Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Log-Analyse und Auswertung: C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 3 1 23
Alt 06.03.2013, 22:44   #1
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Hallo,

ich habe schon seit längerem das Problem, dass beim starten des Pc´s die Fehlermeldung C:\PROGRA~3\dllaimesohum.dat kommt.
Ich denke das es ein Virus von einem usb Stick ist bin mir aber nicht sicher

Meine frage ist:
kann ich das Problem beheben ohne das System neu aufzusetzen ?

Hoffe es passt alles mit den Logs habe so etwas noch nie gemacht!

Vielen dank

Gruß jojoba

Alt 06.03.2013, 23:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 07.03.2013, 19:44   #3
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


hallo,
ich habe keines der Viren Programme und ein log entsteht ja erst nach einen scann oder?Was ich ja nicht machen soll.
Soll ich vielleicht mit den vorhanden Logs etwas ändern, sie neu machen?

danke für die Antwort

gruß jojoba
__________________
Alt 08.03.2013, 10:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.03.2013, 22:50   #5
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8569470976, free: 6040354816

------------ Kernel report ------------
     03/09/2013 22:18:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\ESLWireACD.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\usbaapl64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\nsi.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800752a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80072fb060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007529060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8007309060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.03.09.11
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007529060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800741e8f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007529060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80072fe520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007309060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c426b00, 0xfffffa8007529060, 0xfffffa80093d0090
Lower DeviceData: 0xfffff8a003b41f50, 0xfffffa8007309060, 0xfffffa80091077f0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CBF9AD22

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 124835840

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 64023257088 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-125025424-125045424)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800752a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800752ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800752a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006f061e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80072fb060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00c37e620, 0xfffffa800752a060, 0xfffffa800933b790
Lower DeviceData: 0xfffff8a00ce72670, 0xfffffa80072fb060, 0xfffffa800937eb80
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4322ED5A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-09 22:28:38
-----------------------------
22:28:38.594    OS Version: Windows x64 6.1.7601 Service Pack 1
22:28:38.594    Number of processors: 4 586 0x2A07
22:28:38.594    ComputerName: USER-PC  UserName: user
22:28:38.771    Initialize success
22:30:11.720    AVAST engine defs: 13030900
22:33:12.625    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:33:12.625    Disk 0 Vendor: M4-CT064M4SSD2 0001 Size: 61057MB BusType: 11
22:33:12.625    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
22:33:12.625    Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
22:33:12.625    Disk 0 MBR read successfully
22:33:12.641    Disk 0 MBR scan
22:33:12.641    Disk 0 Windows 7 default MBR code
22:33:12.641    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:33:12.641    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
22:33:12.641    Disk 0 scanning C:\Windows\system32\drivers
22:33:14.639    Service scanning
22:33:19.788    Modules scanning
22:33:19.797    Disk 0 trace - called modules:
22:33:20.129    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
22:33:20.136    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007529060]
22:33:20.141    3 CLASSPNP.SYS[fffff8800190843f] -> nt!IofCallDriver -> [0xfffffa80072fe520]
22:33:20.146    5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007309060]
22:33:20.299    AVAST engine scan C:\Windows
22:33:20.655    AVAST engine scan C:\Windows\system32
22:34:07.797    AVAST engine scan C:\Windows\system32\drivers
22:34:10.169    AVAST engine scan C:\Users\user
22:34:33.304    AVAST engine scan C:\ProgramData
22:34:35.441    Scan finished successfully
22:36:23.580    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
22:36:23.580    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

