Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Generic.32.CCGO Gefährlich?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2013, 23:50   #1
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Hallo liebe Leute habe mich grade angemeldet in der Hoffnung Hilfe zu bekommen. AVG hat grade den Virus Trojan Generic.32.CCGO 2 mal gefunden und gelöscht. Meine frage ist jetzt ob die wirklich gelöscht wurden und ob die Gefährlich sind. Ich hoffe ihr könnt mir helfen. Hier OTL
Code:
ATTFilter
OTL logfile created on: 26.04.2013 23:04:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,90 Gb Available Physical Memory | 61,24% Memory free
9,19 Gb Paging File | 5,51 Gb Available in Paging File | 59,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 84,35 Gb Free Space | 57,59% Space Free | Partition Type: NTFS
Drive D: | 258,79 Gb Total Space | 190,59 Gb Free Space | 73,65% Space Free | Partition Type: NTFS
Drive E: | 265,43 Gb Total Space | 77,10 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
 
Computer Name: DARK-PC | User Name: dark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 23:01:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.18 19:23:40 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.18 19:23:40 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012.12.29 10:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.12.10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 14:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.02.18 19:23:40 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.18 19:23:40 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.18 19:23:40 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012.12.29 10:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2012.12.10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2008.12.27 04:55:28 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.27 00:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 05:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.09.14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\sandra.sys -- (SANDRA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={5F309518-9942-4EAF-9462-12FC8D7BB673}&mid=1fe52ba940dd47d09ddcd16d5b34c071-1ff06a90c643aa812b62f3bc0071b03903534728&lang=de&ds=AVG&pr=fr&d=2013-01-30 17:47:26&v=14.2.0.1&pid=avg&sg=&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 1E 75 38 CB E2 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5F309518-9942-4EAF-9462-12FC8D7BB673}&mid=1fe52ba940dd47d09ddcd16d5b34c071-1ff06a90c643aa812b62f3bc0071b03903534728&lang=de&ds=AVG&pr=fr&d=2013-01-30 17:47:26&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 19:23:48 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Docs = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: One Piece Theme2 = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggndmjeamglljedlcacmjipmlhbdgioi\2_0\
CHR - Extension: New Tab Redirect! = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\
CHR - Extension: Google Mail = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] E:\Games\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9FB75D9-BC75-43D0-854D-290B2F72F658}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{96fca61d-8177-11e2-be77-00241dd02982}\Shell - "" = AutoRun
O33 - MountPoints2\{96fca61d-8177-11e2-be77-00241dd02982}\Shell\AutoRun\command - "" = "J:\CMADownloader.exe" 
O33 - MountPoints2\{d98f093f-4f5f-11e2-be6c-00241dd02982}\Shell - "" = AutoRun
O33 - MountPoints2\{d98f093f-4f5f-11e2-be6c-00241dd02982}\Shell\AutoRun\command - "" = "I:\CMADownloader.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\dark\AppData\Roaming\Zeal Game Studio
[2013.04.02 00:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2013.04.02 00:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2013.04.02 00:32:21 | 001,306,624 | ---- | C] (Blue Ripple Sound Limited) -- C:\WINDOWS\SysWow64\rapture3d_oal.dll
[2013.04.02 00:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2013.04.01 13:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HideIPVPN
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 23:03:00 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 23:01:22 | 000,000,000 | ---- | M] () -- C:\Users\dark\defogger_reenable
[2013.04.26 15:59:22 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 15:57:33 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.25 15:51:52 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.04.25 15:51:52 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.04.25 15:51:52 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.04.25 15:51:52 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.04.25 15:51:52 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.04.16 21:03:20 | 000,000,017 | ---- | M] () -- C:\Users\dark\AppData\Local\resmon.resmoncfg
[2013.04.13 09:37:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.13 09:37:31 | 2575,712,255 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.02 00:32:16 | 000,466,456 | ---- | M] (Creative Labs) -- C:\WINDOWS\SysNative\wrap_oal.dll
