Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SweetIM & Websearch.mocaflix ...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.01.2013, 12:12   #1
YuT666
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



HabedieEhre aus Niederbayern,

hab mir seit Jahren nichts mehr "eingefangen", aber jetzt scheint es wieder soweit zu sein. Kam bisher nicht recht weiter ...

Das nervige SweetIM (kann nicht normal über die Windows 7 Boardmittel deinstalliert werden) und die Suchmaschinenkrankheit websearch.mocaflix sind auf meinem Rechner vorhanden. Hijackthis hat auch beides angezeigt. Wahrscheinlich ist auch noch etwas mehr im Argen.

Über Hilfe würde ich mich freuen, thanks ...

Windows 7 Pro - 32Bit ...

Cu

Tom

Alt 19.01.2013, 16:03   #2
markusg
/// Malware-holic
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 19.01.2013, 16:31   #3
YuT666
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Code:
ATTFilter
OTL logfile created on: 19.01.2013 16:15:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\YuT666\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,06% Memory free
6,50 Gb Paging File | 5,26 Gb Available in Paging File | 80,99% Paging File free
Paging file location(s): i:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 10,79 Gb Free Space | 17,98% Space Free | Partition Type: NTFS
Drive D: | 177,87 Gb Total Space | 18,18 Gb Free Space | 10,22% Space Free | Partition Type: NTFS
Drive E: | 227,88 Gb Total Space | 19,60 Gb Free Space | 8,60% Space Free | Partition Type: NTFS
Drive F: | 170,01 Gb Total Space | 74,33 Gb Free Space | 43,72% Space Free | Partition Type: NTFS
Drive G: | 200,00 Gb Total Space | 112,07 Gb Free Space | 56,04% Space Free | Partition Type: NTFS
Drive H: | 65,76 Gb Total Space | 65,54 Gb Free Space | 99,67% Space Free | Partition Type: NTFS
Drive I: | 29,99 Gb Total Space | 26,62 Gb Free Space | 88,75% Space Free | Partition Type: NTFS
 
Computer Name: YUT666-PC | User Name: YuT666 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.19 14:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\YuT666\Downloads\OTL.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Tools\System\Security\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Tools\System\Security\Avast\AvastSvc.exe
PRC - [2012.09.28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.09 15:47:12 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\86d50cfb9c655209d3fbbbe6071337b2\WindowsFormsIntegration.ni.dll
MOD - [2013.01.09 15:44:57 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013.01.09 15:44:56 | 000,762,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 15:44:48 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
MOD - [2013.01.09 15:18:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
MOD - [2013.01.09 15:17:50 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
MOD - [2013.01.09 15:17:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\35296661bd979735d6afd036a104bfd6\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 15:17:45 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll
MOD - [2013.01.09 15:17:42 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013.01.09 15:17:40 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013.01.09 15:17:39 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013.01.09 15:17:39 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
MOD - [2013.01.09 15:17:36 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013.01.09 15:17:35 | 009,093,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013.01.09 15:17:28 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.09.28 15:42:42 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2012.02.17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Tools\Compression\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.19 10:58:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 22:00:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Tools\System\Security\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.12 15:58:46 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.26 14:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.07.20 13:15:20 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2012.07.01 18:14:50 | 000,044,656 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (Rockusb)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.04.09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2)
DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011.10.13 12:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.10.13 12:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.10.13 12:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.06.15 20:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ddmdrv.sys -- (ddmdrv)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.25 18:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\prwntdrv.sys -- (prwntdrv)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.13 23:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.04.29 23:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.04.29 23:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFilter)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.22 09:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.11.22 09:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.mocaflix.com/?l=1&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.mocaflix.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 81 AC 89 5D 24 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Google Deutschland"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4
FF - prefs.js..extensions.enabledAddons: %7BDB9127A2-3381-41ec-82B3-1B6ED4C6F29A%7D:6.0
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..network.proxy.http: "46.23.64.124"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\Binaries\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Tools\System\Security\Avast\WebRep\FF [2012.11.04 18:31:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Tools\Internet\Firefox\components [2013.01.19 10:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Tools\Internet\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Tools\Internet\Thunderbird\components [2013.01.08 21:19:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Tools\Internet\Thunderbird\plugins
 
[2012.04.27 11:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\Extensions
[2013.01.10 21:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\Firefox\Profiles\lt3hkzxi.default\extensions
[2013.01.05 09:45:03 | 000,000,000 | ---D | M] (Flashget Downloader Extension) -- C:\Users\YuT666\AppData\Roaming\mozilla\Firefox\Profiles\lt3hkzxi.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2012.10.22 22:44:15 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\extensions\stealthyextension@gmail.com.xpi
[2013.01.10 21:02:06 | 000,347,812 | ---- | M] () (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.11.23 15:41:44 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.14 19:09:11 | 000,002,245 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\ebay-deutschland---kleinanzeigen.xml
[2013.01.14 19:09:11 | 000,002,538 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\ebay-deutschland.xml
[2013.01.17 10:38:42 | 000,002,400 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\google-deutschland.xml
[2013.01.14 19:09:11 | 000,002,537 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\imdb.xml
[2013.01.14 19:09:26 | 000,005,524 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\ofdb---alles.xml
[2012.10.03 18:01:20 | 000,003,915 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\sweetim.xml
[2012.11.10 11:52:42 | 000,000,544 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\WebSearch.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://websearch.mocaflix.com/
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.11.27 08:54:01 | 000,444,883 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15278 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Tools\System\Security\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\YuT666\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Tools\System\Security\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Tools\System\Security\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgetflvurl.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F46241AD-8CDA-4EC4-AF79-543C9AF31643}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBC6EF45-D9DA-4BF3-9D2C-892702771E1D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.19 11:43:35 | 000,000,000 | ---D | C] -- C:\6
[2013.01.19 11:08:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.16 10:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSP ISO Compressor
[2013.01.11 20:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013.01.11 19:13:58 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Targem
[2013.01.11 19:13:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games
[2013.01.09 21:50:05 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\PSP
[2013.01.09 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\N64
[2013.01.09 19:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.01.09 19:13:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2013.01.09 19:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GearGrinder
[2013.01.05 09:43:44 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
[2013.01.05 09:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7
[2013.01.05 09:43:41 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\FlashgetSetup
[2013.01.05 09:43:41 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\BITS
[2013.01.05 09:43:37 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\FlashGetBHO
[2013.01.05 09:43:33 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\FlashGet
[2013.01.04 20:24:38 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\PSX
[2013.01.04 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\YuT666\PSX
[2013.01.02 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Documents\Neuer Ordner
[2012.12.31 11:50:20 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Documents\Rockstar Games
[2012.12.31 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Rockstar Games
[2012.12.31 10:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.12.31 10:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2012.12.30 16:47:55 | 000,000,000 | ---D | C] -- C:\toolbarImages
[2012.12.28 20:24:15 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\Neuer Ordner
[2012.12.28 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Programs
[2012.12.27 19:42:45 | 000,000,000 | R--D | C] -- C:\Users\YuT666\Documents\HP Photo Creations
[2012.12.27 19:42:45 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\Visan
[2012.12.27 19:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012.12.21 21:10:48 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Fallout3
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.19 16:13:41 | 000,000,380 | ---- | M] () -- C:\Windows\System32\secustat.dat
[2013.01.19 16:03:45 | 000,001,184 | ---- | M] () -- C:\Windows\System32\secushr.dat
[2013.01.19 15:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.19 15:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.19 14:57:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.19 14:44:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.19 12:17:27 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 12:17:27 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.19 11:31:25 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.19 11:31:25 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.19 11:31:25 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.19 11:31:25 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.19 09:12:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.01.19 09:12:03 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{6263A61B-8152-43AA-91DD-D1FB79FDCCA3}.job
[2013.01.18 22:54:47 | 000,001,355 | ---- | M] () -- C:\Users\YuT666\Desktop\XMedia Recode - Verknüpfung.lnk
[2013.01.15 08:51:40 | 000,015,249 | ---- | M] () -- C:\Users\YuT666\Desktop\OpenDocument Text (neu).odt
[2013.01.11 20:22:39 | 000,000,579 | ---- | M] () -- C:\Users\Public\Desktop\Outcast.lnk
[2013.01.11 19:51:22 | 000,021,456 | ---- | M] () -- C:\Users\YuT666\Documents\ESt2012_Nirschl_Thomas.elfo
[2013.01.10 08:17:00 | 000,389,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 19:13:06 | 000,000,573 | ---- | M] () -- C:\Users\YuT666\Desktop\GearGrinder.lnk
[2013.01.07 16:26:51 | 000,158,603 | ---- | M] () -- C:\Users\YuT666\Documents\ESt2011_Nirschl_Thomas.elfo
[2013.01.05 09:44:22 | 000,001,446 | ---- | M] () -- C:\Users\YuT666\Desktop\FlashGet.lnk
[2013.01.05 09:43:55 | 000,000,025 | ---- | M] () -- C:\Windows\emcore.INI
[2013.01.05 09:43:47 | 000,000,945 | ---- | M] () -- C:\Users\YuT666\Desktop\FlashGet3.lnk
[2012.12.31 11:53:01 | 000,000,938 | ---- | M] () -- C:\Users\YuT666\Desktop\GTAIV - Verknüpfung.lnk
[2012.12.29 20:52:14 | 000,000,549 | ---- | M] () -- C:\Users\YuT666\Desktop\Minecraft (2).lnk
[2012.12.28 14:51:00 | 000,001,608 | ---- | M] () -- C:\Users\YuT666\Desktop\Revouninstaller.lnk
[2012.12.28 11:54:35 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.18 22:54:47 | 000,001,355 | ---- | C] () -- C:\Users\YuT666\Desktop\XMedia Recode - Verknüpfung.lnk
[2013.01.11 20:22:39 | 000,000,579 | ---- | C] () -- C:\Users\Public\Desktop\Outcast.lnk
[2013.01.11 19:51:11 | 000,021,456 | ---- | C] () -- C:\Users\YuT666\Documents\ESt2012_Nirschl_Thomas.elfo
[2013.01.09 19:13:06 | 000,000,573 | ---- | C] () -- C:\Users\YuT666\Desktop\GearGrinder.lnk
[2013.01.05 10:45:44 | 000,001,184 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2013.01.05 09:45:19 | 000,000,380 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2013.01.05 09:44:22 | 000,001,446 | ---- | C] () -- C:\Users\YuT666\Desktop\FlashGet.lnk
[2013.01.05 09:43:55 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI
[2013.01.05 09:43:46 | 000,000,945 | ---- | C] () -- C:\Users\YuT666\Desktop\FlashGet3.lnk
[2013.01.02 23:08:03 | 000,015,249 | ---- | C] () -- C:\Users\YuT666\Desktop\OpenDocument Text (neu).odt
[2012.12.31 11:53:01 | 000,000,938 | ---- | C] () -- C:\Users\YuT666\Desktop\GTAIV - Verknüpfung.lnk
[2012.12.29 20:52:14 | 000,000,549 | ---- | C] () -- C:\Users\YuT666\Desktop\Minecraft (2).lnk
[2012.12.28 14:51:00 | 000,001,608 | ---- | C] () -- C:\Users\YuT666\Desktop\Revouninstaller.lnk
[2012.10.21 14:28:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2012.10.21 14:28:08 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2012.10.21 14:28:08 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.09.03 18:26:56 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012.08.29 10:28:39 | 000,148,992 | ---- | C] () -- C:\Windows\UNWISE32.EXE
[2012.08.26 07:17:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.02 12:24:45 | 000,000,000 | ---- | C] () -- C:\Windows\SSCNCSrv.INI
[2012.08.02 11:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\CNCLogin.INI
[2012.07.28 02:30:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.07.28 02:30:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.07.26 20:16:26 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.06.15 15:53:44 | 000,000,212 | ---- | C] () -- C:\Users\YuT666\.swfinfo
[2012.05.25 18:11:33 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.05.25 18:11:33 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.05.25 18:11:33 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.05.25 18:11:33 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.05.25 18:11:32 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.05.13 17:30:32 | 000,098,696 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe
[2012.05.13 17:30:32 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys
[2012.05.12 22:13:45 | 001,118,648 | ---- | C] () -- C:\Windows\ddmmain.exe
[2012.05.12 22:13:45 | 000,012,728 | ---- | C] () -- C:\Windows\System32\ddmdrv.sys
[2012.05.12 21:49:36 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.05.12 21:49:35 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.05.12 21:49:34 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.05.11 20:52:51 | 000,003,072 | ---- | C] () -- C:\Users\YuT666\AppData\Local\file__0.localstorage
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.04.29 12:18:03 | 000,000,867 | ---- | C] () -- C:\Users\YuT666\.recently-used.xbel
[2012.04.29 11:45:12 | 000,000,617 | ---- | C] () -- C:\Users\YuT666\AppData\Roaming\burnaware.ini
[2012.04.27 22:40:16 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.04.27 20:45:31 | 000,000,362 | ---- | C] () -- C:\Users\YuT666\.jajuk_bootstrap.xml
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.04.12 02:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.27 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\.kde
[2012.12.30 11:12:47 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\.minecraft
[2012.05.26 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\.minecraft_server
[2012.06.01 16:26:13 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Bioshock2
[2013.01.19 16:13:41 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\BITS
[2012.09.30 09:43:07 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\CPC Loader
[2012.07.26 20:16:24 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\DesktopIconForAmazon
[2012.12.02 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\DVDVideoSoft
[2012.05.18 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\elsterformular
[2012.06.09 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FFSJ
[2013.01.05 12:43:51 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FlashGet
[2013.01.05 09:43:38 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FlashGetBHO
[2013.01.05 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FlashgetSetup
[2012.11.02 12:52:22 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FreeFLVConverter
[2012.06.13 19:37:01 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\GameFly
[2012.06.09 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\GetRightToGo
[2012.07.08 05:53:32 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\GlarySoft
[2012.08.25 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\globalip
[2012.04.29 12:18:03 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\gtk-2.0
[2012.04.29 11:58:44 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\ImgBurn
[2012.05.03 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Jaangle
[2012.12.01 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\MAXON
[2012.08.02 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\NJSTC
[2012.05.13 14:19:15 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\OpenOffice.org
[2012.04.27 15:55:26 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\PhotoFiltre
[2012.10.06 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\ProtectDISC
[2012.11.10 11:52:44 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\SendSpace
[2012.04.29 11:48:40 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Software Update
[2012.05.04 09:26:04 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\T-Online
[2012.04.27 11:58:37 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Thunderbird
[2012.12.02 00:50:18 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\TS3Client
[2012.06.23 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Ubisoft
[2012.12.27 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Visan
[2012.12.23 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\XnView
[2012.06.01 18:34:42 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\ZombieDriver
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.25 05:34:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.14 11:21:10 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT
[2013.01.19 11:43:35 | 000,000,000 | ---D | M] -- C:\6
[2012.08.26 07:11:09 | 000,000,000 | ---D | M] -- C:\AMD
[2012.04.29 18:55:42 | 000,000,000 | ---D | M] -- C:\archive_db
[2012.04.27 11:58:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.05.13 14:15:34 | 000,000,000 | ---D | M] -- C:\clean
[2013.01.19 11:08:48 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.04.27 11:05:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.19 16:03:45 | 000,000,000 | --SD | M] -- C:\Downloads
[2012.05.31 07:41:11 | 000,000,000 | ---D | M] -- C:\HbUser
[2012.07.31 08:36:20 | 000,000,000 | ---D | M] -- C:\Infotext
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.19 10:59:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.28 11:49:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.04.27 11:05:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.04.27 11:05:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.19 16:16:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.05 15:39:49 | 000,000,000 | ---D | M] -- C:\T-Online Banking
[2012.12.30 16:47:55 | 000,000,000 | ---D | M] -- C:\toolbarImages
[2012.08.02 11:52:53 | 000,000,000 | ---D | M] -- C:\Tools
[2012.04.27 11:06:08 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.09 19:14:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.04.27 11:09:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.04.27 15:19:58 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.04.27 15:20:00 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.29 11:37:28 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.11.10 11:52:34 | 000,000,408 | -H-- | C] () -- C:\Windows\Tasks\OptimizerProUpdaterTask{6263A61B-8152-43AA-91DD-D1FB79FDCCA3}.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Tools\System\Security\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.09.28 02:39:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\atidemgy.dll
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2012.04.27 20:45:32 | 000,000,362 | ---- | M] () -- C:\Users\YuT666\.jajuk_bootstrap.xml
[2012.04.29 12:18:03 | 000,000,867 | ---- | M] () -- C:\Users\YuT666\.recently-used.xbel
[2012.06.15 15:53:44 | 000,000,212 | ---- | M] () -- C:\Users\YuT666\.swfinfo
[2013.01.19 16:16:48 | 007,864,320 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT
[2013.01.19 16:16:48 | 000,262,144 | -HS- | M] () -- C:\Users\YuT666\ntuser.dat.LOG1
[2012.04.27 11:06:31 | 000,000,000 | -HS- | M] () -- C:\Users\YuT666\ntuser.dat.LOG2
[2012.04.27 11:37:53 | 000,065,536 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.04.27 11:37:53 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.04.27 11:37:53 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.01.06 00:04:01 | 000,065,536 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{7ce805f6-5735-11e2-bd37-001f1f746886}.TM.blf
[2013.01.06 00:04:01 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{7ce805f6-5735-11e2-bd37-001f1f746886}.TMContainer00000000000000000001.regtrans-ms
[2013.01.06 00:04:01 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{7ce805f6-5735-11e2-bd37-001f1f746886}.TMContainer00000000000000000002.regtrans-ms
[2012.04.27 11:06:31 | 000,000,020 | -HS- | M] () -- C:\Users\YuT666\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 19.01.2013 14:51:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\YuT666\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 54,13% Memory free
6,50 Gb Paging File | 4,89 Gb Available in Paging File | 75,34% Paging File free
Paging file location(s): i:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 10,51 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 177,87 Gb Total Space | 18,18 Gb Free Space | 10,22% Space Free | Partition Type: NTFS
Drive E: | 227,88 Gb Total Space | 19,60 Gb Free Space | 8,60% Space Free | Partition Type: NTFS
Drive F: | 170,01 Gb Total Space | 74,33 Gb Free Space | 43,72% Space Free | Partition Type: NTFS
Drive G: | 200,00 Gb Total Space | 112,07 Gb Free Space | 56,04% Space Free | Partition Type: NTFS
Drive H: | 65,76 Gb Total Space | 65,54 Gb Free Space | 99,67% Space Free | Partition Type: NTFS
Drive I: | 29,99 Gb Total Space | 26,62 Gb Free Space | 88,75% Space Free | Partition Type: NTFS
Drive O: | 1,86 Gb Total Space | 1,61 Gb Free Space | 86,22% Space Free | Partition Type: FAT32
 