Code:
ATTFilter
22:41:46.0109 3604  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:41:46.0400 3604  ============================================================
22:41:46.0400 3604  Current date / time: 2013/03/09 22:41:46.0400
22:41:46.0400 3604  SystemInfo:
22:41:46.0400 3604  
22:41:46.0400 3604  OS Version: 6.1.7601 ServicePack: 1.0
22:41:46.0400 3604  Product type: Workstation
22:41:46.0400 3604  ComputerName: USER-PC
22:41:46.0400 3604  UserName: user
22:41:46.0400 3604  Windows directory: C:\Windows
22:41:46.0400 3604  System windows directory: C:\Windows
22:41:46.0400 3604  Running under WOW64
22:41:46.0400 3604  Processor architecture: Intel x64
22:41:46.0400 3604  Number of processors: 4
22:41:46.0400 3604  Page size: 0x1000
22:41:46.0400 3604  Boot type: Normal boot
22:41:46.0400 3604  ============================================================
22:41:46.0584 3604  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:41:46.0584 3604  Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:41:46.0586 3604  ============================================================
22:41:46.0586 3604  \Device\Harddisk1\DR1:
22:41:46.0586 3604  MBR partitions:
22:41:46.0586 3604  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:41:46.0586 3604  \Device\Harddisk0\DR0:
22:41:46.0586 3604  MBR partitions:
22:41:46.0586 3604  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:41:46.0586 3604  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
22:41:46.0586 3604  ============================================================
22:41:46.0587 3604  C: <-> \Device\Harddisk0\DR0\Partition2
22:41:46.0612 3604  E: <-> \Device\Harddisk1\DR1\Partition1
22:41:46.0612 3604  ============================================================
22:41:46.0612 3604  Initialize success
22:41:46.0612 3604  ============================================================
22:44:21.0696 0884  ============================================================
22:44:21.0696 0884  Scan started
22:44:21.0696 0884  Mode: Manual; SigCheck; TDLFS; 
22:44:21.0696 0884  ============================================================
22:44:21.0930 0884  ================ Scan system memory ========================
22:44:21.0930 0884  System memory - ok
22:44:21.0930 0884  ================ Scan services =============================
22:44:21.0961 0884  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:44:22.0008 0884  1394ohci - ok
22:44:22.0024 0884  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:44:22.0024 0884  ACPI - ok
22:44:22.0024 0884  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:44:22.0039 0884  AcpiPmi - ok
22:44:22.0055 0884  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:44:22.0055 0884  adp94xx - ok
22:44:22.0070 0884  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:44:22.0070 0884  adpahci - ok
22:44:22.0086 0884  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:44:22.0086 0884  adpu320 - ok
22:44:22.0086 0884  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:44:22.0133 0884  AeLookupSvc - ok
22:44:22.0148 0884  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:44:22.0148 0884  AFD - ok
22:44:22.0164 0884  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:44:22.0164 0884  agp440 - ok
22:44:22.0164 0884  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:44:22.0180 0884  ALG - ok
22:44:22.0180 0884  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:44:22.0180 0884  aliide - ok
22:44:22.0195 0884  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:44:22.0211 0884  AMD External Events Utility - ok
22:44:22.0211 0884  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:44:22.0211 0884  amdide - ok
22:44:22.0211 0884  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:44:22.0226 0884  AmdK8 - ok
22:44:22.0320 0884  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:22.0398 0884  amdkmdag - ok
22:44:22.0398 0884  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:44:22.0414 0884  amdkmdap - ok
22:44:22.0414 0884  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:44:22.0414 0884  AmdPPM - ok
22:44:22.0429 0884  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:44:22.0429 0884  amdsata - ok
22:44:22.0429 0884  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:44:22.0445 0884  amdsbs - ok
22:44:22.0445 0884  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:44:22.0445 0884  amdxata - ok
22:44:22.0445 0884  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:44:22.0507 0884  AppID - ok
22:44:22.0507 0884  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:44:22.0523 0884  AppIDSvc - ok
22:44:22.0523 0884  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:44:22.0538 0884  Appinfo - ok
22:44:22.0554 0884  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:44:22.0554 0884  Apple Mobile Device - ok
22:44:22.0554 0884  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:44:22.0570 0884  arc - ok
22:44:22.0570 0884  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:44:22.0570 0884  arcsas - ok
22:44:22.0570 0884  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:22.0601 0884  AsyncMac - ok
22:44:22.0601 0884  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:44:22.0601 0884  atapi - ok
22:44:22.0601 0884  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:44:22.0616 0884  AtiHDAudioService - ok
22:44:22.0616 0884  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:44:22.0648 0884  AudioEndpointBuilder - ok
22:44:22.0663 0884  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:44:22.0679 0884  AudioSrv - ok
22:44:22.0679 0884  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:44:22.0694 0884  AxInstSV - ok
22:44:22.0710 0884  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:44:22.0710 0884  b06bdrv - ok
22:44:22.0726 0884  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:44:22.0726 0884  b57nd60a - ok
22:44:22.0741 0884  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:44:22.0741 0884  BDESVC - ok
22:44:22.0741 0884  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:44:22.0757 0884  Beep - ok
22:44:22.0772 0884  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:44:22.0804 0884  BFE - ok
22:44:22.0804 0884  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:44:22.0835 0884  BITS - ok
22:44:22.0835 0884  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:22.0850 0884  blbdrive - ok
22:44:22.0850 0884  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:44:22.0866 0884  Bonjour Service - ok
22:44:22.0866 0884  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:44:22.0866 0884  bowser - ok
22:44:22.0882 0884  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:44:22.0882 0884  BrFiltLo - ok
22:44:22.0882 0884  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:44:22.0897 0884  BrFiltUp - ok
22:44:22.0897 0884  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:44:22.0897 0884  Browser - ok
22:44:22.0913 0884  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:44:22.0913 0884  Brserid - ok
22:44:22.0928 0884  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:22.0928 0884  BrSerWdm - ok
22:44:22.0928 0884  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:22.0944 0884  BrUsbMdm - ok
22:44:22.0944 0884  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:22.0944 0884  BrUsbSer - ok
22:44:22.0944 0884  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:44:22.0960 0884  BTHMODEM - ok
22:44:22.0960 0884  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:44:22.0991 0884  bthserv - ok
22:44:22.0991 0884  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:44:23.0006 0884  cdfs - ok
22:44:23.0022 0884  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:44:23.0022 0884  cdrom - ok
22:44:23.0022 0884  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:44:23.0053 0884  CertPropSvc - ok
22:44:23.0053 0884  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:44:23.0053 0884  circlass - ok
22:44:23.0069 0884  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:44:23.0069 0884  CLFS - ok
22:44:23.0084 0884  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:23.0084 0884  clr_optimization_v2.0.50727_32 - ok
22:44:23.0084 0884  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:44:23.0100 0884  clr_optimization_v2.0.50727_64 - ok
22:44:23.0100 0884  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:23.0116 0884  clr_optimization_v4.0.30319_32 - ok
22:44:23.0116 0884  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:44:23.0116 0884  clr_optimization_v4.0.30319_64 - ok
22:44:23.0131 0884  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
22:44:23.0131 0884  CmBatt - ok
22:44:23.0131 0884  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:44:23.0147 0884  cmdide - ok
22:44:23.0147 0884  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:44:23.0162 0884  CNG - ok
22:44:23.0162 0884  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:44:23.0162 0884  Compbatt - ok
22:44:23.0162 0884  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:44:23.0178 0884  CompositeBus - ok
22:44:23.0178 0884  COMSysApp - ok
22:44:23.0178 0884  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:44:23.0194 0884  crcdisk - ok
22:44:23.0194 0884  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:44:23.0194 0884  CryptSvc - ok
22:44:23.0209 0884  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:44:23.0225 0884  DcomLaunch - ok
22:44:23.0240 0884  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:44:23.0256 0884  defragsvc - ok
22:44:23.0272 0884  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:44:23.0287 0884  DfsC - ok
22:44:23.0287 0884  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:44:23.0303 0884  Dhcp - ok
22:44:23.0303 0884  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:44:23.0318 0884  discache - ok
22:44:23.0334 0884  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:44:23.0334 0884  Disk - ok
22:44:23.0334 0884  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:44:23.0350 0884  Dnscache - ok
22:44:23.0350 0884  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:44:23.0381 0884  dot3svc - ok
22:44:23.0381 0884  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:44:23.0396 0884  DPS - ok
22:44:23.0396 0884  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:44:23.0412 0884  drmkaud - ok
22:44:23.0428 0884  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:44:23.0443 0884  DXGKrnl - ok
22:44:23.0443 0884  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:44:23.0459 0884  EapHost - ok
22:44:23.0506 0884  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:44:23.0552 0884  ebdrv - ok
22:44:23.0552 0884  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:44:23.0552 0884  EFS - ok
22:44:23.0568 0884  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:44:23.0584 0884  ehRecvr - ok
22:44:23.0584 0884  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:44:23.0584 0884  ehSched - ok
22:44:23.0599 0884  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:44:23.0615 0884  elxstor - ok
22:44:23.0615 0884  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:44:23.0615 0884  ErrDev - ok
22:44:23.0615 0884  [ 62F261F12862EBD65B4E568E2660E221 ] ESLWireAC       C:\Windows\system32\drivers\ESLWireACD.sys
22:44:23.0630 0884  ESLWireAC - ok
22:44:23.0630 0884  [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper   C:\Program Files\EslWire\service\WireHelperSvc.exe
22:44:23.0646 0884  EslWireHelper - ok
22:44:23.0662 0884  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:44:23.0693 0884  EventSystem - ok
22:44:23.0693 0884  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:44:23.0708 0884  exfat - ok
22:44:23.0708 0884  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:44:23.0740 0884  fastfat - ok
22:44:23.0740 0884  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:44:23.0755 0884  Fax - ok
22:44:23.0755 0884  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:44:23.0771 0884  fdc - ok
22:44:23.0771 0884  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:44:23.0786 0884  fdPHost - ok
22:44:23.0786 0884  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:44:23.0818 0884  FDResPub - ok
22:44:23.0818 0884  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:44:23.0818 0884  FileInfo - ok
22:44:23.0818 0884  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:44:23.0849 0884  Filetrace - ok
22:44:23.0849 0884  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:44:23.0849 0884  flpydisk - ok
22:44:23.0864 0884  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:44:23.0864 0884  FltMgr - ok
22:44:23.0880 0884  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:44:23.0896 0884  FontCache - ok
22:44:23.0896 0884  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:23.0911 0884  FontCache3.0.0.0 - ok
22:44:23.0911 0884  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:44:23.0911 0884  FsDepends - ok
22:44:23.0911 0884  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:44:23.0927 0884  Fs_Rec - ok
22:44:23.0927 0884  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:44:23.0942 0884  fvevol - ok
22:44:23.0942 0884  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:44:23.0942 0884  gagp30kx - ok
22:44:23.0942 0884  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:23.0942 0884  GEARAspiWDM - ok
22:44:23.0958 0884  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:44:23.0989 0884  gpsvc - ok
22:44:23.0989 0884  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:44:23.0989 0884  hcw85cir - ok
22:44:24.0005 0884  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:44:24.0005 0884  HdAudAddService - ok
22:44:24.0020 0884  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:44:24.0020 0884  HDAudBus - ok
22:44:24.0020 0884  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:44:24.0036 0884  HidBatt - ok
22:44:24.0036 0884  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:44:24.0036 0884  HidBth - ok
22:44:24.0052 0884  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:44:24.0052 0884  HidIr - ok
22:44:24.0052 0884  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:44:24.0067 0884  hidserv - ok
22:44:24.0083 0884  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:44:24.0083 0884  HidUsb - ok
22:44:24.0083 0884  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:44:24.0114 0884  hkmsvc - ok
22:44:24.0114 0884  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:44:24.0114 0884  HomeGroupListener - ok
22:44:24.0130 0884  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:44:24.0130 0884  HomeGroupProvider - ok
22:44:24.0130 0884  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:44:24.0145 0884  HpSAMD - ok
22:44:24.0145 0884  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:44:24.0176 0884  HTTP - ok
