_is1" = The Elder Scrolls V: Skyrim
"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.0.0
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36A5251-2379-429B-9785-EEF2A5F8DBCB}_is1" = Mass Effect 2 Deluxe Edition
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"5513-1208-7298-9440" = JDownloader 0.9
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"BOSS" = BOSS
"Broken Sword: Shadow of the Templar's Directors Cut_is1" = Broken Sword: Shadow of the Templar's Directors Cut
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Crossword Compiler Deutsch 8 Testversion" = Crossword Compiler Deutsch 8 Testversion
"Debut" = Debut Video Capture Software
"Determinance_is1" = Determinance
"Diablo II" = Diablo II
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DiskSpeed32" = DiskSpeed32
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.5.1
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.22.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.1
"GeoGebra" = GeoGebra
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MetaProducts Portable Offline Browser" = MetaProducts Portable Offline Browser
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"Sonique15" = Sonique
"Soulseek" = SoulSeek Client 156c
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steamless_FakeFactory_CM10" = Steamless_FakeFactory_CM10
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The Elder Scrolls V Hearthfire DLC Englische Version 1.00" = The Elder Scrolls V Hearthfire DLC Englische Version 1.00
"The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00" = The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00
"The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00" = The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"TheHive_is1" = The Hive 1.2
"Ultima Online Second Age" = Ultima Online Second Age 5.0.8.3
"VLC media player" = VLC media player 1.1.7
"WinAutomation" = WinAutomation
"WinPcapInst" = WinPcap 4.1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned©  Zevran" = Dragon Age Redesigned©  Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"GeoGebra WebStart" = GeoGebra WebStart
"SOE-EverQuest" = EverQuest
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Xilisoft DVD Audio Ripper 6" = Xilisoft DVD Audio Ripper 6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x7a0  Startzeit der fehlerhaften Anwendung: 0x01cdf324f5e1bae1
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 5a84df1d-5f28-11e2-9f78-bcaec52abc04
 
Error - 15.01.2013 12:16:02 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x744  Startzeit der fehlerhaften Anwendung: 0x01cdf33550c6a8d2
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 dabe4bcd-5f2e-11e2-ac02-bcaec52abc04
 
Error - 16.01.2013 00:16:39 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x764  Startzeit der fehlerhaften Anwendung: 0x01cdf33bd0fb8e7f
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 85d9a6e4-5f93-11e2-807f-bcaec52abc04
 
Error - 16.01.2013 13:22:17 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 16.01.2013 22:31:18 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x750  Startzeit der fehlerhaften Anwendung: 0x01cdf3de48c84d37
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 f8b81952-604d-11e2-853e-bcaec52abc04
 
Error - 17.01.2013 12:11:50 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.01.2013 01:08:08 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x714  Startzeit der fehlerhaften Anwendung: 0x01cdf4b95c539782
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 0bdfe678-612d-11e2-9f1e-bcaec52abc04
 
Error - 18.01.2013 19:31:39 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 19.01.2013 00:29:14 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x75c  Startzeit der fehlerhaften Anwendung: 0x01cdf5864aa06bdd
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 c73f13b4-61f0-11e2-ab2d-bcaec52abc04
 
Error - 19.01.2013 14:06:23 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x501fefb5  Name des fehlerhaften Moduls: Device.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x748  Startzeit der fehlerhaften Anwendung: 0x01cdf6640030aca8
Pfad
 der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll  Berichtskennung:
 eef3d78d-6262-11e2-b1e4-bcaec52abc04
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 24.01.2013 00:52:30 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 24.01.2013 00:52:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 24.01.2013 00:52:39 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 24.01.2013 00:52:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 24.01.2013 00:52:43 | Computer Name = Nightfall | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1127 NULL object. Cannot establish a connection at this time.
 