Computer Name: YUT666-PC | User Name: YuT666 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TNCremo] -- C:\Tools\CNC\TNCremo\TNCremoNT.exe -w "%1" (DR. JOHANNES HEIDENHAIN GmbH)
Directory [TNCserver] -- C:\Tools\CNC\TNCremo\TNCserver.exe "%1" (DR. JOHANNES HEIDENHAIN GmbH)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Tools\Internet\FlashGet 3\FlashGet3.exe" = C:\Tools\Internet\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17050D8F-8942-4893-849D-8918FF7BDA7A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1941F0FC-B24A-4E97-A5C3-C0823777B919}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2E2C8541-2F12-4469-812C-0870BDD806A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47A81665-1336-4B93-85E9-4C607A6F68CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4F25FF83-4867-4215-B4F7-4B1AC4C37BC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{500A4944-0B61-4A0D-A5CB-3CD1A58BD2DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50A93EF8-7318-449F-8AF1-2B6291369B33}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6712B8C2-EC46-4766-A106-AB182C5922CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77BC10D9-8A26-498E-96D3-C767D794A8D2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7C48D365-4A98-442A-8C2A-7DDFAC81CFAD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7C9501BC-3B1A-4BFF-A16D-D22E99810663}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{82BE3E49-9939-4B06-B477-EB8070D876E6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8F9F594A-9DCA-4A82-B878-39753F37D7A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{957E5C50-36D4-47C7-9A61-8BA9B7CE4C39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A640F20A-608E-4FCC-A168-A790F3ED8095}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A95D8C2C-3D11-476E-8924-8653D75E83CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BB3CA46A-A76B-43D2-9416-141189FE075E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BDD952C2-5077-43E7-ACCD-BEDEF458A3E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2F52610-6BB9-46E0-AC79-AC0752DA7A95}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C6B24557-4C00-43B3-BF18-8B8BC9830486}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E64AE0C8-E227-4BC4-90DC-6EFF7B43B826}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA018113-4995-47AB-BABA-E97187C9F313}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF942EC5-764B-4432-81D0-5F18A9F00D38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F4EC4266-1E83-4F78-AF0C-D2B9A93A6FFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7478F5F-463F-4A46-AE05-CA0D92DC832C}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050B066A-032F-4B63-B1BC-4FF527B9FF4D}" = protocol=6 | dir=in | app=f:\grand theft auto iv\gtaiv.exe | 
"{0780131C-5E89-4346-AEF8-63520A15E0C9}" = protocol=17 | dir=in | app=f:\anno 2070\autopatcher.exe | 
"{0BA3C067-E8C6-4756-BE4C-B38441E8C788}" = protocol=6 | dir=in | app=f:\crysis\bin32\crysis.exe | 
"{0C319DD3-7235-42E3-AFCF-6975B90D3237}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{0E24332B-0F54-4BC5-B54A-602E2B39015F}" = protocol=6 | dir=in | app=f:\grand theft auto iv\launchgtaiv.exe | 
"{0F4F8CBD-FEF4-4EDF-8941-DF26854144F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11D627EB-AE8B-40A9-987B-62318F122BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{138256F6-8271-4735-8962-BB371FD01410}" = protocol=6 | dir=in | app=f:\anno 2070\autopatcher.exe | 
"{173182FA-2A90-4A56-BD01-F2C17756788D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A1EDDF1-6613-4C1E-BB56-75F6ACBA65A0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\flatout ultimate carnage\launcher.exe | 
"{1B296A30-7097-4F92-9DAD-FD76C2FC4924}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{1E0C5BB5-10F8-4C67-8324-7CB2E01FA0C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{202CBF28-8DA9-41E4-8924-1E5308A91ED9}" = protocol=6 | dir=in | app=f:\stronghold legends\strongholdlegends.exe | 
"{222EBA8A-0435-4701-8756-47E8FB5531B7}" = protocol=6 | dir=out | app=system | 
"{236031B9-C809-41A9-9355-6DDCFCEB5A47}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{24024999-1BC0-45FC-B8AD-D86ABAFFD472}" = protocol=6 | dir=in | app=f:\anno 2070\initengine.exe | 
"{2696187F-4BE6-4CA3-BED7-F290FB795D59}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\aliens versus predator classic\avp_classic.exe | 
"{2977D3DB-25EA-4438-9FB3-DF9266FFA4AE}" = protocol=17 | dir=in | app=f:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{29DAF31D-3AEE-447B-88EE-36C706B8AC90}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{2B0506F9-A28E-437A-964E-DEBDF1AAFB69}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\aliens versus predator classic\avp_classic.exe | 
"{2FE555E4-5E0D-45A5-A017-0DC2AD317E4D}" = protocol=17 | dir=in | app=f:\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{38963E3E-6BA0-4696-8627-B3E3788AF9FA}" = protocol=17 | dir=in | app=f:\anno 2070\initengine.exe | 
"{39A49FBF-0270-4A9F-AB96-63FCA3CC6771}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{39F7326D-CFCC-4E2A-8B4E-F7AF4CC39AD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CD69AD2-DA24-4E11-9439-9A23CBFA804D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{43DE5A73-6B1F-43C1-B777-92007ED7103A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4625E41E-6ECB-49DB-9F4F-8E12D1FC52C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{479D38D8-BC4F-404B-947D-F7EB4DBCF701}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{48964CFE-B774-4DC0-85BB-70FCBCC814C7}" = protocol=6 | dir=in | app=f:\anno 2070\anno5.exe | 
"{4AA3F194-DE8B-4BC1-B5D1-C9A519A1F82F}" = protocol=6 | dir=in | app=f:\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{4B505131-5E58-40BC-BE83-089BC8AE8EC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4B89AB06-F6F0-4DC7-A197-EB3CC8FF6CF2}" = protocol=6 | dir=in | app=f:\tom clancy's h.a.w.x\hawx.exe | 
"{4EB3C91A-03B4-4D43-8B11-81E258FF0AD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52396B40-E58B-4A8F-BFD6-3E104E601D5D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\flatout ultimate carnage\launcher.exe | 
"{5DEEC7E9-A94D-422C-BB90-9173F703417D}" = protocol=17 | dir=in | app=f:\anno 2070\anno5.exe | 
"{62F6C6A4-6C66-4FD4-9B44-4D93222376AE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | 
"{66659ACF-762D-4876-BC14-A625F2A85F42}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{6B53B46E-000F-42D4-A8AF-0E76E9E23E5E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{719CFA65-CA7D-4E50-B193-1BDE5CD352D5}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\stalker clear sky\bin\xrengine.exe | 
"{8F9E9345-0DEA-4CA1-ADCA-95089B0F6863}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe | 
"{90A525E3-D223-4328-9D43-397071B8C9D6}" = dir=in | app=c:\users\yut666\appdata\local\microsoft\skydrive\skydrive.exe | 
"{923AD8E3-4516-4B00-88D3-740DDF44EEAE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{95D2B8EF-5638-471E-8A82-2F9E8A57B574}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{95E860E6-1042-4721-9566-2498664E4E33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9668EE34-1178-421A-BD54-2C72FC6BA3E6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9A39FD85-A3D1-4752-93BE-B008CF1234E9}" = protocol=17 | dir=in | app=f:\tom clancy's h.a.w.x\hawx.exe | 
"{9D8683CD-F632-4C72-AD2D-34763EF87210}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{A1C02604-11B4-4747-88C5-05C52BF5B283}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A2961EAB-15AE-4705-9D7B-831EFF7F471A}" = protocol=17 | dir=in | app=f:\stronghold legends\strongholdlegends.exe | 
"{A81580BC-D09F-4414-9764-2B3252DF4DD8}" = protocol=6 | dir=in | app=f:\crysis\bin32\crysisdedicatedserver.exe | 
"{AA2BAEAB-5D3C-4119-A683-66A9EA8A4EAB}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{ABAE9F60-B197-44A3-8A99-9E1A7B51B6EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AEC7CB68-3F45-4CCF-A3D3-7F9025128F4D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{B84F61D0-DBF2-4091-B0A3-649028BA02E7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\alien swarm\swarm.exe | 
"{C4408D79-33D6-4183-BA21-F0AD3E27548D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4F76B44-10F5-4B6B-94DF-CF8F357C8C42}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe | 
"{CA9A2041-96AF-4AAE-A313-DD0C65C24FFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE0F719B-F14A-4972-BC53-409114D6B0EC}" = protocol=6 | dir=in | app=f:\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{D1B7D94C-4897-46DD-9B38-29423EB2F60A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\alien swarm\swarm.exe | 
"{D3980980-D4AC-466C-969C-452D155F471D}" = protocol=17 | dir=in | app=f:\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{D51BA1B3-F450-4C9D-B468-6F9A6553F51B}" = protocol=6 | dir=in | app=f:\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{DB147C95-6BA3-427A-9A10-9764D749E42E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{E02B660F-2CEB-40D1-BA8D-D63EECA7CD86}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{E08F48A3-6CF1-4E40-A44E-6CBA8191AEB7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\stalker clear sky\bin\xrengine.exe | 
"{E35529F0-C94A-4732-8611-F845AD7E09EE}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{EA4A4CDE-6E43-4CDB-9938-4C5065B2B4C6}" = protocol=17 | dir=in | app=f:\crysis\bin32\crysisdedicatedserver.exe | 
"{F18D08A7-D2F4-4484-A0FF-FAF9D4E991F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F27CEBB2-D90E-42C3-9057-59F506F8536A}" = protocol=17 | dir=in | app=f:\grand theft auto iv\gtaiv.exe | 
"{F2E7E1F5-6F9D-41A7-AB2D-66125F4057DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F3AD664F-02D1-41F1-B56E-3003722581F3}" = protocol=17 | dir=in | app=f:\crysis\bin32\crysis.exe | 
"{F47302E3-267A-43A9-B1C1-C8944C6701B7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | 
"{F59C56BD-FA01-476F-A88E-0D9AB3306D32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA1192DE-B448-4326-A055-08173783D14A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{FD5AE02E-2352-4E24-8F3C-A75A1CBA8856}" = protocol=17 | dir=in | app=f:\grand theft auto iv\launchgtaiv.exe | 
"TCP Query User{0058429A-D71C-4DB8-9B23-2AFBA358767D}C:\tools\cnc\itnc530\sys\bin\ext.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\ext.exe | 
"TCP Query User{08208DF5-DD90-436E-B4E2-3AAA85FE0A7F}C:\tools\cnc\itnc530\sys\bin\regel.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\regel.exe | 
"TCP Query User{0EF63B95-CB01-4C06-9366-4C5543745113}F:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{0FF1ECF2-DA12-4EE2-B7E7-E783FF497580}C:\tools\internet\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | 
"TCP Query User{13ED96AE-EE6E-405A-ADE5-EE1C800AB5C0}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
"TCP Query User{218894DC-5709-4652-BB48-D60EA250E1BE}C:\tools\cnc\itnc530\sys\bin\geo.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\geo.exe | 
"TCP Query User{43EB4DBA-289D-4C30-A2AF-F25011319EBD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5315171F-927A-430B-92F4-D2DEEFEC60A2}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe" = protocol=6 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe | 
"TCP Query User{57B690B0-3671-440A-A4DB-185E710653B5}C:\tools\cnc\sscnc\server\sshttp.exe" = protocol=6 | dir=in | app=c:\tools\cnc\sscnc\server\sshttp.exe | 
"TCP Query User{58220C87-B887-4B46-B6FA-F5451F5ABB70}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{7B3202E5-3125-4E1F-9BE2-BFCA697AC894}C:\tools\cnc\sscnc\server\sscncsrv.exe" = protocol=6 | dir=in | app=c:\tools\cnc\sscnc\server\sscncsrv.exe | 
"TCP Query User{9DFB57EC-D127-4F74-ADEB-57A73176D068}C:\tools\cnc\itnc530\xwin\bin\xwin.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\xwin\bin\xwin.exe | 
"TCP Query User{9FED7081-F215-4B09-8A05-E88C6FCBD1B1}C:\Program Files\Java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{AB658A23-8000-4C0C-841C-17B5C227DA01}C:\tools\internet\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | 
"TCP Query User{B1E268A1-557E-4754-A11E-C087523A0A76}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C4742F8B-22BD-42EB-B445-E01186BA0DF4}C:\tools\cnc\itnc530\sys\bin\plc.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\plc.exe | 
"TCP Query User{E46E9F29-97B6-4C24-BCCD-79AA2FF20201}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe | 
"TCP Query User{EA8783B8-4389-4D15-8B44-EEEFE2372861}G:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"TCP Query User{F69E1B6C-E8AF-4789-822B-989CAED50FBB}C:\tools\cnc\sscnc\server\ssftp.exe" = protocol=6 | dir=in | app=c:\tools\cnc\sscnc\server\ssftp.exe | 
"UDP Query User{0F1CA0E2-BF82-4D50-B8BC-958CF17A7656}F:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{1C3C90DB-7FF6-4B11-B6F6-160F87080740}C:\tools\cnc\itnc530\sys\bin\plc.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\plc.exe | 
"UDP Query User{1C4AF434-8AF7-40EA-9E11-4EB1BFB5515D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{37D6ECD9-827E-4A5B-866A-3FD15AD35688}C:\Program Files\Java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{4D098172-9BCB-4EE5-8E95-57A494C7165B}C:\tools\cnc\itnc530\xwin\bin\xwin.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\xwin\bin\xwin.exe | 
"UDP Query User{5D6FABEE-58F9-4437-9803-3FAAC8DC4FEF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{60307A55-2738-4B3C-A59A-4EC3EA9843A1}C:\tools\cnc\sscnc\server\sscncsrv.exe" = protocol=17 | dir=in | app=c:\tools\cnc\sscnc\server\sscncsrv.exe | 
"UDP Query User{84F3A718-CA3D-40D0-9680-2044F8589814}C:\tools\cnc\sscnc\server\ssftp.exe" = protocol=17 | dir=in | app=c:\tools\cnc\sscnc\server\ssftp.exe | 
"UDP Query User{986FF2A7-9D37-4E1E-B558-2380509B90C8}C:\tools\internet\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | 
"UDP Query User{A5DACD91-5EBD-48FA-A28D-E86037BF4A49}C:\tools\cnc\sscnc\server\sshttp.exe" = protocol=17 | dir=in | app=c:\tools\cnc\sscnc\server\sshttp.exe | 
"UDP Query User{B6283601-60B7-413D-98DA-F95AC636D4D4}C:\tools\cnc\itnc530\sys\bin\ext.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\ext.exe | 
"UDP Query User{C6376DCC-D1BA-47F2-A8E6-BEAD79F0851D}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe" = protocol=17 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe | 
"UDP Query User{C7A2C5FA-5061-45C8-990E-BC872174E614}C:\tools\cnc\itnc530\sys\bin\geo.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\geo.exe | 
"UDP Query User{CB929F9D-8510-4672-A778-2953205C1D19}G:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"UDP Query User{D4A7D45E-79AC-41B5-A111-A3CDC1314936}C:\tools\internet\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | 
"UDP Query User{E021CC2B-89CE-4A97-93EC-22C63B5F1DC8}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{E2BDC2E8-D531-4827-8FE6-58AE118CB09A}C:\tools\cnc\itnc530\sys\bin\regel.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\regel.exe | 
"UDP Query User{E90B6AEC-A1F9-41A5-9737-716338EB00CD}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe | 
"UDP Query User{EB77801D-5194-48B8-AAA6-473CC79B9DA6}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E31D9A6-245B-41A6-949D-C7B029A703D2}" = iTNC530 (340494)
"{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1" = Aurora 3D Text & Logo Maker version 11.12.22
"{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{74852D78-260B-0612-89EE-D414414CFF60}" = GameFly
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{832BB2A2-F100-4CFE-8D8B-C1A143B8B6B6}_is1" = Condemned - Criminal Origins
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1" = Cryostasis (Remove Only)
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD6518A-539D-8E0D-2C72-E51A62978096}" = AMD Drag and Drop Transcoding
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64240FF-9C31-4858-AE9D-65483C5DE63A}" = Living Hell Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0D7FF19-F218-4783-B79F-01CD1EF19900}" = VPNAutoconnect
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D344E559-FA0B-44EC-AAD5-1BD6D464C5E2}" = TNCremo
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1" = ArcaniA - Gothic 4 Patch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FA042EF2-5103-2F7E-C313-976C6F761EBE}" = AMD Fuel
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aomei Dynamic Disk Manager Home Edition_is1" = Aomei Dynamic Disk Manager Home Edition
"ArcaniA" = ArcaniA - Gothic 4
"avast" = avast! Free Antivirus
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 6.0.0.0
"BurnAware Free_is1" = BurnAware Free 4.8
"CdCoverCreator" = CdCoverCreator 2.5.3
"DATAPILOT 4110 V642" = DataPilot 4110 (362834-05)
"DesktopIconAmazon" = Desktop Icon für Amazon
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"FlashGet3.7" = FlashGet3.7
"Free Audio Converter_is1" = Free Audio Converter version 5.0.20.1031
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"GameFly" = GameFly
"GearGrinder_is1" = GearGrinder
"Glary Utilities_is1" = Glary Utilities 2.47.0.1539
"Google Chrome" = Google Chrome
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"HD Tune_is1" = HD Tune 2.55
"HDD Capacity Restore_is1" = HDD Capacity Restore 1.2
"ImgBurn" = ImgBurn
"Jaangle music management" = Jaangle music management
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Outcast_is1" = Outcast
"Recuva" = Recuva
"Software Update" = Software Update 1.2.0.172
"Steam App 12360" = FlatOut: Ultimate Carnage
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 22370" = Fallout 3 - Game of the Year Edition
"Steam App 22380" = Fallout: New Vegas
"Steam App 50130" = Mafia II
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57900" = Duke Nukem Forever
"Swansoft CNC Simulator" = Swansoft CNC Simulator 6.8.0.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"Wildlife Park 3_is1" = Wildlife Park 3 v1.09
"WinGimp-2.0_is1" = GIMP 2.6.12-2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"Zombie Driver" = Zombie Driver 1.2.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Living Hell Light" = Living Hell Light
"PhotoFiltre" = PhotoFiltre
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.01.2013 11:38:33 | Computer Name = YuT666-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1131,
 Zeitstempel: 0x5064ffa2  Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1131,
 Zeitstempel: 0x5064ffa2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000181fa  ID des fehlerhaften
 Prozesses: 0x111c  Startzeit der fehlerhaften Anwendung: 0x01cdf3365f995533  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\atieclxx.exe  Berichtskennung: 9e38ac6f-5f29-11e2-954d-d33f135cc3c8
 