22:44:24.0176 0884  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:44:24.0176 0884  hwpolicy - ok
22:44:24.0192 0884  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:44:24.0192 0884  i8042prt - ok
22:44:24.0192 0884  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:44:24.0208 0884  iaStorV - ok
22:44:24.0223 0884  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:44:24.0239 0884  idsvc - ok
22:44:24.0239 0884  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:44:24.0239 0884  iirsp - ok
22:44:24.0254 0884  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:44:24.0286 0884  IKEEXT - ok
22:44:24.0301 0884  [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:44:24.0332 0884  IntcAzAudAddService - ok
22:44:24.0332 0884  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:44:24.0348 0884  intelide - ok
22:44:24.0348 0884  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:44:24.0348 0884  intelppm - ok
22:44:24.0364 0884  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:44:24.0379 0884  IPBusEnum - ok
22:44:24.0379 0884  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:24.0395 0884  IpFilterDriver - ok
22:44:24.0410 0884  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:44:24.0410 0884  iphlpsvc - ok
22:44:24.0426 0884  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:44:24.0426 0884  IPMIDRV - ok
22:44:24.0426 0884  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:44:24.0457 0884  IPNAT - ok
22:44:24.0457 0884  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:44:24.0473 0884  iPod Service - ok
22:44:24.0473 0884  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:44:24.0473 0884  IRENUM - ok
22:44:24.0488 0884  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:44:24.0488 0884  isapnp - ok
22:44:24.0488 0884  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:44:24.0504 0884  iScsiPrt - ok
22:44:24.0504 0884  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:24.0504 0884  kbdclass - ok
22:44:24.0504 0884  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:44:24.0520 0884  kbdhid - ok
22:44:24.0520 0884  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:44:24.0520 0884  KeyIso - ok
22:44:24.0520 0884  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:44:24.0535 0884  KSecDD - ok
22:44:24.0535 0884  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:44:24.0551 0884  KSecPkg - ok
22:44:24.0551 0884  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:44:24.0566 0884  ksthunk - ok
22:44:24.0566 0884  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:44:24.0598 0884  KtmRm - ok
22:44:24.0598 0884  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:44:24.0613 0884  LanmanServer - ok
22:44:24.0629 0884  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:44:24.0644 0884  LanmanWorkstation - ok
22:44:24.0644 0884  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:44:24.0676 0884  lltdio - ok
22:44:24.0676 0884  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:44:24.0691 0884  lltdsvc - ok
22:44:24.0691 0884  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:44:24.0722 0884  lmhosts - ok
22:44:24.0722 0884  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:44:24.0722 0884  LSI_FC - ok
22:44:24.0738 0884  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:44:24.0738 0884  LSI_SAS - ok
22:44:24.0738 0884  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:44:24.0738 0884  LSI_SAS2 - ok
22:44:24.0754 0884  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:44:24.0754 0884  LSI_SCSI - ok
22:44:24.0754 0884  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:44:24.0785 0884  luafv - ok
22:44:24.0785 0884  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
22:44:24.0785 0884  MBfilt - ok
22:44:24.0785 0884  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:44:24.0800 0884  Mcx2Svc - ok
22:44:24.0800 0884  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:44:24.0800 0884  megasas - ok
22:44:24.0800 0884  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:44:24.0816 0884  MegaSR - ok
22:44:24.0816 0884  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:44:24.0816 0884  MEIx64 - ok
22:44:24.0832 0884  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:44:24.0847 0884  MMCSS - ok
22:44:24.0847 0884  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:44:24.0863 0884  Modem - ok
22:44:24.0863 0884  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:44:24.0878 0884  monitor - ok
22:44:24.0878 0884  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:44:24.0878 0884  mouclass - ok
22:44:24.0894 0884  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:44:24.0894 0884  mouhid - ok
22:44:24.0894 0884  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:44:24.0910 0884  mountmgr - ok
22:44:24.0910 0884  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:44:24.0910 0884  MozillaMaintenance - ok
22:44:24.0925 0884  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:44:24.0925 0884  mpio - ok
22:44:24.0925 0884  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:44:24.0941 0884  mpsdrv - ok
22:44:24.0956 0884  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:44:24.0988 0884  MpsSvc - ok
22:44:24.0988 0884  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:44:25.0003 0884  MRxDAV - ok
22:44:25.0003 0884  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:25.0003 0884  mrxsmb - ok
22:44:25.0019 0884  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:25.0019 0884  mrxsmb10 - ok
22:44:25.0019 0884  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:25.0034 0884  mrxsmb20 - ok
22:44:25.0034 0884  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:44:25.0034 0884  msahci - ok
22:44:25.0034 0884  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:44:25.0050 0884  msdsm - ok
22:44:25.0050 0884  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:44:25.0050 0884  MSDTC - ok
22:44:25.0066 0884  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:44:25.0081 0884  Msfs - ok
22:44:25.0081 0884  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:44:25.0097 0884  mshidkmdf - ok
22:44:25.0112 0884  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:44:25.0112 0884  msisadrv - ok
22:44:25.0112 0884  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:44:25.0128 0884  MSiSCSI - ok
22:44:25.0144 0884  msiserver - ok
22:44:25.0144 0884  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:44:25.0159 0884  MSKSSRV - ok
22:44:25.0159 0884  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:25.0175 0884  MSPCLOCK - ok
22:44:25.0175 0884  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:44:25.0206 0884  MSPQM - ok
22:44:25.0206 0884  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:44:25.0222 0884  MsRPC - ok
22:44:25.0222 0884  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:44:25.0222 0884  mssmbios - ok
22:44:25.0222 0884  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:44:25.0253 0884  MSTEE - ok
22:44:25.0253 0884  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:44:25.0253 0884  MTConfig - ok
22:44:25.0253 0884  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:44:25.0268 0884  Mup - ok
22:44:25.0268 0884  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:44:25.0300 0884  napagent - ok
22:44:25.0300 0884  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:44:25.0315 0884  NativeWifiP - ok
22:44:25.0315 0884  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:44:25.0331 0884  NDIS - ok
22:44:25.0331 0884  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:25.0362 0884  NdisCap - ok
22:44:25.0362 0884  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:25.0378 0884  NdisTapi - ok
22:44:25.0378 0884  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:25.0393 0884  Ndisuio - ok
22:44:25.0409 0884  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:25.0424 0884  NdisWan - ok
22:44:25.0424 0884  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:44:25.0440 0884  NDProxy - ok
22:44:25.0456 0884  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:44:25.0471 0884  NetBIOS - ok
22:44:25.0471 0884  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:44:25.0502 0884  NetBT - ok
22:44:25.0502 0884  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:44:25.0502 0884  Netlogon - ok
22:44:25.0502 0884  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:44:25.0534 0884  Netman - ok
22:44:25.0534 0884  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:44:25.0565 0884  netprofm - ok
22:44:25.0565 0884  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:25.0565 0884  NetTcpPortSharing - ok
22:44:25.0580 0884  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:44:25.0580 0884  nfrd960 - ok
22:44:25.0580 0884  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:44:25.0596 0884  NlaSvc - ok
22:44:25.0596 0884  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:44:25.0612 0884  Npfs - ok
22:44:25.0612 0884  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:44:25.0643 0884  nsi - ok
22:44:25.0643 0884  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:44:25.0658 0884  nsiproxy - ok
22:44:25.0674 0884  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:44:25.0705 0884  Ntfs - ok
22:44:25.0705 0884  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:44:25.0721 0884  Null - ok
22:44:25.0721 0884  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
22:44:25.0736 0884  nusb3hub - ok
22:44:25.0736 0884  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:44:25.0736 0884  nusb3xhc - ok
22:44:25.0736 0884  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:44:25.0752 0884  nvraid - ok
22:44:25.0752 0884  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:44:25.0752 0884  nvstor - ok
22:44:25.0768 0884  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:44:25.0768 0884  nv_agp - ok
22:44:25.0768 0884  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:44:25.0783 0884  ohci1394 - ok
22:44:25.0783 0884  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:44:25.0799 0884  p2pimsvc - ok
22:44:25.0799 0884  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:44:25.0814 0884  p2psvc - ok
22:44:25.0814 0884  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:44:25.0814 0884  Parport - ok
22:44:25.0814 0884  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:44:25.0830 0884  partmgr - ok
22:44:25.0830 0884  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:44:25.0846 0884  PcaSvc - ok
22:44:25.0846 0884  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:44:25.0846 0884  pci - ok
22:44:25.0861 0884  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:44:25.0861 0884  pciide - ok
22:44:25.0861 0884  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:44:25.0877 0884  pcmcia - ok
22:44:25.0877 0884  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:44:25.0877 0884  pcw - ok
22:44:25.0892 0884  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:44:25.0908 0884  PEAUTH - ok
22:44:25.0924 0884  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:44:25.0939 0884  PerfHost - ok
22:44:25.0955 0884  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:44:25.0986 0884  pla - ok
22:44:25.0986 0884  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:44:26.0002 0884  PlugPlay - ok
22:44:26.0002 0884  PnkBstrA - ok
22:44:26.0002 0884  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:44:26.0017 0884  PNRPAutoReg - ok
22:44:26.0017 0884  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:44:26.0033 0884  PNRPsvc - ok
22:44:26.0033 0884  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:44:26.0064 0884  PolicyAgent - ok
22:44:26.0064 0884  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:44:26.0080 0884  Power - ok
22:44:26.0080 0884  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:44:26.0111 0884  PptpMiniport - ok
22:44:26.0111 0884  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:44:26.0111 0884  Processor - ok
22:44:26.0111 0884  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:44:26.0126 0884  ProfSvc - ok
22:44:26.0126 0884  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:44:26.0142 0884  ProtectedStorage - ok
22:44:26.0142 0884  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:44:26.0158 0884  Psched - ok
22:44:26.0173 0884  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:44:26.0204 0884  ql2300 - ok
22:44:26.0204 0884  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:44:26.0204 0884  ql40xx - ok
22:44:26.0204 0884  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:44:26.0220 0884  QWAVE - ok
22:44:26.0220 0884  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:44:26.0236 0884  QWAVEdrv - ok
22:44:26.0236 0884  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:44:26.0251 0884  RasAcd - ok
22:44:26.0267 0884  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:26.0282 0884  RasAgileVpn - ok
22:44:26.0282 0884  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:44:26.0298 0884  RasAuto - ok
22:44:26.0314 0884  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:26.0329 0884  Rasl2tp - ok
22:44:26.0329 0884  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:44:26.0360 0884  RasMan - ok
22:44:26.0360 0884  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:26.0376 0884  RasPppoe - ok
22:44:26.0376 0884  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:44:26.0407 0884  RasSstp - ok
22:44:26.0407 0884  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:44:26.0423 0884  rdbss - ok
22:44:26.0423 0884  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:44:26.0438 0884  rdpbus - ok
22:44:26.0438 0884  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:26.0454 0884  RDPCDD - ok
22:44:26.0454 0884  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:44:26.0485 0884  RDPENCDD - ok
22:44:26.0485 0884  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:44:26.0501 0884  RDPREFMP - ok
22:44:26.0501 0884  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:44:26.0516 0884  RDPWD - ok
22:44:26.0516 0884  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:44:26.0532 0884  rdyboost - ok
22:44:26.0532 0884  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:44:26.0548 0884  RemoteAccess - ok
22:44:26.0548 0884  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:44:26.0579 0884  RemoteRegistry - ok
22:44:26.0579 0884  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:44:26.0594 0884  RpcEptMapper - ok
22:44:26.0594 0884  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:44:26.0610 0884  RpcLocator - ok
22:44:26.0610 0884  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:44:26.0641 0884  RpcSs - ok
22:44:26.0641 0884  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:44:26.0657 0884  rspndr - ok
22:44:26.0672 0884  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:44:26.0672 0884  RTL8167 - ok