[2013.04.02 00:32:15 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\SysWow64\wrap_oal.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.26 23:01:22 | 000,000,000 | ---- | C] () -- C:\Users\dark\defogger_reenable
[2013.04.16 21:03:20 | 000,000,017 | ---- | C] () -- C:\Users\dark\AppData\Local\resmon.resmoncfg
[2013.01.11 15:02:22 | 000,015,873 | ---- | C] () -- C:\WINDOWS\SysWow64\Inetde.dll
[2013.01.11 10:16:12 | 000,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2013.01.09 01:09:25 | 013,131,776 | ---- | C] () -- C:\Users\dark\AppData\Roaming\Sandra.mdb
[2012.12.30 22:28:41 | 000,204,154 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2012.12.30 22:28:41 | 000,000,584 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2012.12.25 22:17:10 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2013.01.02 22:14:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.03 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\Amazon
[2012.12.26 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\AVG2013
[2013.01.31 18:29:59 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\Bioshock
[2013.02.05 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\Bioshock2
[2013.04.14 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\BOM
[2013.02.12 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\DAEMON Tools Lite
[2013.01.29 09:10:25 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\Origin
[2013.01.31 18:59:03 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\Sony
[2012.12.26 12:52:19 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\TuneUp Software
[2013.04.02 17:14:30 | 000,000,000 | ---D | M] -- C:\Users\dark\AppData\Roaming\Zeal Game Studio
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 23:04:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 4,90 Gb Available Physical Memory | 61,24% Memory free
9,19 Gb Paging File | 5,51 Gb Available in Paging File | 59,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 84,35 Gb Free Space | 57,59% Space Free | Partition Type: NTFS
Drive D: | 258,79 Gb Total Space | 190,59 Gb Free Space | 73,65% Space Free | Partition Type: NTFS
Drive E: | 265,43 Gb Total Space | 77,10 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
 
Computer Name: DARK-PC | User Name: dark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05879DF9-A64A-43EE-ADBF-ABBD6BBF7A2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B4831FE-92BD-49D0-93F0-44C966B2F202}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0B54734B-7CD6-4CA1-BC0F-CFD74233AE2E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1001D7F9-2E70-47D1-8235-672DC2FD3A54}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1D1301A7-080E-4430-8BBC-702606371B61}" = lport=445 | protocol=6 | dir=in | app=system | 
"{26C8168F-4AC6-4E81-A625-974511BA6D63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27C1642A-DDFF-4ED6-9E4B-A029559853BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2919AB06-27C0-45F7-B375-6CAB9A2BDCDF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{29F7C959-3957-4342-8A1A-41D0429231B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2E3736C8-8E8A-4BAA-AEEB-393B07BD9AF9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{314E714B-78D2-41F9-93A8-2DBACA1BAECD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34AFA95C-F0F8-4762-A5F8-671440C9B919}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{369772DC-EB26-47E6-ACC0-58B1A463DD07}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{39B64C1E-EF83-45F5-BE92-57A9B7A0D3A3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{43875428-9540-492F-8858-6A775D8D4E20}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4B5E10E2-1405-4E57-B9D0-60FC3B6CD290}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4DB74AE0-E55E-480D-B5B4-029DFDD3EB48}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4F855B00-ECF7-44FE-ADDD-860D75993B76}" = rport=137 | protocol=17 | dir=out | app=system | 
"{50657FA9-5C9A-4A26-9F4C-857B7AD0405B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{51458DDE-AA26-4860-8085-0511BAC85E04}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{56C15E6A-5153-48C5-878F-90C2FB3E550D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5ABF6C48-4676-4157-B11E-1B973A1285BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5B2A6852-8625-4043-9DB5-8C0D50744ABD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp1\rpcagentsrv.exe | 