Error - 16.01.2013 03:41:02 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.01.2013 05:35:05 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.01.2013 08:36:23 | Computer Name = YuT666-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Tools\System\Security\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Tools\System\Security\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 18.01.2013 03:01:24 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.01.2013 04:33:23 | Computer Name = YuT666-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Tools\System\Security\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Tools\System\Security\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 18.01.2013 07:08:06 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.01.2013 13:21:01 | Computer Name = YuT666-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Banking.exe, Version: 6.9.3.3, Zeitstempel:
 0x4f86ba74  Name des fehlerhaften Moduls: HAUPTA~1.OCX, Version: 6.9.3.2, Zeitstempel:
 0x4f46317d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000067fa  ID des fehlerhaften Prozesses:
 0x16a0  Startzeit der fehlerhaften Anwendung: 0x01cdf5a0205e9483  Pfad der fehlerhaften
 Anwendung: C:\Tools\Office\T-Online Banking\Banking.exe  Pfad des fehlerhaften Moduls:
 C:\Tools\Office\T-ONLI~1\HAUPTA~1.OCX  Berichtskennung: 6db60e0e-6193-11e2-8c06-f635a10d71f8
 
Error - 19.01.2013 04:13:43 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.01.2013 06:08:32 | Computer Name = YuT666-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: aswWebRepIE.dll, Version: 
7.0.1474.765, Zeitstempel: 0x50905939  Ausnahmecode: 0x40000015  Fehleroffset: 0x0001b14c
ID
 des fehlerhaften Prozesses: 0xaa4  Startzeit der fehlerhaften Anwendung: 0x01cdf62cec9f5c30
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Tools\System\Security\Avast\aswWebRepIE.dll  Berichtskennung:
 2d40dca7-6220-11e2-825e-bb03081995f7
 
[ System Events ]
Error - 16.09.2012 11:59:50 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.09.2012 01:35:25 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.09.2012 02:35:22 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.09.2012 02:23:17 | Computer Name = YuT666-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.09.2012 12:41:10 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.09.2012 04:29:20 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 30.09.2012 09:48:49 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.10.2012 05:24:57 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 03.10.2012 05:37:36 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 04.10.2012 03:19:26 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
__________________