22:44:26.0672 0884  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:44:26.0688 0884  SamSs - ok
22:44:26.0688 0884  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
22:44:26.0688 0884  sbp2port - ok
22:44:26.0704 0884  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:44:26.0719 0884  SCardSvr - ok
22:44:26.0719 0884  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:44:26.0735 0884  scfilter - ok
22:44:26.0750 0884  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:44:26.0782 0884  Schedule - ok
22:44:26.0782 0884  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:44:26.0797 0884  SCPolicySvc - ok
22:44:26.0813 0884  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:44:26.0813 0884  SDRSVC - ok
22:44:26.0813 0884  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:44:26.0844 0884  secdrv - ok
22:44:26.0844 0884  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:44:26.0860 0884  seclogon - ok
22:44:26.0860 0884  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:44:26.0875 0884  SENS - ok
22:44:26.0891 0884  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:44:26.0891 0884  SensrSvc - ok
22:44:26.0891 0884  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:44:26.0906 0884  Serenum - ok
22:44:26.0906 0884  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:44:26.0906 0884  Serial - ok
22:44:26.0906 0884  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:44:26.0922 0884  sermouse - ok
22:44:26.0922 0884  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:44:26.0938 0884  SessionEnv - ok
22:44:26.0953 0884  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:44:26.0953 0884  sffdisk - ok
22:44:26.0953 0884  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:44:26.0969 0884  sffp_mmc - ok
22:44:26.0969 0884  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:44:26.0969 0884  sffp_sd - ok
22:44:26.0984 0884  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:44:26.0984 0884  sfloppy - ok
22:44:26.0984 0884  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:44:27.0016 0884  SharedAccess - ok
22:44:27.0016 0884  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:44:27.0047 0884  ShellHWDetection - ok
22:44:27.0047 0884  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:44:27.0047 0884  SiSRaid2 - ok
22:44:27.0047 0884  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:44:27.0062 0884  SiSRaid4 - ok
22:44:27.0062 0884  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:44:27.0062 0884  SkypeUpdate - ok
22:44:27.0062 0884  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:44:27.0094 0884  Smb - ok
22:44:27.0094 0884  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:44:27.0094 0884  SNMPTRAP - ok
22:44:27.0109 0884  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:44:27.0109 0884  spldr - ok
22:44:27.0109 0884  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:44:27.0125 0884  Spooler - ok
22:44:27.0172 0884  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:44:27.0203 0884  sppsvc - ok
22:44:27.0203 0884  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:44:27.0234 0884  sppuinotify - ok
22:44:27.0234 0884  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:44:27.0250 0884  srv - ok
22:44:27.0250 0884  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:44:27.0265 0884  srv2 - ok
22:44:27.0265 0884  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:44:27.0265 0884  srvnet - ok
22:44:27.0281 0884  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:44:27.0296 0884  SSDPSRV - ok
22:44:27.0296 0884  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:44:27.0312 0884  SstpSvc - ok
22:44:27.0328 0884  Steam Client Service - ok
22:44:27.0328 0884  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:44:27.0328 0884  stexstor - ok
22:44:27.0343 0884  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:44:27.0343 0884  stisvc - ok
22:44:27.0359 0884  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:44:27.0359 0884  swenum - ok
22:44:27.0359 0884  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:44:27.0390 0884  swprv - ok
22:44:27.0406 0884  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:44:27.0437 0884  SysMain - ok
22:44:27.0437 0884  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:44:27.0437 0884  TabletInputService - ok
22:44:27.0452 0884  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:44:27.0468 0884  TapiSrv - ok
22:44:27.0468 0884  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:44:27.0499 0884  TBS - ok
22:44:27.0546 0884  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:44:27.0577 0884  Tcpip - ok
22:44:27.0593 0884  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:44:27.0608 0884  TCPIP6 - ok
22:44:27.0624 0884  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:44:27.0624 0884  tcpipreg - ok
22:44:27.0624 0884  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:44:27.0640 0884  TDPIPE - ok
22:44:27.0640 0884  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:44:27.0640 0884  TDTCP - ok
22:44:27.0640 0884  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:44:27.0655 0884  tdx - ok
22:44:27.0671 0884  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:44:27.0671 0884  TermDD - ok
22:44:27.0686 0884  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:44:27.0702 0884  TermService - ok
22:44:27.0702 0884  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:44:27.0718 0884  Themes - ok
22:44:27.0718 0884  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:44:27.0733 0884  THREADORDER - ok
22:44:27.0749 0884  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:44:27.0764 0884  TrkWks - ok
22:44:27.0764 0884  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:44:27.0780 0884  TrustedInstaller - ok
22:44:27.0796 0884  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:27.0811 0884  tssecsrv - ok
22:44:27.0811 0884  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:44:27.0827 0884  TsUsbFlt - ok
22:44:27.0827 0884  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:44:27.0827 0884  TsUsbGD - ok
22:44:27.0827 0884  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:44:27.0858 0884  tunnel - ok
22:44:27.0858 0884  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:44:27.0858 0884  uagp35 - ok
22:44:27.0858 0884  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:44:27.0889 0884  udfs - ok
22:44:27.0889 0884  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:44:27.0905 0884  UI0Detect - ok
22:44:27.0905 0884  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:44:27.0905 0884  uliagpkx - ok
22:44:27.0905 0884  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:44:27.0920 0884  umbus - ok
22:44:27.0920 0884  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:44:27.0920 0884  UmPass - ok
22:44:27.0936 0884  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:44:27.0952 0884  upnphost - ok
22:44:27.0952 0884  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:44:27.0967 0884  USBAAPL64 - ok
22:44:27.0967 0884  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:27.0967 0884  usbccgp - ok
22:44:27.0967 0884  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:44:27.0983 0884  usbcir - ok
22:44:27.0983 0884  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:44:27.0983 0884  usbehci - ok
22:44:27.0998 0884  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:44:27.0998 0884  usbhub - ok
22:44:27.0998 0884  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:44:28.0014 0884  usbohci - ok
22:44:28.0014 0884  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:44:28.0030 0884  usbprint - ok
22:44:28.0030 0884  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:28.0030 0884  USBSTOR - ok
22:44:28.0030 0884  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:44:28.0045 0884  usbuhci - ok
22:44:28.0045 0884  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:44:28.0061 0884  UxSms - ok
22:44:28.0061 0884  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:44:28.0076 0884  VaultSvc - ok
22:44:28.0076 0884  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
22:44:28.0076 0884  VClone - ok
22:44:28.0076 0884  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:44:28.0092 0884  vdrvroot - ok
22:44:28.0092 0884  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:44:28.0123 0884  vds - ok
22:44:28.0123 0884  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:28.0123 0884  vga - ok
22:44:28.0123 0884  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:44:28.0154 0884  VgaSave - ok
22:44:28.0154 0884  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:44:28.0154 0884  vhdmp - ok
22:44:28.0170 0884  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:44:28.0170 0884  viaide - ok
22:44:28.0170 0884  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:44:28.0170 0884  volmgr - ok
22:44:28.0186 0884  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:44:28.0186 0884  volmgrx - ok
22:44:28.0201 0884  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:44:28.0201 0884  volsnap - ok
22:44:28.0201 0884  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:44:28.0217 0884  vsmraid - ok
22:44:28.0232 0884  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:44:28.0264 0884  VSS - ok
22:44:28.0264 0884  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:44:28.0279 0884  vwifibus - ok
22:44:28.0279 0884  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:44:28.0310 0884  W32Time - ok
22:44:28.0310 0884  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:44:28.0310 0884  WacomPen - ok
22:44:28.0310 0884  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:44:28.0342 0884  WANARP - ok
22:44:28.0342 0884  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:44:28.0357 0884  Wanarpv6 - ok
22:44:28.0373 0884  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:44:28.0388 0884  WatAdminSvc - ok
22:44:28.0420 0884  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:44:28.0435 0884  wbengine - ok
22:44:28.0451 0884  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:44:28.0451 0884  WbioSrvc - ok
22:44:28.0466 0884  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:44:28.0482 0884  wcncsvc - ok
22:44:28.0482 0884  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:44:28.0482 0884  WcsPlugInService - ok
22:44:28.0482 0884  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:44:28.0498 0884  Wd - ok
22:44:28.0498 0884  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:44:28.0513 0884  Wdf01000 - ok
22:44:28.0513 0884  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:44:28.0544 0884  WdiServiceHost - ok
22:44:28.0544 0884  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:44:28.0560 0884  WdiSystemHost - ok
22:44:28.0560 0884  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:44:28.0576 0884  WebClient - ok
22:44:28.0576 0884  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:44:28.0607 0884  Wecsvc - ok
22:44:28.0607 0884  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:44:28.0622 0884  wercplsupport - ok
22:44:28.0622 0884  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:44:28.0654 0884  WerSvc - ok
22:44:28.0654 0884  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:28.0669 0884  WfpLwf - ok
22:44:28.0669 0884  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:44:28.0669 0884  WIMMount - ok
22:44:28.0685 0884  WinDefend - ok
22:44:28.0685 0884  WinHttpAutoProxySvc - ok
22:44:28.0685 0884  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:44:28.0716 0884  Winmgmt - ok
22:44:28.0732 0884  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:44:28.0763 0884  WinRM - ok
22:44:28.0778 0884  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:28.0778 0884  WinUsb - ok
22:44:28.0794 0884  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:44:28.0810 0884  Wlansvc - ok
22:44:28.0841 0884  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:44:28.0872 0884  wlidsvc - ok
22:44:28.0872 0884  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:44:28.0888 0884  WmiAcpi - ok
22:44:28.0888 0884  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:44:28.0888 0884  wmiApSrv - ok
22:44:28.0903 0884  WMPNetworkSvc - ok
22:44:28.0903 0884  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:44:28.0903 0884  WPCSvc - ok
22:44:28.0903 0884  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:44:28.0919 0884  WPDBusEnum - ok
22:44:28.0919 0884  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:44:28.0934 0884  ws2ifsl - ok
22:44:28.0950 0884  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:44:28.0950 0884  wscsvc - ok
22:44:28.0950 0884  WSearch - ok
22:44:28.0981 0884  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:44:29.0012 0884  wuauserv - ok
22:44:29.0012 0884  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:44:29.0028 0884  WudfPf - ok
22:44:29.0028 0884  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:29.0028 0884  WUDFRd - ok
22:44:29.0044 0884  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:44:29.0044 0884  wudfsvc - ok
22:44:29.0044 0884  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:44:29.0059 0884  WwanSvc - ok
22:44:29.0059 0884  ================ Scan global ===============================
22:44:29.0059 0884  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:44:29.0075 0884  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:44:29.0075 0884  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:44:29.0075 0884  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:44:29.0075 0884  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:44:29.0090 0884  [Global] - ok
22:44:29.0090 0884  ================ Scan MBR ==================================
22:44:29.0090 0884  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:44:29.0200 0884  \Device\Harddisk1\DR1 - ok
22:44:29.0200 0884  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:44:29.0278 0884  \Device\Harddisk0\DR0 - ok
22:44:29.0278 0884  ================ Scan VBR ==================================
22:44:29.0278 0884  [ 32BFE29FE028424C0B5BBBD06C94D644 ] \Device\Harddisk1\DR1\Partition1
22:44:29.0278 0884  \Device\Harddisk1\DR1\Partition1 - ok
22:44:29.0278 0884  [ 4BC89DB666DECE97EF1A0D76A81ADDF6 ] \Device\Harddisk0\DR0\Partition1
22:44:29.0278 0884  \Device\Harddisk0\DR0\Partition1 - ok
22:44:29.0278 0884  [ 8BDEE757B91430DE909C736D290A3067 ] \Device\Harddisk0\DR0\Partition2
22:44:29.0278 0884  \Device\Harddisk0\DR0\Partition2 - ok
22:44:29.0278 0884  ============================================================
22:44:29.0278 0884  Scan finished
22:44:29.0278 0884  ============================================================
22:44:29.0293 3716  Detected object count: 0
22:44:29.0293 3716  Actual detected object count: 0
22:48:59.0105 4324  Deinitialize success