"{5FAE2EF0-DCB6-40A1-BC5C-7EB63913BED2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{6005BC74-C85A-4263-AE6E-A8337E7CA05A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{60C56A0A-8D0D-4992-BCC4-BE224E31D9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6C1BBD5F-3711-4683-96F1-2320D8B94854}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7674A5A8-FFCD-4511-B807-E5A8E91F5BA4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7709D004-63F0-42EE-83E4-85BDA33EF472}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78DF92A4-E544-4C81-8407-BE6E66EF10DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C6731D3-C3EB-40CA-A62B-30DE6CFC88D8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7E1A1E7B-6AC7-4DD7-8776-14C096F5AFD6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{80490B46-C4F3-4385-87EB-8F48E9619A11}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{811B7712-EF9A-4EF4-9DBF-F164B5992090}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{850B99DD-2372-4D0A-8322-12B928E9C67B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8930A487-2132-4461-9F0A-6693703FA484}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A4DFF0A-7A8A-4B7E-A841-C0C1FAD23808}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8C24B8C9-6BC5-4C8F-843C-67D068685B0D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8DF8E31D-0ED3-4344-9DCC-9C90543A94FE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{900077AC-997E-47DB-BEE6-FE96F3755FD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91F58C1D-0E07-4510-9579-F5B8BEB4AC98}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9D99D511-9A05-49B1-BE96-6DDDF609EF32}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AF040F0C-DC65-4CA2-9630-1D3379CFE30B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AFDE8176-EFB7-4F10-AF4F-A0B454B724C5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B62DC570-E3DA-4687-8199-3490FBE44B45}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C05A270F-4C8D-4626-9324-B2D58A294533}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C20A691C-4774-4E4B-B474-B7D80FB3DDA1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C4A6E9FE-14BC-474E-B38E-86754F173553}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C4D2E709-EC54-4C5F-B931-80E019FC2307}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C71660E1-6D1F-4ADE-97A7-4CBAB6DDC149}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C8C83B7D-F39C-4498-8D27-25EA48342B50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C990528C-0916-4F4A-82F2-B04DF72B7D5E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D286363C-7ACC-4572-B14D-E7E02D31D2C6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D4B2E897-762E-4FD4-8092-8D0C63017290}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D5B9C98B-35BE-467E-B903-0960C867F440}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC11997B-86E8-42B4-B2D1-0B7871634759}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E7212302-D318-4681-A188-46AA6FF493F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E784BF5E-22E4-4E52-969D-D0E4F76A87A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E9978137-0281-498E-976B-4C453F4FCA3C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EAC04FA8-CDA6-4CC3-BFB5-58D6A3598F8E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EB586D47-0F37-45F9-8C22-69C2F2080F48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE80F5BF-1771-43FB-9507-B58FC6C44B99}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp1\wnt500x64\rpcsandrasrv.exe | 
"{F5FF16CD-C708-46A8-BB36-5BA770A8545A}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EED615-6E3A-4142-A013-AC2B859B3437}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dirt showdown\showdown.exe | 
"{0242A155-71D5-4440-AAE7-203A7B284A61}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{02AA7E21-6C40-43DF-86E7-CFAD619EBE9F}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\obulis\obulis_steam.exe | 
"{02E7E4AF-FB99-4C66-8EAA-4063C0005B6F}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{02EF1314-FDC3-4C7D-996C-6665BFD3AA8A}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{0649DF62-1F91-40DE-A251-33A0D286DE32}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\legacy_kain_defiance\defiance.exe | 
"{07787231-5547-4FBF-8034-562A092C82F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{0848EB06-8659-409F-BC03-697281C61324}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{08755D7F-7247-41BE-AD1D-0B46F9EA2988}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{08C95D18-2DF8-45B9-84A8-4B246AF35276}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{0911F109-E612-4931-9368-F700021C1D33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{09FE4E65-D7B3-45D2-8E94-85355BE7634B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\broken sword 2\brokensword2.exe | 
"{0A8F589B-FCE1-4E12-B104-4C5E258EDFE5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{0B42F019-697F-4D34-B74C-DD073445FAF0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver\kain2.exe | 
"{0F699860-E7C1-42B0-ACA3-A0039A983A29}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{11392134-D6C7-4DF4-96A6-44BBEB553670}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{1471B14F-C022-4000-9AC6-33231E72CCE2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1527037C-7E6A-46A1-A3A9-8DDD72A53BCD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\broken sword 3\bstsd.exe | 
"{19C0199E-07DE-4754-A03A-660258790E08}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{1BEC744D-C351-4ECF-A13C-F6BB262E6FA7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\hunted\binaries\win32\hunted.exe | 
"{1D1799BA-DD68-44C9-9424-4250FA8AF421}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\obulis\obulis_steam.exe | 
"{1FF8B8B3-376F-4B9D-87CB-DABBAA76974E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe | 