Alt 19.01.2013, 16:33   #4
markusg
/// Malware-holic
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.01.2013, 16:43   #5
YuT666
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Code:
ATTFilter
16:41:42.0041 1680  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:41:42.0415 1680  ============================================================
16:41:42.0415 1680  Current date / time: 2013/01/19 16:41:42.0415
16:41:42.0415 1680  SystemInfo:
16:41:42.0415 1680  
16:41:42.0415 1680  OS Version: 6.1.7601 ServicePack: 1.0
16:41:42.0415 1680  Product type: Workstation
16:41:42.0415 1680  ComputerName: YUT666-PC
16:41:42.0415 1680  UserName: YuT666
16:41:42.0415 1680  Windows directory: C:\Windows
16:41:42.0415 1680  System windows directory: C:\Windows
16:41:42.0415 1680  Processor architecture: Intel x86
16:41:42.0415 1680  Number of processors: 4
16:41:42.0415 1680  Page size: 0x1000
16:41:42.0415 1680  Boot type: Normal boot
16:41:42.0415 1680  ============================================================
16:41:43.0632 1680  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:41:43.0647 1680  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:41:43.0663 1680  ============================================================
16:41:43.0663 1680  \Device\Harddisk0\DR0:
16:41:43.0663 1680  MBR partitions:
16:41:43.0663 1680  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A
16:41:43.0679 1680  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x163BF975
16:41:43.0694 1680  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DBC194C, BlocksNum 0x1C7C32F5
16:41:43.0694 1680  \Device\Harddisk1\DR1:
16:41:43.0694 1680  MBR partitions:
16:41:43.0694 1680  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BFB14C
16:41:43.0694 1680  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3BFF048, BlocksNum 0x15403975
16:41:43.0710 1680  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x190029FC, BlocksNum 0x18FFEABD
16:41:43.0725 1680  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x320014F8, BlocksNum 0x8383749
16:41:43.0725 1680  ============================================================
16:41:43.0725 1680  C: <-> \Device\Harddisk0\DR0\Partition1
16:41:43.0757 1680  D: <-> \Device\Harddisk0\DR0\Partition2
16:41:43.0788 1680  E: <-> \Device\Harddisk0\DR0\Partition3
16:41:43.0788 1680  G: <-> \Device\Harddisk1\DR1\Partition3
16:41:43.0819 1680  H: <-> \Device\Harddisk1\DR1\Partition4
16:41:43.0850 1680  F: <-> \Device\Harddisk1\DR1\Partition2
16:41:43.0866 1680  I: <-> \Device\Harddisk1\DR1\Partition1
16:41:43.0866 1680  ============================================================
16:41:43.0866 1680  Initialize success
16:41:43.0866 1680  ============================================================
16:42:14.0395 1772  ============================================================
16:42:14.0395 1772  Scan started
16:42:14.0395 1772  Mode: Manual; SigCheck; TDLFS; 
16:42:14.0395 1772  ============================================================
16:42:15.0128 1772  ================ Scan system memory ========================
16:42:15.0128 1772  System memory - ok
16:42:15.0128 1772  ================ Scan services =============================
16:42:15.0269 1772  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:42:15.0393 1772  1394ohci - ok
16:42:15.0409 1772  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:42:15.0425 1772  ACPI - ok
16:42:15.0440 1772  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:42:15.0471 1772  AcpiPmi - ok
16:42:15.0518 1772  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:42:15.0549 1772  AdobeFlashPlayerUpdateSvc - ok
16:42:15.0581 1772  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:42:15.0596 1772  adp94xx - ok
16:42:15.0612 1772  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:42:15.0627 1772  adpahci - ok
16:42:15.0643 1772  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:42:15.0659 1772  adpu320 - ok
16:42:15.0690 1772  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:42:15.0721 1772  AeLookupSvc - ok
16:42:15.0768 1772  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:42:15.0815 1772  AFD - ok
16:42:15.0830 1772  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:42:15.0861 1772  agp440 - ok
16:42:15.0877 1772  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:42:15.0893 1772  aic78xx - ok
16:42:15.0939 1772  [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
16:42:15.0971 1772  akshasp - ok
16:42:16.0002 1772  [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
16:42:16.0033 1772  aksusb - ok
16:42:16.0064 1772  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:42:16.0095 1772  ALG - ok
16:42:16.0111 1772  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:42:16.0142 1772  aliide - ok
16:42:16.0189 1772  [ E608D708EFE1F8AE7160DB7C0DE4D8E6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:42:16.0236 1772  AMD External Events Utility - ok
16:42:16.0329 1772  AMD FUEL Service - ok
16:42:16.0345 1772  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:42:16.0361 1772  amdagp - ok
16:42:16.0376 1772  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:42:16.0392 1772  amdide - ok
16:42:16.0423 1772  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
16:42:16.0439 1772  amdiox86 - ok
16:42:16.0470 1772  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:42:16.0501 1772  AmdK8 - ok
16:42:16.0719 1772  [ F611C341A8B0926D6C2D6417464BD11E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:42:16.0829 1772  amdkmdag - ok
16:42:16.0860 1772  [ C08F6E9987D2AACFF9653ADB30C4DA3D ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:42:16.0891 1772  amdkmdap - ok
16:42:16.0938 1772  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\Windows\system32\DRIVERS\AmdLLD.sys
16:42:16.0969 1772  AmdLLD - ok
16:42:16.0985 1772  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:42:17.0016 1772  AmdPPM - ok
16:42:17.0047 1772  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:42:17.0063 1772  amdsata - ok
16:42:17.0094 1772  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:42:17.0109 1772  amdsbs - ok
16:42:17.0125 1772  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:42:17.0141 1772  amdxata - ok
16:42:17.0172 1772  [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb      C:\Windows\system32\Drivers\androidusb.sys
16:42:17.0187 1772  androidusb - ok
16:42:17.0234 1772  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
16:42:17.0250 1772  AODDriver4.2 - ok
16:42:17.0265 1772  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:42:17.0328 1772  AppID - ok
16:42:17.0359 1772  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:42:17.0421 1772  AppIDSvc - ok
16:42:17.0437 1772  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:42:17.0484 1772  Appinfo - ok
16:42:17.0499 1772  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:42:17.0531 1772  AppMgmt - ok
16:42:17.0562 1772  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
16:42:17.0577 1772  arc - ok
16:42:17.0593 1772  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:42:17.0609 1772  arcsas - ok
16:42:17.0640 1772  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:42:17.0640 1772  aswFsBlk - ok
16:42:17.0687 1772  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:42:17.0702 1772  aswMonFlt - ok
16:42:17.0718 1772  [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
16:42:17.0733 1772  aswRdr - ok
16:42:17.0749 1772  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:42:17.0765 1772  aswSnx - ok
16:42:17.0796 1772  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:42:17.0811 1772  aswSP - ok
16:42:17.0811 1772  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:42:17.0827 1772  aswTdi - ok
16:42:17.0843 1772  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:42:17.0889 1772  AsyncMac - ok
16:42:17.0905 1772  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:42:17.0921 1772  atapi - ok
16:42:17.0967 1772  [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
16:42:17.0983 1772  AtiHDAudioService - ok
16:42:18.0030 1772  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:42:18.0077 1772  AudioEndpointBuilder - ok
16:42:18.0092 1772  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:42:18.0123 1772  Audiosrv - ok
16:42:18.0217 1772  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Tools\System\Security\Avast\AvastSvc.exe
16:42:18.0233 1772  avast! Antivirus - ok
16:42:18.0264 1772  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:42:18.0311 1772  AxInstSV - ok
16:42:18.0357 1772  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
16:42:18.0389 1772  b06bdrv - ok
16:42:18.0404 1772  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:42:18.0435 1772  b57nd60x - ok
16:42:18.0451 1772  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:42:18.0482 1772  BDESVC - ok
16:42:18.0498 1772  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:42:18.0545 1772  Beep - ok
16:42:18.0576 1772  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:42:18.0654 1772  BFE - ok
16:42:18.0685 1772  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:42:18.0732 1772  BITS - ok
16:42:18.0747 1772  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:42:18.0763 1772  blbdrive - ok
16:42:18.0794 1772  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:42:18.0825 1772  bowser - ok
16:42:18.0841 1772  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:42:18.0872 1772  BrFiltLo - ok
16:42:18.0888 1772  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:42:18.0935 1772  BrFiltUp - ok
16:42:18.0966 1772  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:42:18.0981 1772  Browser - ok
16:42:18.0997 1772  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:42:19.0028 1772  Brserid - ok
16:42:19.0028 1772  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:42:19.0044 1772  BrSerWdm - ok
16:42:19.0059 1772  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:42:19.0091 1772  BrUsbMdm - ok
16:42:19.0106 1772  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:42:19.0137 1772  BrUsbSer - ok
16:42:19.0169 1772  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:42:19.0200 1772  BthEnum - ok
16:42:19.0215 1772  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:42:19.0262 1772  BTHMODEM - ok
16:42:19.0278 1772  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:42:19.0293 1772  BthPan - ok
16:42:19.0371 1772  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:42:19.0403 1772  BTHPORT - ok
16:42:19.0434 1772  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:42:19.0465 1772  bthserv - ok
16:42:19.0481 1772  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:42:19.0512 1772  BTHUSB - ok
16:42:19.0527 1772  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:42:19.0574 1772  cdfs - ok
16:42:19.0590 1772  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:42:19.0621 1772  cdrom - ok
16:42:19.0637 1772  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:42:19.0683 1772  CertPropSvc - ok
16:42:19.0699 1772  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:42:19.0715 1772  circlass - ok
16:42:19.0730 1772  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:42:19.0746 1772  CLFS - ok
16:42:19.0824 1772  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:42:19.0839 1772  clr_optimization_v2.0.50727_32 - ok
16:42:19.0917 1772  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:42:19.0949 1772  clr_optimization_v4.0.30319_32 - ok
16:42:19.0964 1772  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:42:19.0980 1772  CmBatt - ok
16:42:19.0995 1772  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:42:20.0011 1772  cmdide - ok
16:42:20.0042 1772  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:42:20.0073 1772  CNG - ok
16:42:20.0073 1772  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:42:20.0089 1772  Compbatt - ok
16:42:20.0120 1772  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:42:20.0136 1772  CompositeBus - ok
16:42:20.0151 1772  COMSysApp - ok
16:42:20.0198 1772  cpuz135 - ok
16:42:20.0214 1772  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:42:20.0229 1772  crcdisk - ok
16:42:20.0261 1772  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:42:20.0292 1772  CryptSvc - ok
16:42:20.0323 1772  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
16:42:20.0339 1772  CSC - ok
16:42:20.0385 1772  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
16:42:20.0417 1772  CscService - ok
16:42:20.0448 1772  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:42:20.0479 1772  DcomLaunch - ok
16:42:20.0510 1772  [ 7F75C697F0947FFB7E2B1B91395206A1 ] ddmdrv          C:\Windows\system32\ddmdrv.sys
16:42:20.0526 1772  ddmdrv - ok
16:42:20.0557 1772  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:42:20.0588 1772  defragsvc - ok
16:42:20.0604 1772  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:42:20.0635 1772  DfsC - ok
16:42:20.0666 1772  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:42:20.0697 1772  Dhcp - ok
16:42:20.0713 1772  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:42:20.0744 1772  discache - ok
16:42:20.0791 1772  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
16:42:20.0807 1772  Disk - ok
16:42:20.0838 1772  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
16:42:20.0853 1772  dmvsc - ok
16:42:20.0885 1772  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:42:20.0916 1772  Dnscache - ok
16:42:20.0931 1772  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:42:20.0978 1772  dot3svc - ok
16:42:20.0994 1772  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:42:21.0025 1772  DPS - ok
16:42:21.0041 1772  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:42:21.0056 1772  drmkaud - ok
16:42:21.0087 1772  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:42:21.0119 1772  DXGKrnl - ok
16:42:21.0134 1772  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:42:21.0181 1772  EapHost - ok
16:42:21.0275 1772  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
16:42:21.0337 1772  ebdrv - ok
16:42:21.0353 1772  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:42:21.0384 1772  EFS - ok
16:42:21.0431 1772  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:42:21.0477 1772  ehRecvr - ok
16:42:21.0477 1772  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:42:21.0509 1772  ehSched - ok
16:42:21.0540 1772  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:42:21.0555 1772  elxstor - ok
16:42:21.0602 1772  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
16:42:21.0618 1772  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
16:42:21.0618 1772  epmntdrv - detected UnsignedFile.Multi.Generic (1)
16:42:21.0633 1772  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:42:21.0665 1772  ErrDev - ok
16:42:21.0727 1772  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
16:42:21.0743 1772  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
16:42:21.0743 1772  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
16:42:21.0774 1772  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:42:21.0836 1772  EventSystem - ok
16:42:21.0852 1772  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:42:21.0883 1772  exfat - ok
16:42:21.0899 1772  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:42:21.0930 1772  fastfat - ok
16:42:21.0961 1772  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:42:21.0992 1772  Fax - ok
16:42:22.0023 1772  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
16:42:22.0023 1772  fdc - ok
16:42:22.0039 1772  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:42:22.0070 1772  fdPHost - ok
16:42:22.0086 1772  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:42:22.0117 1772  FDResPub - ok
16:42:22.0133 1772  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:42:22.0133 1772  FileInfo - ok
16:42:22.0148 1772  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:42:22.0179 1772  Filetrace - ok
16:42:22.0195 1772  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:42:22.0211 1772  flpydisk - ok
16:42:22.0242 1772  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:42:22.0257 1772  FltMgr - ok
16:42:22.0273 1772  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache       C:\Windows\system32\FntCache.dll
16:42:22.0335 1772  FontCache - ok
16:42:22.0398 1772  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:42:22.0413 1772  FontCache3.0.0.0 - ok
16:42:22.0429 1772  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:42:22.0460 1772  FsDepends - ok
16:42:22.0491 1772  [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
16:42:22.0507 1772  fssfltr - ok
16:42:22.0616 1772  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:42:22.0694 1772  fsssvc - ok
16:42:22.0710 1772  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:42:22.0725 1772  Fs_Rec - ok
16:42:22.0788 1772  [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
16:42:22.0819 1772  Futuremark SystemInfo Service - ok
16:42:22.0850 1772  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:42:22.0881 1772  fvevol - ok
16:42:22.0897 1772  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:42:22.0913 1772  gagp30kx - ok
16:42:22.0944 1772  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:42:22.0991 1772  gpsvc - ok
16:42:23.0037 1772  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:42:23.0069 1772  gupdate - ok