Alt 10.03.2013, 16:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Die Anleitungen bitte richtig lesen, du hast das falsche Log von MBAR gepostet
__________________
--> C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7

Alt 12.03.2013, 13:52   #7
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


sorry
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.09.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

09.03.2013 22:22:58
mbar-log-2013-03-09 (22-22-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28781
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 12.03.2013, 17:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2013, 19:03   #9
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Code:
ATTFilter
ComboFix 13-03-11.01 - user 12.03.2013  18:58:39.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8172.6572 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-12 bis 2013-03-12  ))))))))))))))))))))))))))))))
.
.
2013-03-12 18:00 . 2013-03-12 18:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-12 12:23 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A652D8F7-834A-414A-8354-4F93CD7EC9B4}\mpengine.dll
2013-03-09 21:18 . 2013-03-09 21:18	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-13 21:31 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:31 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:38 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 17:38 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 17:38 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 17:38 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 17:38 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 17:38 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 17:38 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 17:38 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 17:38 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 17:38 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:38 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:38 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 21:31 . 2011-07-21 16:44	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 17:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-17 10:39 . 2013-01-04 17:50	160784	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2012-12-16 17:11 . 2012-12-22 21:16	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 21:16	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 21:16	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 21:16	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\steam\steam.exe" [2013-02-25 1602984]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2013-02-26 3939840]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-01-26 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-01-25 303104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Free Music Zilla.lnk - c:\program files (x86)\Free Music Zilla\FMZilla.exe [2012-8-10 737048]
tofilali.js [2011-12-14 2811]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-12-17 160784]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-12-17 678416]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461560623-2855514712-4016081571-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 09:31]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3461560623-2855514712-4016081571-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 09:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.freemusiczilla.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f90id590.default\
FF - prefs.js: browser.startup.homepage - hxxp://fmz.qiwa.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={7142F855-206A-11E2-BAB0-6C626D3B678A}&src=2&crg=3.1010000.10025&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-12  19:01:49
ComboFix-quarantined-files.txt  2013-03-12 18:01
.
Vor Suchlauf: 4.388.089.856 Bytes frei
Nach Suchlauf: 4.311.678.976 Bytes frei
.
- - End Of File - - 171EC269599545728BB7A4B13BC6A5AF

Alt 12.03.2013, 23:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.03.2013, 11:59   #11
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on 13.03.2013 at 11:40:15,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3461560623-2855514712-4016081571-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35c-6118-11dc-9c72-001320c79847}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 11:43:51,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 13/03/2013 um 11:45:37 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

*************************

AdwCleaner[S1].txt - [3422 octets] - [13/03/2013 11:45:37]

########## EOF - C:\AdwCleaner[S1].txt - [3482 octets] ##########
Code:
ATTFilter
OTL logfile created on: 13.03.2013 11:49:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,38% Memory free
15,96 Gb Paging File | 13,82 Gb Available in Paging File | 86,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 4,01 Gb Free Space | 6,73% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 649,87 Gb Free Space | 69,76% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\steam\steam.exe (Valve Corporation)
PRC - C:\Programme\EslWire\inGame32.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Free Music Zilla\FMZilla.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI CO.,LTD.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll ()
MOD - C:\steam\bin\chromehtml.dll ()
MOD - C:\steam\bin\libcef.dll ()
MOD - C:\Programme\EslWire\NocIPC32.dll ()
MOD - C:\steam\sdl.dll ()
MOD - C:\Programme\EslWire\inGame32.exe ()
MOD - C:\Programme\EslWire\inGame32.dll ()
MOD - C:\steam\bin\avcodec-53.dll ()
MOD - C:\steam\bin\avformat-53.dll ()
MOD - C:\steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Free Music Zilla\FMZilla.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (EslWireHelper) -- C:\Programme\EslWire\service\WireHelperSvc.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\DL
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 EE 51 BB 1B 9C CC 01  [binary data]
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes\{98AD37DE-7761-40FC-B4DD-0F4E52389354}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=f8f8ff35-cb14-47d8-857e-57be66e449f5&apn_sauid=3F8BA73B-5F3B-499F-947F-DCC0E0289E8D
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://fmz.qiwa.com"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={7142F855-206A-11E2-BAB0-6C626D3B678A}&src=2&crg=3.1010000.10025&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Mozilla\components [2013.03.09 09:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Mozilla\plugins
 
[2011.07.22 19:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.03.09 09:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f90id590.default\extensions
[2013.03.09 09:40:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f90id590.default\extensions\ich@maltegoetz.de
[2012.12.01 22:25:14 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.01.10 19:02:01 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.12.14 15:47:54 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\askcom.xml
[2012.10.27 20:13:55 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\sweetim.xml
 