[ OSession Events ]
Error - 31.10.2011 12:15:53 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1026
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 01.10.2012 13:58:44 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1313
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ Spybot - Search and Destroy Events ]
Error - 13.12.2012 17:08:20 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 17:09:05 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 17:12:40 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 17:15:32 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 18:13:19 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 18:14:07 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.12.2012 18:29:49 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 14.01.2013 19:19:39 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 14.01.2013 19:19:55 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 15.01.2013 09:36:59 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 23.01.2013 04:37:07 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.01.2013 13:27:59 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 23.01.2013 13:28:00 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.01.2013 13:28:06 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 23.01.2013 13:29:00 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description = 
 
Error - 23.01.2013 23:52:00 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 24.01.2013 00:52:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 24.01.2013 00:52:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 24.01.2013 00:52:40 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 24.01.2013 00:53:32 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Alt 24.01.2013, 10:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2013, 05:15   #15
Fritschii
 
PC sauber? Spybot kann Funde nicht bereinigen - Standard

PC sauber? Spybot kann Funde nicht bereinigen



Malwarebytes Anti-Malware
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.24.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Oraleva :: NIGHTFALL [Administrator]

24.01.2013 16:18:29
mbam-log-2013-01-24 (16-18-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234169
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=57320afd99842f419ec379c42755acb7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-25 02:47:19
# local_time=2013-01-25 03:47:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1167367 110711889 0 0
# scanned=508761
# found=2
# cleaned=0
# scan_time=19230
D:\Netzwerk\Notfall-Pack\DebugKiller.exe	probably unknown NewHeur_PE virus	D47D9AB417450F24C5E65E2632299FB9D13990A8	I
E:\AutoRun.inf	Win32/AutoRun.Delf.EP worm	713E0210B5C16CEDD72E03C18A0FBDD5702BF16D	I
         

Antwort

Themen zu PC sauber? Spybot kann Funde nicht bereinigen
aktuell, befreien, beheben, bereinigen, blick, diverse, einfach, erlaubte, festgestellt, funde, größer, installation, konnte, liebe, malwarebytes, maximale, probleme, profis, sauber, spybot, system, troja, trojaners, vermute, wirklich



Ähnliche Themen: PC sauber? Spybot kann Funde nicht bereinigen


  1. Spybot kann Win32.Qhost.ahnj nicht löschen
    Log-Analyse und Auswertung - 03.05.2015 (20)
  2. Spybot kann Malwares anscheinend nicht entfernen
    Log-Analyse und Auswertung - 04.07.2014 (13)
  3. Spybot kann nicht alle meine Probleme beheben
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (15)
  4. BKA Virus: was kann ich tun um das System wieder zu bereinigen?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (13)
  5. Was tun mit W3i.IQ5.fraud? Spybot kann dieses Problem nicht lösen, Antivira findet es erst gar nicht!
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (2)
  6. Virtumonde.atr von Spybot S&D gefunden und kann es nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (23)
  7. Antivir Guard kann nicht gestartet werden, Keine Funde mit Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 28.02.2011 (4)
  8. Spybot kann Probleme nicht beheben
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (47)
  9. Trojan.Dropper.PGEN, wie kann ich den bereinigen?
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (2)
  10. Spybot kann Win32.Agent.sxi nicht entfernen
    Log-Analyse und Auswertung - 21.11.2008 (31)
  11. Spybot kann win32.agent.pz nicht entfernen
    Log-Analyse und Auswertung - 17.03.2008 (5)
  12. Kann Spybot nicht aktualisieren
    Antiviren-, Firewall- und andere Schutzprogramme - 19.05.2005 (2)
  13. P2P-Worm.Win32.Spybot.fb / kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 24.02.2005 (2)
  14. MediaPlex kann mit Spybot 1.2 nicht entfernt werden
    Log-Analyse und Auswertung - 24.01.2005 (4)
  15. Spybot S&D kann nicht löschen
    Antiviren-, Firewall- und andere Schutzprogramme - 11.01.2005 (3)
  16. Kann Startseite nach Spybot nicht mehr ändern
    Plagegeister aller Art und deren Bekämpfung - 25.04.2004 (5)
  17. Fehleralarm von SpyBot oder AdAware kann es nicht finden?
    Antiviren-, Firewall- und andere Schutzprogramme - 09.02.2003 (9)

Zum Thema PC sauber? Spybot kann Funde nicht bereinigen - Hey liebe Trojaners , erstmal danke, dass es Euch gibt, ihr seid ein Lichtblick in der Welt, konntet mir schon einige Male helfen. Ich habe keine akuten Probleme, aber die - PC sauber? Spybot kann Funde nicht bereinigen...
Archiv
Du betrachtest: PC sauber? Spybot kann Funde nicht bereinigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.