16:42:23.0084 1772  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:42:23.0100 1772  gupdatem - ok
16:42:23.0147 1772  [ D95554949082FD29A04D351B58396718 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
16:42:23.0178 1772  Hardlock - ok
16:42:23.0193 1772  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:42:23.0225 1772  hcw85cir - ok
16:42:23.0256 1772  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:42:23.0271 1772  HdAudAddService - ok
16:42:23.0303 1772  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:42:23.0318 1772  HDAudBus - ok
16:42:23.0334 1772  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:42:23.0349 1772  HidBatt - ok
16:42:23.0365 1772  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:42:23.0396 1772  HidBth - ok
16:42:23.0412 1772  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:42:23.0443 1772  HidIr - ok
16:42:23.0459 1772  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:42:23.0490 1772  hidserv - ok
16:42:23.0521 1772  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:42:23.0537 1772  HidUsb - ok
16:42:23.0568 1772  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:42:23.0583 1772  hkmsvc - ok
16:42:23.0599 1772  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:42:23.0630 1772  HomeGroupListener - ok
16:42:23.0661 1772  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:42:23.0693 1772  HomeGroupProvider - ok
16:42:23.0708 1772  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:42:23.0724 1772  HpSAMD - ok
16:42:23.0739 1772  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:42:23.0771 1772  HTTP - ok
16:42:23.0786 1772  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:42:23.0802 1772  hwpolicy - ok
16:42:23.0802 1772  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:42:23.0833 1772  i8042prt - ok
16:42:23.0849 1772  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:42:23.0864 1772  iaStorV - ok
16:42:23.0927 1772  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:42:23.0973 1772  idsvc - ok
16:42:24.0005 1772  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:42:24.0036 1772  iirsp - ok
16:42:24.0083 1772  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:42:24.0145 1772  IKEEXT - ok
16:42:24.0176 1772  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:42:24.0176 1772  intelide - ok
16:42:24.0207 1772  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
16:42:24.0223 1772  intelppm - ok
16:42:24.0223 1772  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:42:24.0270 1772  IPBusEnum - ok
16:42:24.0270 1772  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:42:24.0301 1772  IpFilterDriver - ok
16:42:24.0317 1772  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:42:24.0379 1772  iphlpsvc - ok
16:42:24.0410 1772  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:42:24.0426 1772  IPMIDRV - ok
16:42:24.0473 1772  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:42:24.0504 1772  IPNAT - ok
16:42:24.0535 1772  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:42:24.0551 1772  IRENUM - ok
16:42:24.0582 1772  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:42:24.0582 1772  isapnp - ok
16:42:24.0613 1772  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:42:24.0629 1772  iScsiPrt - ok
16:42:24.0644 1772  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:42:24.0660 1772  kbdclass - ok
16:42:24.0675 1772  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:42:24.0691 1772  kbdhid - ok
16:42:24.0707 1772  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:42:24.0722 1772  KeyIso - ok
16:42:24.0769 1772  [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFilter      C:\Windows\System32\Drivers\KMWDFilter.SYS
16:42:24.0785 1772  KMWDFilter - ok
16:42:24.0816 1772  [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFILTERx86   C:\Windows\system32\DRIVERS\KMWDFILTER.sys
16:42:24.0831 1772  KMWDFILTERx86 - ok
16:42:24.0863 1772  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:42:24.0878 1772  KSecDD - ok
16:42:24.0894 1772  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:42:24.0909 1772  KSecPkg - ok
16:42:24.0941 1772  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:42:24.0972 1772  KtmRm - ok
16:42:25.0003 1772  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:42:25.0034 1772  LanmanServer - ok
16:42:25.0050 1772  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:42:25.0081 1772  LanmanWorkstation - ok
16:42:25.0097 1772  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:42:25.0143 1772  lltdio - ok
16:42:25.0159 1772  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:42:25.0190 1772  lltdsvc - ok
16:42:25.0206 1772  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:42:25.0237 1772  lmhosts - ok
16:42:25.0268 1772  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:42:25.0284 1772  LSI_FC - ok
16:42:25.0299 1772  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:42:25.0315 1772  LSI_SAS - ok
16:42:25.0331 1772  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:42:25.0346 1772  LSI_SAS2 - ok
16:42:25.0362 1772  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:42:25.0377 1772  LSI_SCSI - ok
16:42:25.0393 1772  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:42:25.0409 1772  luafv - ok
16:42:25.0440 1772  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:42:25.0455 1772  Mcx2Svc - ok
16:42:25.0471 1772  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:42:25.0487 1772  megasas - ok
16:42:25.0518 1772  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:42:25.0549 1772  MegaSR - ok
16:42:25.0565 1772  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:42:25.0596 1772  MMCSS - ok
16:42:25.0611 1772  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:42:25.0643 1772  Modem - ok
16:42:25.0674 1772  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:42:25.0689 1772  monitor - ok
16:42:25.0705 1772  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:42:25.0721 1772  mouclass - ok
16:42:25.0736 1772  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:42:25.0752 1772  mouhid - ok
16:42:25.0767 1772  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:42:25.0783 1772  mountmgr - ok
16:42:25.0845 1772  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:42:25.0877 1772  MozillaMaintenance - ok
16:42:25.0877 1772  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:42:25.0908 1772  mpio - ok
16:42:25.0923 1772  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:42:25.0970 1772  mpsdrv - ok
16:42:25.0986 1772  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:42:26.0048 1772  MpsSvc - ok
16:42:26.0079 1772  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:42:26.0095 1772  MRxDAV - ok
16:42:26.0157 1772  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:42:26.0173 1772  mrxsmb - ok
16:42:26.0220 1772  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:42:26.0251 1772  mrxsmb10 - ok
16:42:26.0267 1772  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:42:26.0282 1772  mrxsmb20 - ok
16:42:26.0298 1772  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:42:26.0313 1772  msahci - ok
16:42:26.0345 1772  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:42:26.0345 1772  msdsm - ok
16:42:26.0376 1772  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:42:26.0391 1772  MSDTC - ok
16:42:26.0423 1772  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:42:26.0454 1772  Msfs - ok
16:42:26.0469 1772  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:42:26.0485 1772  mshidkmdf - ok
16:42:26.0501 1772  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:42:26.0516 1772  msisadrv - ok
16:42:26.0547 1772  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:42:26.0579 1772  MSiSCSI - ok
16:42:26.0594 1772  msiserver - ok
16:42:26.0610 1772  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:42:26.0641 1772  MSKSSRV - ok
16:42:26.0657 1772  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:42:26.0703 1772  MSPCLOCK - ok
16:42:26.0719 1772  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:42:26.0750 1772  MSPQM - ok
16:42:26.0766 1772  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:42:26.0781 1772  MsRPC - ok
16:42:26.0797 1772  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:42:26.0813 1772  mssmbios - ok
16:42:26.0828 1772  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:42:26.0859 1772  MSTEE - ok
16:42:26.0875 1772  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:42:26.0891 1772  MTConfig - ok
16:42:26.0906 1772  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:42:26.0922 1772  Mup - ok
16:42:26.0953 1772  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:42:26.0984 1772  napagent - ok
16:42:27.0015 1772  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:42:27.0047 1772  NativeWifiP - ok
16:42:27.0062 1772  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:42:27.0093 1772  NDIS - ok
16:42:27.0109 1772  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:42:27.0140 1772  NdisCap - ok
16:42:27.0171 1772  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:42:27.0203 1772  NdisTapi - ok
16:42:27.0218 1772  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:42:27.0249 1772  Ndisuio - ok
16:42:27.0265 1772  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:42:27.0296 1772  NdisWan - ok
16:42:27.0312 1772  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:42:27.0343 1772  NDProxy - ok
16:42:27.0359 1772  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:42:27.0390 1772  NetBIOS - ok
16:42:27.0405 1772  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:42:27.0452 1772  NetBT - ok
16:42:27.0468 1772  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:42:27.0483 1772  Netlogon - ok
16:42:27.0530 1772  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:42:27.0577 1772  Netman - ok
16:42:27.0593 1772  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:42:27.0639 1772  netprofm - ok
16:42:27.0671 1772  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
16:42:27.0702 1772  netr28u - ok
16:42:27.0733 1772  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:42:27.0749 1772  NetTcpPortSharing - ok
16:42:27.0749 1772  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:42:27.0764 1772  nfrd960 - ok
16:42:27.0780 1772  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:42:27.0827 1772  NlaSvc - ok
16:42:27.0842 1772  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:42:27.0858 1772  Npfs - ok
16:42:27.0873 1772  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:42:27.0905 1772  nsi - ok
16:42:27.0905 1772  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:42:27.0936 1772  nsiproxy - ok
16:42:27.0983 1772  [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:42:28.0014 1772  Ntfs - ok
16:42:28.0029 1772  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:42:28.0076 1772  Null - ok
16:42:28.0092 1772  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:42:28.0123 1772  nvraid - ok
16:42:28.0139 1772  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:42:28.0154 1772  nvstor - ok
16:42:28.0154 1772  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:42:28.0170 1772  nv_agp - ok
16:42:28.0185 1772  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:42:28.0217 1772  ohci1394 - ok
16:42:28.0232 1772  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:42:28.0279 1772  p2pimsvc - ok
16:42:28.0295 1772  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:42:28.0326 1772  p2psvc - ok
16:42:28.0357 1772  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
16:42:28.0357 1772  Parport - ok
16:42:28.0388 1772  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:42:28.0404 1772  partmgr - ok
16:42:28.0404 1772  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:42:28.0419 1772  Parvdm - ok
16:42:28.0435 1772  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:42:28.0466 1772  PcaSvc - ok
16:42:28.0466 1772  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:42:28.0482 1772  pci - ok
16:42:28.0497 1772  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:42:28.0513 1772  pciide - ok
16:42:28.0529 1772  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:42:28.0544 1772  pcmcia - ok
16:42:28.0560 1772  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:42:28.0575 1772  pcw - ok
16:42:28.0607 1772  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:42:28.0653 1772  PEAUTH - ok
16:42:28.0685 1772  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:42:28.0731 1772  PeerDistSvc - ok
16:42:28.0778 1772  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:42:28.0841 1772  pla - ok
16:42:28.0872 1772  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:42:28.0903 1772  PlugPlay - ok
16:42:28.0919 1772  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:42:28.0934 1772  PNRPAutoReg - ok
16:42:28.0965 1772  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:42:28.0981 1772  PNRPsvc - ok
16:42:29.0012 1772  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:42:29.0043 1772  PolicyAgent - ok
16:42:29.0075 1772  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:42:29.0121 1772  Power - ok
16:42:29.0137 1772  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:42:29.0184 1772  PptpMiniport - ok
16:42:29.0199 1772  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
16:42:29.0231 1772  Processor - ok
16:42:29.0262 1772  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:42:29.0293 1772  ProfSvc - ok
16:42:29.0293 1772  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:42:29.0324 1772  ProtectedStorage - ok
16:42:29.0371 1772  [ 5504B63DCC7F980EED7EFF8F2593D60E ] prwntdrv        C:\Windows\system32\prwntdrv.sys
16:42:29.0402 1772  prwntdrv ( UnsignedFile.Multi.Generic ) - warning
16:42:29.0402 1772  prwntdrv - detected UnsignedFile.Multi.Generic (1)
16:42:29.0433 1772  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:42:29.0480 1772  Psched - ok
16:42:29.0527 1772  [ 681AE4F1927FE0FDEEE2863F1684088D ] pwdrvio         C:\Windows\system32\pwdrvio.sys
16:42:29.0543 1772  pwdrvio - ok
16:42:29.0558 1772  [ BC60895CE021309EBD887D2F22055654 ] pwdspio         C:\Windows\system32\pwdspio.sys
16:42:29.0574 1772  pwdspio - ok
16:42:29.0621 1772  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:42:29.0652 1772  ql2300 - ok
16:42:29.0683 1772  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:42:29.0699 1772  ql40xx - ok
16:42:29.0714 1772  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:42:29.0777 1772  QWAVE - ok
16:42:29.0792 1772  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:42:29.0808 1772  QWAVEdrv - ok
16:42:29.0808 1772  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:42:29.0855 1772  RasAcd - ok
16:42:29.0870 1772  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:42:29.0901 1772  RasAgileVpn - ok
16:42:29.0917 1772  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:42:29.0948 1772  RasAuto - ok
16:42:29.0964 1772  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:42:30.0011 1772  Rasl2tp - ok
16:42:30.0026 1772  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:42:30.0073 1772  RasMan - ok
16:42:30.0089 1772  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:42:30.0104 1772  RasPppoe - ok
16:42:30.0135 1772  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:42:30.0167 1772  RasSstp - ok
16:42:30.0182 1772  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:42:30.0213 1772  rdbss - ok
16:42:30.0245 1772  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:42:30.0260 1772  rdpbus - ok
16:42:30.0260 1772  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:42:30.0291 1772  RDPCDD - ok
16:42:30.0323 1772  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:42:30.0369 1772  RDPDR - ok
16:42:30.0385 1772  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:42:30.0416 1772  RDPENCDD - ok
16:42:30.0432 1772  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:42:30.0479 1772  RDPREFMP - ok
16:42:30.0510 1772  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:42:30.0525 1772  RDPWD - ok
16:42:30.0541 1772  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:42:30.0557 1772  rdyboost - ok
16:42:30.0572 1772  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:42:30.0603 1772  RemoteAccess - ok
16:42:30.0635 1772  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:42:30.0681 1772  RemoteRegistry - ok
16:42:30.0713 1772  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:42:30.0744 1772  RFCOMM - ok
16:42:30.0759 1772  [ C294B6E61B9989EC6FFF9F5D6951919D ] Rockusb         C:\Windows\system32\DRIVERS\rockusb.sys
16:42:30.0775 1772  Rockusb - ok
16:42:30.0791 1772  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:42:30.0837 1772  RpcEptMapper - ok
16:42:30.0853 1772  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:42:30.0884 1772  RpcLocator - ok
16:42:30.0900 1772  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:42:30.0931 1772  RpcSs - ok
16:42:30.0947 1772  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:42:30.0993 1772  rspndr - ok
16:42:31.0025 1772  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:42:31.0040 1772  RTL8167 - ok
16:42:31.0087 1772  [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B        C:\Windows\system32\DRIVERS\RTL8187B.sys
16:42:31.0103 1772  RTL8187B - ok
16:42:31.0134 1772  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:42:31.0149 1772  s3cap - ok