O1 HOSTS File: ([2013.03.12 18:47:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [Steam] C:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tofilali.js ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6D07E96-B938-4D6E-A142-55E3DCFC1ED3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 11:40:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 11:40:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 11:37:34 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013.03.13 11:14:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.12 19:01:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.12 18:57:15 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.03.12 18:44:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.12 18:44:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.12 18:44:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.12 18:44:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.12 18:44:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.09 22:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 22:17:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013.03.09 22:17:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013.03.09 22:13:07 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013.03.06 22:07:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.02.13 22:30:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 22:30:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 22:30:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 22:30:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 22:30:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 22:30:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 22:30:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 22:30:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 22:30:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 22:30:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 22:30:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 22:30:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 22:30:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 22:30:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 22:30:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 18:38:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 18:38:58 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 18:38:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 18:38:56 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 18:38:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 18:38:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 18:38:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 18:38:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 18:38:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 18:38:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 11:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 11:46:10 | 2132,135,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 11:35:24 | 000,597,667 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.03.13 11:35:03 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013.03.13 11:24:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461560623-2855514712-4016081571-1000UA.job
[2013.03.13 11:20:43 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 11:20:43 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 11:18:18 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.13 11:18:18 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.13 11:18:18 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.13 11:18:18 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.13 11:18:18 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.12 18:56:40 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.03.12 18:47:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.12 18:38:34 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461560623-2855514712-4016081571-1000Core.job
[2013.03.09 22:36:23 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013.03.09 22:16:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013.03.09 22:15:39 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013.03.09 20:27:05 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.07 19:59:33 | 000,401,636 | ---- | M] () -- C:\Users\user\Desktop\laCie.jpg
[2013.03.06 22:06:46 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\gmer_2.1.19155.exe
[2013.03.06 22:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.03.06 22:02:54 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable
[2013.03.06 21:58:49 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe
[2013.03.06 21:07:37 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2013.03.06 21:01:42 | 000,372,371 | ---- | M] () -- C:\Users\user\Desktop\Unbenannt.jpg
[2013.03.06 17:57:17 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013.02.14 07:42:13 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.13 11:37:37 | 000,597,667 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.03.12 18:44:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.12 18:44:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.12 18:44:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.12 18:44:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.12 18:44:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.09 22:36:23 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013.03.07 19:59:33 | 000,401,636 | ---- | C] () -- C:\Users\user\Desktop\laCie.jpg
[2013.03.06 22:07:55 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\gmer_2.1.19155.exe
[2013.03.06 22:02:54 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable
[2013.03.06 21:59:07 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe
[2013.03.06 21:01:42 | 000,372,371 | ---- | C] () -- C:\Users\user\Desktop\Unbenannt.jpg
[2012.08.03 20:15:04 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.14 03:57:20 | 076,004,920 | -H-- | C] () -- C:\ProgramData\muhosemialld.dat
[2011.10.27 21:20:27 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.27 21:20:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.08 17:28:41 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.10 20:40:14 | 000,002,085 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2011.07.21 18:34:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2013 11:49:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,38% Memory free
15,96 Gb Paging File | 13,82 Gb Available in Paging File | 86,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 4,01 Gb Free Space | 6,73% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 649,87 Gb Free Space | 69,76% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C5649D-FABA-40D6-B7E7-3F10FF3B20E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{094D236C-DF85-4C98-9B5C-619A002903B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{227166C2-81F3-471C-8C81-8478B800EA40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47549F49-6801-43F0-B663-75DCFCD22D93}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4BEE34BC-53E5-4ABF-832B-6776AA1409B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DD3C9CE-A004-4655-B961-21D9060B499C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{61C4CE10-FC57-4935-95E8-3AF6100D9898}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6A40AF05-12A1-4A87-94AA-98FC6134C030}" = lport=138 | protocol=17 | dir=in | app=system | 
"{71744552-D369-4D44-A4B2-9C46B7B6AC4C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7185106E-A00F-497D-A5E5-4425D9FBF3C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AFBFCA8-FB0E-4A45-A556-B1608CA43D15}" = rport=445 | protocol=6 | dir=out | app=system | 
"{857DC574-AC8F-40E2-AF32-7E3FEC3DAF2F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B1890A5B-7EDE-48B0-BCC4-110ACA65664A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4D5D5DC-30DF-4D00-8CDF-EEC5EA93776B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B7E0BBA6-D7FB-4EDC-8D9E-EFFAF7FE3464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BE8361F0-3037-4F06-8809-2E4A42430A6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC007A67-F941-40B1-965D-2EA7E2978812}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC5AA658-8DD3-4B39-8A76-9A9B9D181C6D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DD9A9B18-5B05-40B9-BC30-2670E37D303B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E16322E2-4F19-4A8F-85F3-B19E8DA810D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF171076-6B2D-4B5B-A34B-42DE4211D91B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E48461-A5B3-49A4-83D7-FC1A6F7D64F5}" = protocol=1 | dir=in | name=hlsw icmp | 
"{0BD6CFDE-B594-4891-843B-7887E30DBF86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0E122390-AFF9-4C59-A0D7-A76C7213E3BB}" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{102DF4C9-9005-4D2B-BE23-6504C71A7157}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{118FFF8B-0497-4D54-8F1C-78F3716C5BD6}" = protocol=6 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"{11D664C6-ED24-40EE-BD90-F8BC7ED40EF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A747844-4E47-41A3-B6E2-A132BEDDC8C6}" = protocol=6 | dir=in | app=c:\steam\steam.exe | 
"{1FEBDE1E-F023-411F-B229-A869F62779AB}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{20309A45-4D76-4249-897D-D45BF1139554}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{23FA3719-7E81-4B56-8456-CF25A2AFCEDA}" = protocol=6 | dir=in | app=c:\steam\steamapps\nox3\counter-strike\hl.exe | 
"{25B0CD98-302A-4BFC-B710-A22FD97F8C24}" = protocol=17 | dir=in | app=c:\steam\steamapps\prativ\counter-strike\hl.exe | 
"{2C637DB1-CFB5-4001-B537-9EC85E028ACC}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{2F13CC68-D4F2-4731-A982-D30E4F0B9C5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FA42B76-113D-48E7-8757-57FC0123B230}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2FC5847E-A055-48EB-B791-CF6BB90115EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3075A1AF-8262-4165-AC32-BF31A4FBB18D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30E81D72-E1FD-40F2-BFE6-D9B0D0508D8B}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"{35F60346-7EB9-465A-AA25-0A72F0A0C0DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{3666583F-6F41-4086-A3C0-95EFB97C926F}" = protocol=6 | dir=out | app=system | 
"{378EA4D5-0870-49D4-8225-EF97A36B4D6E}" = protocol=17 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"{3B24C12C-5906-4F23-BB6E-3AB38A5D9216}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"{448CD962-3E32-4E86-A792-7EF0041B8417}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{45075E66-21A3-4BF4-8C53-BEC672042F83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{45CC18ED-DAE8-4488-ACE2-5A258CD08EC4}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{4AAEB6DF-3D17-4617-9417-56E0D540E99A}" = protocol=6 | dir=in | app=c:\steam\steamapps\prativ\counter-strike\hl.exe | 
"{4C338C02-4E56-4479-8EA3-0A1A8A1CF5DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4D522BB5-19EB-49CA-8205-8A1FA51BA0D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4DCEE503-3226-4AF0-B176-9646496FF1B8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm | 
"{4E46B0C2-038E-4027-A6F3-4CF40C3A8FF8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{4F3FF4B7-8491-4979-B1EE-B897A3BFA687}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{52B8EACA-EE14-4113-95BE-30CA287C1C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{56C23436-36F3-401C-AF68-166E764E6EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{5725DF86-CE28-4F9A-AB38-6D1618A653BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{573452ED-6F8E-432D-BD64-CDDD807FFDFC}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"{575C6335-3ECA-424C-BE38-BDEA00D8FB35}" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{57FC0CE9-9F2E-4268-BD64-554501E814EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{59AB78F6-5D45-4FB8-99EF-7B61ECA12C9F}" = protocol=17 | dir=in | app=c:\steam\steamapps\nox3\counter-strike\hl.exe | 
"{5AE714E3-956E-412D-ACDF-0599E39100A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5E73289E-0482-45E2-A892-FEDF79852917}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EFBDDCA-54C5-43D0-8E38-0A77A8A8E575}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{646A039C-0322-4E6E-B7EB-16BFDA1F0391}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{6F36D641-7F8F-4CD9-9A25-5BC3F2CA6547}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{705FA245-7B13-4663-877B-A90E5C1371B7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{78119CF2-3E82-4324-A0BE-640E25B1F07B}" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{8BAD8AE1-F3CC-4E17-8645-93272549A394}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{8D0BAB79-31B6-4B54-A47C-2353C40AC4DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E090271-B904-4B97-BD8F-85809F431AFC}" = dir=in | app=e:\itunes\itunes.exe | 
"{974E1D40-7478-4151-B2C2-13DB4B4F4D6B}" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{9959E7DA-EC9A-48A0-88B6-7627104BDBEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1BB5412-F6BA-4260-9CFF-B899DC6155B1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{A5E88469-4C87-4A0F-A73D-6BA5A683DF2A}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{A87A79D4-BDBB-4065-82ED-42480EBBDD1D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA75D765-834B-40BB-9DE9-86D4E8DCB6A0}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm | 
"{ADCA07DB-5331-4BC2-A833-112F26E41763}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B548F7CB-5DF2-456A-9FEA-01C2DED7FBBB}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\crysis 2\bin32\crysis2.exe | 
"{B6F9DD32-3CE3-4455-97F0-ADF51E6098DE}" = protocol=17 | dir=in | app=c:\steam\steam.exe | 
"{BE529A24-A202-479E-AE64-EBA9087DC749}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"{C0F0B369-2724-47D2-A14A-875868A04C25}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C49A4458-5D94-4244-9057-3CB72A17D149}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CDBDBF45-A727-455F-BFEC-7D209CCC3046}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D1F60688-9563-41BA-BE27-C104DC9E1FBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D55730F6-471C-447A-BADF-D0891D61F3A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E721436F-3DA1-4699-BD78-1E1F9F73DC33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E827F4C8-218F-459E-84A8-4DDF78E34EEE}" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{E936D208-EAD8-49AF-8F31-F0F2C0D54010}" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{EF85F90A-370F-4EB0-A415-855CD9B920BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F1FC724C-9219-419F-988B-E49C14421240}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F6DBFC80-A040-4E04-9641-16F5DA599574}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FC71F155-A177-4BF1-9FA5-46F3473837DA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\crysis 2\bin32\crysis2.exe | 
"TCP Query User{05C38445-CA7B-48F1-AFC9-76399FEF820D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{24B10694-337B-47BD-B84B-98793D714BE2}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"TCP Query User{BCFE493D-C774-4A33-A2FC-777BCDA9F5DD}E:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{E55F33B1-9092-4A8C-99FD-71051EDE1026}C:\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{E8560543-24EC-4EFE-952F-3F33884D6C2D}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{196DCE5D-A9D5-42FF-9EC5-C93668269915}E:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{41CF767C-CDF8-4FB8-94E5-6FD1BD76F71B}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{4F97788E-5D09-4FF5-AF27-F2BE51EFEADE}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{5524F624-E402-46F6-A565-6A9298D9B961}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{69307572-409A-4C44-8EF1-3326FC70EB9D}C:\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A01AF425-8AF4-821B-3981-F608519CB1D2}" = AMD Drag and Drop Transcoding
"{B2F6D87D-69E1-9FD2-4DD0-FB36124AA0E3}" = ATI AVIVO64 Codecs
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.15.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CA4A06DE-33A9-B191-D115-8CF214945154}" = HydraVision
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.3" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Music Zilla_is1" = Free Music Zilla
"HLSW_is1" = HLSW v1.4.0.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 99830" = Crysis 2
"Super-Charger_is1" = Super-Charger
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2013 06:48:05 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >

Alt 13.03.2013, 12:01   #12
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on 13.03.2013 at 11:40:15,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3461560623-2855514712-4016081571-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{eee6c35c-6118-11dc-9c72-001320c79847}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 11:43:51,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 13/03/2013 um 11:45:37 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

*************************

AdwCleaner[S1].txt - [3422 octets] - [13/03/2013 11:45:37]