16:42:31.0165 1772  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:42:31.0181 1772  SamSs - ok
16:42:31.0196 1772  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:42:31.0212 1772  sbp2port - ok
16:42:31.0243 1772  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:42:31.0274 1772  SCardSvr - ok
16:42:31.0274 1772  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:42:31.0321 1772  scfilter - ok
16:42:31.0352 1772  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:42:31.0399 1772  Schedule - ok
16:42:31.0415 1772  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:42:31.0446 1772  SCPolicySvc - ok
16:42:31.0446 1772  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:42:31.0477 1772  SDRSVC - ok
16:42:31.0493 1772  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:42:31.0524 1772  secdrv - ok
16:42:31.0539 1772  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:42:31.0586 1772  seclogon - ok
16:42:31.0602 1772  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:42:31.0649 1772  SENS - ok
16:42:31.0664 1772  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:42:31.0680 1772  SensrSvc - ok
16:42:31.0695 1772  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:42:31.0711 1772  Serenum - ok
16:42:31.0727 1772  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
16:42:31.0742 1772  Serial - ok
16:42:31.0742 1772  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:42:31.0758 1772  sermouse - ok
16:42:31.0789 1772  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:42:31.0805 1772  SessionEnv - ok
16:42:31.0820 1772  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:42:31.0851 1772  sffdisk - ok
16:42:31.0867 1772  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:42:31.0883 1772  sffp_mmc - ok
16:42:31.0898 1772  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:42:31.0914 1772  sffp_sd - ok
16:42:31.0929 1772  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:42:31.0961 1772  sfloppy - ok
16:42:31.0976 1772  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:42:32.0023 1772  SharedAccess - ok
16:42:32.0039 1772  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:42:32.0085 1772  ShellHWDetection - ok
16:42:32.0101 1772  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:42:32.0117 1772  sisagp - ok
16:42:32.0132 1772  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:42:32.0148 1772  SiSRaid2 - ok
16:42:32.0163 1772  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:42:32.0179 1772  SiSRaid4 - ok
16:42:32.0210 1772  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:42:32.0241 1772  SkypeUpdate - ok
16:42:32.0273 1772  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:42:32.0304 1772  Smb - ok
16:42:32.0335 1772  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:42:32.0351 1772  SNMPTRAP - ok
16:42:32.0366 1772  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:42:32.0382 1772  spldr - ok
16:42:32.0397 1772  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
16:42:32.0429 1772  Spooler - ok
16:42:32.0522 1772  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:42:32.0647 1772  sppsvc - ok
16:42:32.0663 1772  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:42:32.0709 1772  sppuinotify - ok
16:42:32.0741 1772  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:42:32.0756 1772  srv - ok
16:42:32.0772 1772  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:42:32.0787 1772  srv2 - ok
16:42:32.0819 1772  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:42:32.0834 1772  srvnet - ok
16:42:32.0850 1772  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:42:32.0881 1772  SSDPSRV - ok
16:42:32.0897 1772  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:42:32.0928 1772  SstpSvc - ok
16:42:32.0943 1772  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:42:32.0959 1772  stexstor - ok
16:42:33.0006 1772  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:42:33.0037 1772  StiSvc - ok
16:42:33.0053 1772  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:42:33.0068 1772  storflt - ok
16:42:33.0084 1772  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
16:42:33.0099 1772  StorSvc - ok
16:42:33.0115 1772  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:42:33.0131 1772  storvsc - ok
16:42:33.0146 1772  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:42:33.0162 1772  swenum - ok
16:42:33.0177 1772  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:42:33.0209 1772  swprv - ok
16:42:33.0255 1772  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:42:33.0287 1772  SysMain - ok
16:42:33.0302 1772  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:42:33.0333 1772  TabletInputService - ok
16:42:33.0349 1772  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:42:33.0396 1772  TapiSrv - ok
16:42:33.0411 1772  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:42:33.0443 1772  TBS - ok
16:42:33.0505 1772  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:42:33.0552 1772  Tcpip - ok
16:42:33.0583 1772  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:42:33.0614 1772  TCPIP6 - ok
16:42:33.0630 1772  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:42:33.0677 1772  tcpipreg - ok
16:42:33.0692 1772  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:42:33.0708 1772  TDPIPE - ok
16:42:33.0723 1772  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:42:33.0739 1772  TDTCP - ok
16:42:33.0755 1772  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:42:33.0786 1772  tdx - ok
16:42:33.0786 1772  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:42:33.0801 1772  TermDD - ok
16:42:33.0833 1772  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:42:33.0864 1772  TermService - ok
16:42:33.0879 1772  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:42:33.0895 1772  Themes - ok
16:42:33.0911 1772  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:42:33.0942 1772  THREADORDER - ok
16:42:33.0957 1772  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:42:34.0004 1772  TrkWks - ok
16:42:34.0051 1772  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:42:34.0098 1772  TrustedInstaller - ok
16:42:34.0098 1772  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:42:34.0145 1772  tssecsrv - ok
16:42:34.0160 1772  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:42:34.0176 1772  TsUsbFlt - ok
16:42:34.0191 1772  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:42:34.0207 1772  TsUsbGD - ok
16:42:34.0238 1772  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:42:34.0269 1772  tunnel - ok
16:42:34.0285 1772  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:42:34.0301 1772  uagp35 - ok
16:42:34.0316 1772  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:42:34.0363 1772  udfs - ok
16:42:34.0379 1772  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:42:34.0394 1772  UI0Detect - ok
16:42:34.0441 1772  [ 0A1822D12CF103633893CAF9CAE4E69D ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
16:42:34.0457 1772  UimBus - ok
16:42:34.0472 1772  [ 42F7398A76D279E0F63FC600920AB90C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IM.sys
16:42:34.0488 1772  Uim_IM - ok
16:42:34.0503 1772  [ 48AD04132FCAC71E0EEC3DE5FB22D66E ] Uim_Vim         C:\Windows\system32\Drivers\Uim_Vim.sys
16:42:34.0519 1772  Uim_Vim - ok
16:42:34.0535 1772  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:42:34.0550 1772  uliagpkx - ok
16:42:34.0566 1772  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:42:34.0581 1772  umbus - ok
16:42:34.0613 1772  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:42:34.0675 1772  UmPass - ok
16:42:34.0706 1772  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:42:34.0769 1772  UmRdpService - ok
16:42:34.0800 1772  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:42:34.0847 1772  upnphost - ok
16:42:34.0862 1772  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:42:34.0893 1772  usbccgp - ok
16:42:34.0909 1772  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:42:34.0925 1772  usbcir - ok
16:42:34.0925 1772  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:42:34.0940 1772  usbehci - ok
16:42:34.0971 1772  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:42:34.0987 1772  usbhub - ok
16:42:34.0987 1772  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:42:35.0003 1772  usbohci - ok
16:42:35.0018 1772  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:42:35.0049 1772  usbprint - ok
16:42:35.0065 1772  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:42:35.0081 1772  usbscan - ok
16:42:35.0096 1772  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:42:35.0112 1772  USBSTOR - ok
16:42:35.0127 1772  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:42:35.0143 1772  usbuhci - ok
16:42:35.0159 1772  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:42:35.0205 1772  UxSms - ok
16:42:35.0221 1772  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:42:35.0237 1772  VaultSvc - ok
16:42:35.0252 1772  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:42:35.0268 1772  vdrvroot - ok
16:42:35.0283 1772  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:42:35.0330 1772  vds - ok
16:42:35.0346 1772  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:42:35.0377 1772  vga - ok
16:42:35.0393 1772  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:42:35.0424 1772  VgaSave - ok
16:42:35.0424 1772  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:42:35.0439 1772  vhdmp - ok
16:42:35.0455 1772  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:42:35.0471 1772  viaagp - ok
16:42:35.0486 1772  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:42:35.0517 1772  ViaC7 - ok
16:42:35.0533 1772  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:42:35.0549 1772  viaide - ok
16:42:35.0564 1772  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:42:35.0580 1772  vmbus - ok
16:42:35.0595 1772  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:42:35.0611 1772  VMBusHID - ok
16:42:35.0627 1772  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:42:35.0627 1772  volmgr - ok
16:42:35.0658 1772  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:42:35.0673 1772  volmgrx - ok
16:42:35.0689 1772  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:42:35.0705 1772  volsnap - ok
16:42:35.0736 1772  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:42:35.0751 1772  vsmraid - ok
16:42:35.0798 1772  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:42:35.0892 1772  VSS - ok
16:42:35.0892 1772  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:42:35.0907 1772  vwifibus - ok
16:42:35.0939 1772  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:42:35.0954 1772  vwififlt - ok
16:42:35.0985 1772  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:42:36.0001 1772  vwifimp - ok
16:42:36.0032 1772  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:42:36.0063 1772  W32Time - ok
16:42:36.0079 1772  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:42:36.0095 1772  WacomPen - ok
16:42:36.0126 1772  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:42:36.0173 1772  WANARP - ok
16:42:36.0173 1772  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:42:36.0188 1772  Wanarpv6 - ok
16:42:36.0235 1772  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:42:36.0282 1772  wbengine - ok
16:42:36.0297 1772  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:42:36.0329 1772  WbioSrvc - ok
16:42:36.0344 1772  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:42:36.0360 1772  wcncsvc - ok
16:42:36.0375 1772  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:42:36.0407 1772  WcsPlugInService - ok
16:42:36.0422 1772  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
16:42:36.0438 1772  Wd - ok
16:42:36.0469 1772  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:42:36.0485 1772  Wdf01000 - ok
16:42:36.0500 1772  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:42:36.0531 1772  WdiServiceHost - ok
16:42:36.0531 1772  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:42:36.0563 1772  WdiSystemHost - ok
16:42:36.0578 1772  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:42:36.0609 1772  WebClient - ok
16:42:36.0625 1772  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:42:36.0656 1772  Wecsvc - ok
16:42:36.0672 1772  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:42:36.0703 1772  wercplsupport - ok
16:42:36.0719 1772  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:42:36.0765 1772  WerSvc - ok
16:42:36.0797 1772  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:42:36.0828 1772  WfpLwf - ok
16:42:36.0859 1772  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:42:36.0859 1772  WIMMount - ok
16:42:36.0906 1772  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:42:36.0968 1772  WinDefend - ok
16:42:36.0984 1772  WinHttpAutoProxySvc - ok
16:42:37.0046 1772  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:42:37.0077 1772  Winmgmt - ok
16:42:37.0124 1772  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:42:37.0171 1772  WinRM - ok
16:42:37.0218 1772  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:42:37.0265 1772  WinUsb - ok
16:42:37.0311 1772  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:42:37.0358 1772  Wlansvc - ok
16:42:37.0467 1772  [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:42:37.0545 1772  wlidsvc - ok
16:42:37.0561 1772  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:42:37.0592 1772  WmiAcpi - ok
16:42:37.0623 1772  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:42:37.0655 1772  wmiApSrv - ok
16:42:37.0701 1772  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:42:37.0764 1772  WMPNetworkSvc - ok
16:42:37.0795 1772  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:42:37.0826 1772  WPCSvc - ok
16:42:37.0842 1772  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:42:37.0857 1772  WPDBusEnum - ok
16:42:37.0873 1772  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:42:37.0904 1772  ws2ifsl - ok
16:42:37.0920 1772  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:42:37.0951 1772  wscsvc - ok
16:42:37.0951 1772  WSearch - ok
16:42:38.0029 1772  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:42:38.0091 1772  wuauserv - ok
16:42:38.0107 1772  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:42:38.0154 1772  WudfPf - ok
16:42:38.0201 1772  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:42:38.0247 1772  WUDFRd - ok
16:42:38.0263 1772  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:42:38.0294 1772  wudfsvc - ok
16:42:38.0310 1772  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:42:38.0341 1772  WwanSvc - ok
16:42:38.0388 1772  [ CE0C846127D6ABB1E2A22E59682B2527 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
16:42:38.0435 1772  xnacc - ok
16:42:38.0481 1772  ================ Scan global ===============================
16:42:38.0513 1772  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:42:38.0544 1772  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:42:38.0575 1772  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
16:42:38.0606 1772  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:42:38.0637 1772  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:42:38.0653 1772  [Global] - ok
16:42:38.0653 1772  ================ Scan MBR ==================================
16:42:38.0669 1772  [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk0\DR0
16:42:39.0121 1772  \Device\Harddisk0\DR0 - ok
16:42:39.0121 1772  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:42:39.0246 1772  \Device\Harddisk1\DR1 - ok
16:42:39.0261 1772  ================ Scan VBR ==================================
16:42:39.0261 1772  [ E1F25B6A7CCCBA4E9D9CF6D00199464B ] \Device\Harddisk0\DR0\Partition1
16:42:39.0261 1772  \Device\Harddisk0\DR0\Partition1 - ok
16:42:39.0277 1772  [ D9166F201828BA8FAFFAE0B0D6E84FBE ] \Device\Harddisk0\DR0\Partition2
16:42:39.0293 1772  \Device\Harddisk0\DR0\Partition2 - ok
16:42:39.0308 1772  [ 4CD763AAFDB03E99D47E42AF9C83B0D1 ] \Device\Harddisk0\DR0\Partition3
16:42:39.0308 1772  \Device\Harddisk0\DR0\Partition3 - ok
16:42:39.0308 1772  [ F6A121C282FC44BE66F7902DE7CC765E ] \Device\Harddisk1\DR1\Partition1
16:42:39.0324 1772  \Device\Harddisk1\DR1\Partition1 - ok
16:42:39.0339 1772  [ BB14EE8B6B8D3D00031A872143D4BF73 ] \Device\Harddisk1\DR1\Partition2
16:42:39.0339 1772  \Device\Harddisk1\DR1\Partition2 - ok
16:42:39.0355 1772  [ 0B8756B550103ADB62ED76DAE40C2D16 ] \Device\Harddisk1\DR1\Partition3
16:42:39.0355 1772  \Device\Harddisk1\DR1\Partition3 - ok
16:42:39.0371 1772  [ 8EEA17A9A50F726DD4CF41A838A27ACF ] \Device\Harddisk1\DR1\Partition4
16:42:39.0371 1772  \Device\Harddisk1\DR1\Partition4 - ok
16:42:39.0371 1772  ============================================================
16:42:39.0371 1772  Scan finished
16:42:39.0371 1772  ============================================================
16:42:39.0433 2360  Detected object count: 3
16:42:39.0433 2360  Actual detected object count: 3
16:42:58.0559 2360  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:58.0559 2360  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:42:58.0559 2360  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:58.0559 2360  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:42:58.0574 2360  prwntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:58.0574 2360  prwntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:43:01.0398 5748  Deinitialize success
         


Alt 19.01.2013, 19:03   #6
markusg
/// Malware-holic
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> SweetIM & Websearch.mocaflix ...

Alt 19.01.2013, 19:29   #7
YuT666
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Code:
ATTFilter
ComboFix 13-01-17.04 - YuT666 19.01.2013  19:20:48.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3326.1581 [GMT 1:00]
ausgeführt von:: c:\users\YuT666\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\YuT666\AppData\Local\TempDIR
c:\users\YuT666\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\UNWISE.EXE
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-19 bis 2013-01-19  ))))))))))))))))))))))))))))))
.
.
2013-01-19 18:26 . 2013-01-19 18:27	--------	d-----w-	c:\users\YuT666\AppData\Local\temp
2013-01-19 18:26 . 2013-01-19 18:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-19 10:43 . 2013-01-19 10:43	--------	d-----w-	C:\6
2013-01-18 09:16 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3825030-E88A-4952-BC4F-6A4EE628970A}\mpengine.dll
2013-01-17 22:17 . 2013-01-12 02:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-11 18:13 . 2013-01-11 18:13	--------	d-----w-	c:\users\YuT666\AppData\Local\Targem
2013-01-09 18:13 . 2013-01-09 18:14	--------	d-----w-	c:\program files\AGEIA Technologies
2013-01-09 18:13 . 2013-01-09 18:13	--------	d-----w-	c:\windows\system32\AGEIA
2013-01-09 14:12 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 14:12 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-09 14:12 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 14:12 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 14:12 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-05 08:43 . 2013-01-19 15:13	--------	d-----w-	c:\users\YuT666\AppData\Roaming\BITS
2013-01-05 08:43 . 2013-01-05 08:43	--------	d-----w-	c:\users\YuT666\AppData\Roaming\FlashgetSetup
2013-01-05 08:43 . 2013-01-05 11:43	--------	d-----w-	c:\users\YuT666\AppData\Roaming\FlashGet
2013-01-04 19:18 . 2013-01-04 19:21	--------	d-----w-	c:\users\YuT666\PSX
2012-12-31 10:21 . 2012-12-31 10:47	--------	d-----w-	c:\users\YuT666\AppData\Local\Rockstar Games
2012-12-31 09:53 . 2012-12-31 09:53	--------	d-----w-	c:\program files\Rockstar Games
2012-12-30 15:47 . 2012-12-30 15:47	--------	d-----w-	C:\toolbarImages
2012-12-28 10:54 . 2012-12-28 10:54	--------	d-----w-	c:\users\YuT666\AppData\Local\Programs
2012-12-27 18:42 . 2012-12-27 18:42	--------	d-----w-	c:\users\YuT666\AppData\Roaming\Visan
2012-12-27 18:42 . 2012-12-27 18:42	--------	d-----w-	c:\programdata\Visan
2012-12-21 20:10 . 2012-12-21 20:10	--------	d-----w-	c:\users\YuT666\AppData\Local\Fallout3
2012-12-21 09:00 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:00 . 2012-04-27 10:09	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 21:00 . 2012-04-27 10:09	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-05-15 20:02	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-14 02:09 . 2012-12-13 18:11	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 18:11	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 18:11	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 18:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 18:11	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 18:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 18:08	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 18:08	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-10-30 22:51 . 2012-04-27 14:19	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-04-27 14:19	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-04-27 14:19	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-04-27 14:19	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-04-27 14:19	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-04-27 14:19	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-04-27 14:19	227648	----a-w-	c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-21 09:01	222712	----a-w-	c:\users\YuT666\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-21 09:01	222712	----a-w-	c:\users\YuT666\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-21 09:01	222712	----a-w-	c:\users\YuT666\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\tools\System\Security\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\tools\System\Security\Avast\avastUI.exe" [2012-10-30 4297136]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 ddmdrv;ddmdrv;c:\windows\system32\ddmdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [x]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 15446761
*Deregistered* - 15446761
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 17:41	1606760	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 21:00]
.
2013-01-19 c:\windows\Tasks\GlaryInitialize.job
- c:\tools\System\Optimizing\Glary Utilities\initialize.exe [2012-04-29 20:16]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 14:19]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://websearch.mocaflix.com/
mStart Page = hxxp://websearch.mocaflix.com/
IE: Download all links by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgetflvurl.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\YuT666\AppData\Roaming\Mozilla\Firefox\Profiles\lt3hkzxi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.mocaflix.com/?l=1&q=
FF - prefs.js: network.proxy.http - 46.23.64.124
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-05 09:45; {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}; c:\users\YuT666\AppData\Roaming\Mozilla\Firefox\Profiles\lt3hkzxi.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE
AddRemove-Steam App 22380 - f:\steam\steam.exe
AddRemove-Steam App 57900 - f:\steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3886202293-2860333877-1283190225-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,18,ca,d6,ab,4e,cc,fa,d6,a8,9c,66,d5,39,23,9b,cc,78,12,98,2f,
   a2,c1,21,a3,d5,5d,0f,66,15,5a,43,4e,77,9a,21,9f,dd,00,f2,cb,bf,99,77,74,72,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*]
"CheckValue"=dword:dbf75170
"8FD6CB82"="232F7327"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-19  19:28:52
ComboFix-quarantined-files.txt  2013-01-19 18:28
.
Vor Suchlauf: 14 Verzeichnis(se), 11.818.655.744 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 11.674.546.176 Bytes frei
.
- - End Of File - - 24D009F25A19AE505346F9070A81C8A4
         