########## EOF - C:\AdwCleaner[S1].txt - [3482 octets] ##########
Code:
ATTFilter
OTL logfile created on: 13.03.2013 11:49:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,38% Memory free
15,96 Gb Paging File | 13,82 Gb Available in Paging File | 86,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 4,01 Gb Free Space | 6,73% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 649,87 Gb Free Space | 69,76% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\steam\steam.exe (Valve Corporation)
PRC - C:\Programme\EslWire\inGame32.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Free Music Zilla\FMZilla.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI CO.,LTD.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll ()
MOD - C:\Users\user\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll ()
MOD - C:\steam\bin\chromehtml.dll ()
MOD - C:\steam\bin\libcef.dll ()
MOD - C:\Programme\EslWire\NocIPC32.dll ()
MOD - C:\steam\sdl.dll ()
MOD - C:\Programme\EslWire\inGame32.exe ()
MOD - C:\Programme\EslWire\inGame32.dll ()
MOD - C:\steam\bin\avcodec-53.dll ()
MOD - C:\steam\bin\avformat-53.dll ()
MOD - C:\steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Free Music Zilla\FMZilla.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (EslWireHelper) -- C:\Programme\EslWire\service\WireHelperSvc.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\DL
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 EE 51 BB 1B 9C CC 01  [binary data]
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes\{98AD37DE-7761-40FC-B4DD-0F4E52389354}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=f8f8ff35-cb14-47d8-857e-57be66e449f5&apn_sauid=3F8BA73B-5F3B-499F-947F-DCC0E0289E8D
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://fmz.qiwa.com"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={7142F855-206A-11E2-BAB0-6C626D3B678A}&src=2&crg=3.1010000.10025&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Mozilla\components [2013.03.09 09:40:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Mozilla\plugins
 
[2011.07.22 19:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.03.09 09:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f90id590.default\extensions
[2013.03.09 09:40:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\f90id590.default\extensions\ich@maltegoetz.de
[2012.12.01 22:25:14 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.01.10 19:02:01 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.12.14 15:47:54 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\askcom.xml
[2012.10.27 20:13:55 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\sweetim.xml
 
O1 HOSTS File: ([2013.03.12 18:47:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe (TODO: <Company name>)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000..\Run: [Steam] C:\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tofilali.js ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6D07E96-B938-4D6E-A142-55E3DCFC1ED3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 11:40:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 11:40:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 11:37:34 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013.03.13 11:14:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.12 19:01:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.12 18:57:15 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.03.12 18:44:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.12 18:44:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.12 18:44:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.12 18:44:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.12 18:44:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.09 22:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 22:17:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013.03.09 22:17:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013.03.09 22:13:07 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013.03.06 22:07:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.02.13 22:30:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 22:30:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 22:30:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 22:30:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 22:30:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 22:30:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 22:30:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 22:30:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 22:30:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 22:30:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 22:30:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 22:30:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 22:30:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 22:30:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 22:30:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 18:38:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 18:38:58 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 18:38:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 18:38:56 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 18:38:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 18:38:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 18:38:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 18:38:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 18:38:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 18:38:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 11:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 11:46:10 | 2132,135,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 11:35:24 | 000,597,667 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.03.13 11:35:03 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013.03.13 11:24:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461560623-2855514712-4016081571-1000UA.job
[2013.03.13 11:20:43 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 11:20:43 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 11:18:18 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.13 11:18:18 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.13 11:18:18 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.13 11:18:18 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.13 11:18:18 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.12 18:56:40 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.03.12 18:47:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.12 18:38:34 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3461560623-2855514712-4016081571-1000Core.job
[2013.03.09 22:36:23 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013.03.09 22:16:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2013.03.09 22:15:39 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013.03.09 20:27:05 | 000,089,048 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.07 19:59:33 | 000,401,636 | ---- | M] () -- C:\Users\user\Desktop\laCie.jpg
[2013.03.06 22:06:46 | 000,377,856 | ---- | M] () -- C:\Users\user\Desktop\gmer_2.1.19155.exe
[2013.03.06 22:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013.03.06 22:02:54 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable
[2013.03.06 21:58:49 | 000,050,477 | ---- | M] () -- C:\Users\user\Desktop\Defogger.exe
[2013.03.06 21:07:37 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2013.03.06 21:01:42 | 000,372,371 | ---- | M] () -- C:\Users\user\Desktop\Unbenannt.jpg
[2013.03.06 17:57:17 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013.02.14 07:42:13 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.13 11:37:37 | 000,597,667 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013.03.12 18:44:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.12 18:44:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.12 18:44:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.12 18:44:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.12 18:44:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.09 22:36:23 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013.03.07 19:59:33 | 000,401,636 | ---- | C] () -- C:\Users\user\Desktop\laCie.jpg
[2013.03.06 22:07:55 | 000,377,856 | ---- | C] () -- C:\Users\user\Desktop\gmer_2.1.19155.exe
[2013.03.06 22:02:54 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable
[2013.03.06 21:59:07 | 000,050,477 | ---- | C] () -- C:\Users\user\Desktop\Defogger.exe
[2013.03.06 21:01:42 | 000,372,371 | ---- | C] () -- C:\Users\user\Desktop\Unbenannt.jpg
[2012.08.03 20:15:04 | 000,089,048 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.14 03:57:20 | 076,004,920 | -H-- | C] () -- C:\ProgramData\muhosemialld.dat
[2011.10.27 21:20:27 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.27 21:20:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.08 17:28:41 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.10 20:40:14 | 000,002,085 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2011.07.21 18:34:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2013 11:49:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,38% Memory free
15,96 Gb Paging File | 13,82 Gb Available in Paging File | 86,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 4,01 Gb Free Space | 6,73% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 649,87 Gb Free Space | 69,76% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\7A94668CDF9DA337653456\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C5649D-FABA-40D6-B7E7-3F10FF3B20E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{094D236C-DF85-4C98-9B5C-619A002903B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{227166C2-81F3-471C-8C81-8478B800EA40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47549F49-6801-43F0-B663-75DCFCD22D93}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4BEE34BC-53E5-4ABF-832B-6776AA1409B9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DD3C9CE-A004-4655-B961-21D9060B499C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{61C4CE10-FC57-4935-95E8-3AF6100D9898}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6A40AF05-12A1-4A87-94AA-98FC6134C030}" = lport=138 | protocol=17 | dir=in | app=system | 
"{71744552-D369-4D44-A4B2-9C46B7B6AC4C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7185106E-A00F-497D-A5E5-4425D9FBF3C1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7AFBFCA8-FB0E-4A45-A556-B1608CA43D15}" = rport=445 | protocol=6 | dir=out | app=system | 
"{857DC574-AC8F-40E2-AF32-7E3FEC3DAF2F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B1890A5B-7EDE-48B0-BCC4-110ACA65664A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4D5D5DC-30DF-4D00-8CDF-EEC5EA93776B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B7E0BBA6-D7FB-4EDC-8D9E-EFFAF7FE3464}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BE8361F0-3037-4F06-8809-2E4A42430A6A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC007A67-F941-40B1-965D-2EA7E2978812}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC5AA658-8DD3-4B39-8A76-9A9B9D181C6D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DD9A9B18-5B05-40B9-BC30-2670E37D303B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E16322E2-4F19-4A8F-85F3-B19E8DA810D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FF171076-6B2D-4B5B-A34B-42DE4211D91B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E48461-A5B3-49A4-83D7-FC1A6F7D64F5}" = protocol=1 | dir=in | name=hlsw icmp | 
"{0BD6CFDE-B594-4891-843B-7887E30DBF86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0E122390-AFF9-4C59-A0D7-A76C7213E3BB}" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{102DF4C9-9005-4D2B-BE23-6504C71A7157}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{118FFF8B-0497-4D54-8F1C-78F3716C5BD6}" = protocol=6 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"{11D664C6-ED24-40EE-BD90-F8BC7ED40EF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A747844-4E47-41A3-B6E2-A132BEDDC8C6}" = protocol=6 | dir=in | app=c:\steam\steam.exe | 
"{1FEBDE1E-F023-411F-B229-A869F62779AB}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{20309A45-4D76-4249-897D-D45BF1139554}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{23FA3719-7E81-4B56-8456-CF25A2AFCEDA}" = protocol=6 | dir=in | app=c:\steam\steamapps\nox3\counter-strike\hl.exe | 
"{25B0CD98-302A-4BFC-B710-A22FD97F8C24}" = protocol=17 | dir=in | app=c:\steam\steamapps\prativ\counter-strike\hl.exe | 
"{2C637DB1-CFB5-4001-B537-9EC85E028ACC}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{2F13CC68-D4F2-4731-A982-D30E4F0B9C5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FA42B76-113D-48E7-8757-57FC0123B230}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{2FC5847E-A055-48EB-B791-CF6BB90115EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3075A1AF-8262-4165-AC32-BF31A4FBB18D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30E81D72-E1FD-40F2-BFE6-D9B0D0508D8B}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"{35F60346-7EB9-465A-AA25-0A72F0A0C0DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{3666583F-6F41-4086-A3C0-95EFB97C926F}" = protocol=6 | dir=out | app=system | 
"{378EA4D5-0870-49D4-8225-EF97A36B4D6E}" = protocol=17 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"{3B24C12C-5906-4F23-BB6E-3AB38A5D9216}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"{448CD962-3E32-4E86-A792-7EF0041B8417}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{45075E66-21A3-4BF4-8C53-BEC672042F83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{45CC18ED-DAE8-4488-ACE2-5A258CD08EC4}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{4AAEB6DF-3D17-4617-9417-56E0D540E99A}" = protocol=6 | dir=in | app=c:\steam\steamapps\prativ\counter-strike\hl.exe | 
"{4C338C02-4E56-4479-8EA3-0A1A8A1CF5DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4D522BB5-19EB-49CA-8205-8A1FA51BA0D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4DCEE503-3226-4AF0-B176-9646496FF1B8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm | 
"{4E46B0C2-038E-4027-A6F3-4CF40C3A8FF8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{4F3FF4B7-8491-4979-B1EE-B897A3BFA687}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{52B8EACA-EE14-4113-95BE-30CA287C1C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{56C23436-36F3-401C-AF68-166E764E6EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{5725DF86-CE28-4F9A-AB38-6D1618A653BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{573452ED-6F8E-432D-BD64-CDDD807FFDFC}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"{575C6335-3ECA-424C-BE38-BDEA00D8FB35}" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{57FC0CE9-9F2E-4268-BD64-554501E814EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{59AB78F6-5D45-4FB8-99EF-7B61ECA12C9F}" = protocol=17 | dir=in | app=c:\steam\steamapps\nox3\counter-strike\hl.exe | 
"{5AE714E3-956E-412D-ACDF-0599E39100A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5E73289E-0482-45E2-A892-FEDF79852917}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EFBDDCA-54C5-43D0-8E38-0A77A8A8E575}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{646A039C-0322-4E6E-B7EB-16BFDA1F0391}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{6F36D641-7F8F-4CD9-9A25-5BC3F2CA6547}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{705FA245-7B13-4663-877B-A90E5C1371B7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{78119CF2-3E82-4324-A0BE-640E25B1F07B}" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{8BAD8AE1-F3CC-4E17-8645-93272549A394}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{8D0BAB79-31B6-4B54-A47C-2353C40AC4DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E090271-B904-4B97-BD8F-85809F431AFC}" = dir=in | app=e:\itunes\itunes.exe | 
"{974E1D40-7478-4151-B2C2-13DB4B4F4D6B}" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{9959E7DA-EC9A-48A0-88B6-7627104BDBEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1BB5412-F6BA-4260-9CFF-B899DC6155B1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{A5E88469-4C87-4A0F-A73D-6BA5A683DF2A}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{A87A79D4-BDBB-4065-82ED-42480EBBDD1D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA75D765-834B-40BB-9DE9-86D4E8DCB6A0}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm | 
"{ADCA07DB-5331-4BC2-A833-112F26E41763}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B548F7CB-5DF2-456A-9FEA-01C2DED7FBBB}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\crysis 2\bin32\crysis2.exe | 
"{B6F9DD32-3CE3-4455-97F0-ADF51E6098DE}" = protocol=17 | dir=in | app=c:\steam\steam.exe | 
"{BE529A24-A202-479E-AE64-EBA9087DC749}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.3\sonarhost.exe | 
"{C0F0B369-2724-47D2-A14A-875868A04C25}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C49A4458-5D94-4244-9057-3CB72A17D149}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CDBDBF45-A727-455F-BFEC-7D209CCC3046}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D1F60688-9563-41BA-BE27-C104DC9E1FBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D55730F6-471C-447A-BADF-D0891D61F3A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E721436F-3DA1-4699-BD78-1E1F9F73DC33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E827F4C8-218F-459E-84A8-4DDF78E34EEE}" = protocol=17 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{E936D208-EAD8-49AF-8F31-F0F2C0D54010}" = protocol=6 | dir=in | app=e:\icq\icq7.5\icq.exe | 
"{EF85F90A-370F-4EB0-A415-855CD9B920BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F1FC724C-9219-419F-988B-E49C14421240}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F6DBFC80-A040-4E04-9641-16F5DA599574}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FC71F155-A177-4BF1-9FA5-46F3473837DA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\crysis 2\bin32\crysis2.exe | 
"TCP Query User{05C38445-CA7B-48F1-AFC9-76399FEF820D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{24B10694-337B-47BD-B84B-98793D714BE2}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"TCP Query User{BCFE493D-C774-4A33-A2FC-777BCDA9F5DD}E:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{E55F33B1-9092-4A8C-99FD-71051EDE1026}C:\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{E8560543-24EC-4EFE-952F-3F33884D6C2D}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{196DCE5D-A9D5-42FF-9EC5-C93668269915}E:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=e:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{41CF767C-CDF8-4FB8-94E5-6FD1BD76F71B}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{4F97788E-5D09-4FF5-AF27-F2BE51EFEADE}C:\program files (x86)\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free music zilla\fmzilla.exe | 
"UDP Query User{5524F624-E402-46F6-A565-6A9298D9B961}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{69307572-409A-4C44-8EF1-3326FC70EB9D}C:\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\steam\steamapps\common\dirt 3\dirt3_game.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A01AF425-8AF4-821B-3981-F608519CB1D2}" = AMD Drag and Drop Transcoding
"{B2F6D87D-69E1-9FD2-4DD0-FB36124AA0E3}" = ATI AVIVO64 Codecs
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.15.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CA4A06DE-33A9-B191-D115-8CF214945154}" = HydraVision
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.3" = ESN Sonar
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Music Zilla_is1" = Free Music Zilla
"HLSW_is1" = HLSW v1.4.0.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 99830" = Crysis 2
"Super-Charger_is1" = Super-Charger
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3461560623-2855514712-4016081571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2013 06:48:05 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >

Alt 13.03.2013, 12:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3461560623-2855514712-4016081571-1000\..\SearchScopes\{98AD37DE-7761-40FC-B4DD-0F4E52389354}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=f8f8ff35-cb14-47d8-857e-57be66e449f5&apn_sauid=3F8BA73B-5F3B-499F-947F-DCC0E0289E8D
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={7142F855-206A-11E2-BAB0-6C626D3B678A}&src=2&crg=3.1010000.10025&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
[2011.12.14 15:47:54 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\askcom.xml
[2012.10.27 20:13:55 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\sweetim.xml
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tofilali.js ()
[2013.03.09 22:36:23 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.03.2013, 12:46   #14
jojoba
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Super! Fehler kam nicht mehr, gibt es noch weiteres zutun ?
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3461560623-2855514712-4016081571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{98AD37DE-7761-40FC-B4DD-0F4E52389354}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98AD37DE-7761-40FC-B4DD-0F4E52389354}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://search.sweetim.com/search.asp?barid={7142F855-206A-11E2-BAB0-6C626D3B678A}&src=2&crg=3.1010000.10025&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\askcom.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\f90id590.default\searchplugins\sweetim.xml moved successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tofilali.js moved successfully.
C:\Users\user\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: user
->Temp folder emptied: 967795 bytes
->Temporary Internet Files folder emptied: 1720096 bytes
->Java cache emptied: 5539096 bytes
->FireFox cache emptied: 408145202 bytes
->Flash cache emptied: 7159 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 397,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03132013_123912

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
was war jetzt der Schädling ? Interesse halber

Alt 13.03.2013, 12:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Standard

C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 3 1 23

Themen zu C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7
arten, aufzusetzen, beheben, beim starten, fehler, fehlermeldung, frage, längerem, neu, problem, starte, starten, stick, system, system neu, usb, usb stick, virus, win, win 7


« Maleware findet 107 PUP.Blabbers | Trojaner FakeMS »


Ähnliche Themen: C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7


  1. fehler run dll beim starten unter windows 8
    Plagegeister aller Art und deren Bekämpfung - 02.04.2015 (5)
  2. Fehler beim Programmstart: C:\PROGRA~2\SEARCH~1\bin\Vc32LO~1.DLL
    Log-Analyse und Auswertung - 14.03.2015 (11)
  3. Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\01D3D0D9B.cpp
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (22)
  4. Problem beim Starten von C:\PROGRA~3\6FA64CB91.cpp
    Plagegeister aller Art und deren Bekämpfung - 25.01.2015 (29)
  5. Windows7: "RunDLL: Problem beim Starten von c:\PROGRA~3\CD2D29F5.cpp"
    Plagegeister aller Art und deren Bekämpfung - 16.12.2014 (3)
  6. Probleme beim starten von PROGRA~3\12ACC14A.cpp,zSS1
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (9)
  7. Windows 7 Fehlermeldung bei Start: Problem beim Starten von C:\PROGRA~3\doeqmqlz8.dss
    Log-Analyse und Auswertung - 27.11.2013 (13)
  8. Windows 8 Pro RunDll Fehler beim Starten
    Log-Analyse und Auswertung - 17.08.2013 (12)
  9. Win7 Problem beim Starten von C:\PROGRA~3\aco2d.dat
    Log-Analyse und Auswertung - 01.08.2013 (15)
  10. RUNDLL Fehler beim Starten - Fehler beim Laden von C:/Dokume~1/../Lokale~1/Temp/0.5.... .exe
    Plagegeister aller Art und deren Bekämpfung - 23.04.2012 (5)
  11. Fehler beim LAden von C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
    Plagegeister aller Art und deren Bekämpfung - 10.04.2011 (4)
  12. Fehlermeldung beim Starten von Windows Vista PC "Fehler beim Laden von C.\User\***\sshas21.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (13)
  13. Fehler beim starten von Anwendugen!
    Alles rund um Windows - 31.07.2010 (5)
  14. Fehler beim Laden von C:\PROGRA~1\NEWDOT~1.DLL die Zweite
    Plagegeister aller Art und deren Bekämpfung - 22.09.2005 (18)
  15. Fehler beim Starten
    Log-Analyse und Auswertung - 20.09.2005 (2)
  16. Fehler beim Laden von C:\PROGRA~1\NEWDOT~1.DLL
    Plagegeister aller Art und deren Bekämpfung - 17.09.2005 (16)
  17. Fehler beim Starten von Windows 2000
    Alles rund um Windows - 10.03.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 - Hallo, ich habe schon seit längerem das Problem, dass beim starten des Pc´s die Fehlermeldung C:\PROGRA~3\dllaimesohum.dat kommt. Ich denke das es ein Virus von einem usb Stick ist bin mir - C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7...
Archiv
Du betrachtest: C:\PROGRA~3\dllaimesohum.dat =Fehler beim starten von Win 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129