Alt 19.01.2013, 19:31   #8
markusg
/// Malware-holic
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.01.2013, 20:33   #9
YuT666
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.19.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
YuT666 :: YUT666-PC [Administrator]

19.01.2013 19:40:02
mbam-log-2013-01-19 (19-40-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 337221
Laufzeit: 43 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Tools\Grafik\PhotoshopPortable\App\PhotoshopCS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 20.01.2013, 20:42   #10
markusg
/// Malware-holic
 
SweetIM & Websearch.mocaflix ... - Standard

SweetIM & Websearch.mocaflix ...



hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu SweetIM & Websearch.mocaflix ...
32bit, deinstalliert, eingefangen, freue, gefangen, gen, hijack, hijackthis, jahre, nervige, nichts, pup.riskwaretool.ck, rechner, recht, schei, suchmaschine, sweetim, thanks, wahrscheinlich, windows, windows 7, würde



Ähnliche Themen: SweetIM & Websearch.mocaflix ...


  1. search.sweetim.com (SweetIm) entfernen
    Anleitungen, FAQs & Links - 21.07.2014 (2)
  2. WebSearch.com (WebSearch) entfernen
    Anleitungen, FAQs & Links - 10.04.2014 (2)
  3. Windows 7: PUP.Optional.SweetIM, etc.
    Log-Analyse und Auswertung - 06.02.2014 (7)
  4. PUP.Optional.SweetIM & PUP.Optional.SweetIM.A.
    Log-Analyse und Auswertung - 05.02.2014 (7)
  5. mocaflix.com entfernen
    Anleitungen, FAQs & Links - 24.10.2013 (2)
  6. SweetIm & www_getwindowinfo
    Log-Analyse und Auswertung - 06.10.2013 (7)
  7. Windows 7: Wiederkehrende SweetIM Probleme
    Log-Analyse und Auswertung - 02.10.2013 (7)
  8. PUP.Optional.SweetIM.A im MBAM log
    Log-Analyse und Auswertung - 28.09.2013 (1)
  9. langsames Internet, LyricsPal, Websearch.Mocaflix
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (19)
  10. Browser mocaflix Problem
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (15)
  11. Programme sweetim und domaIQ gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (11)
  12. Chrome|Firefox lädt keine Seiten (websearch.mocaflix.com)
    Log-Analyse und Auswertung - 11.04.2013 (9)
  13. Home.sweetim.com und Norton Antivirus
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (15)
  14. SweetIm seitdem Abstürze, bitte helft mir
    Log-Analyse und Auswertung - 07.10.2012 (5)
  15. Wie werde ich den Trojaner unter Sweetim.exe wieder los?
    Log-Analyse und Auswertung - 20.04.2012 (2)
  16. SearchSettings & SweetIM
    Plagegeister aller Art und deren Bekämpfung - 26.07.2009 (1)
  17. Sweetim, nervige Popups und Pc ist langsamenr
    Log-Analyse und Auswertung - 28.02.2008 (1)

Zum Thema SweetIM & Websearch.mocaflix ... - HabedieEhre aus Niederbayern, hab mir seit Jahren nichts mehr "eingefangen", aber jetzt scheint es wieder soweit zu sein. Kam bisher nicht recht weiter ... Das nervige SweetIM (kann nicht normal - SweetIM & Websearch.mocaflix ......
Archiv
Du betrachtest: SweetIM & Websearch.mocaflix ... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.