"{206281A0-D6B6-44B6-AED9-69D3D2CE0A0E}" = dir=in | app=e:\games\aliens colonial marines\binaries\win32\acm.exe | 
"{24427341-9BFA-4DCB-A280-14B5DC237147}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{36419C2D-F0E5-40FE-AD00-BEAD360C6029}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{37A4DC29-FE68-495C-A737-B6620988BDB5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{398D5B5A-0CA7-4100-A3E5-2A916943D143}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe | 
"{3C751295-7E2B-4C8D-ADCB-92C656104AD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41DCF90D-BE71-4032-A5A2-DA91A45C1C89}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{46F083B1-3CC9-4804-B946-D44AA9E23C9A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{4CE65A3A-528F-4D90-A428-BD359B87AD90}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{4F42FDF9-E187-4718-8408-E6CA55398316}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{4F5E0D7E-0A2B-4713-89CD-9BD65B08DB40}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4FB636FF-B2D7-4E8E-898C-39D41D416DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{508C5AD8-5734-4965-85E6-90FC7A5C923C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{51A3AB47-D80E-4E8A-BE96-900F0A588073}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dirt showdown\showdown.exe | 
"{52434B39-2A97-48F9-AA6B-9C993EA72311}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\gemini rue\reslists\gemini rue.exe | 
"{53FD1274-797B-453F-9478-2D40ABC673B7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\legacy_kain_defiance\defiance.exe | 
"{55272F96-904C-421D-8A66-9BA498C08003}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{560F99ED-1D45-478F-B6AA-C8584F38C7DE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{57442398-C694-4CBA-87D3-DC4B41923243}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{5A18A35D-649B-4442-9FFA-EA6FE74565E4}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{5A2DC7E8-DE2D-4186-B8AE-7D70018DF6B8}" = dir=in | app=d:\dead space 3 limited edition cracked multi -sc\deadspace3.exe | 
"{5CCAFFAF-41A9-40A2-9309-9613BAADF2FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{61B99864-EEE0-49F7-A7F2-4CE3A9EFC7CD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{64ADCCAA-60AF-4BFA-9656-EBAD0EF23C48}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{66131969-1A21-4654-87D5-25CC34B46BAD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{664462E7-074B-4DE9-8F03-0F4A585DFA42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{6C1982FE-A4BC-4D1B-9597-3186D9E99208}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{6CE97925-9012-4945-A1CF-82C0802449F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6DF3B82B-4AE8-4EE8-8D85-22616C6B1861}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\broken sword 2\brokensword2.exe | 
"{6FB484E4-A701-4EC8-BFAC-75B51CE45985}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{6FB628C7-4E8D-4988-B473-941F5DE8CA63}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{70E6EF96-A1DE-4998-B47E-384A8EE3DD78}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
"{773FADBC-8AA9-447D-A654-225A6DC11760}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77C4F5FD-150C-4AD4-B924-64FC93DE9149}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\syberia\game.exe | 
"{799D29BB-4443-402E-ABCA-62FDB96EFB5E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{7BAC34BC-3C4F-413D-B7AC-B938A669DF00}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{7BD71061-8E77-45A3-A6E5-CD9E33AA34BC}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{7D4BB418-6F96-4728-8F0D-E74606E7B76B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8192DD4D-7CC4-458D-8D20-4E537ADB6178}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{850371DD-B193-45CE-B928-AABB64F26537}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8510D509-D579-4DA4-BA9D-9BCD49F2EA51}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{8522140C-E3F4-4A47-AAF9-E9D22F9BD2BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8747D911-DCF4-467D-97D8-77547C341155}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver\kain2.exe | 
"{87E88AC2-90CA-4188-884B-FAA3B91C9F6B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\syberia 2\game.exe | 
"{884A7B90-4FFD-4BA2-BFE0-95B24B902009}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver 2\sr2.exe | 
"{8B831EDE-92F8-451E-B37B-22A2459830D8}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{8BA63F91-484D-4F9D-9BDA-F0B3A95433EF}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{90A9D207-E9F5-47C0-9741-F7D4273D2D12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{92B9489D-647E-4F85-A8BC-46AF3C973B11}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{93297F35-565D-4606-8982-4B1B271E793B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{9837027A-DC82-494D-8E62-D242F9B12908}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{98862D39-8A78-4723-9DA2-53B541CB06AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{9B05068E-104D-4DE7-9CD5-0B98A8F87AF3}" = protocol=6 | dir=out | app=system | 
"{9C8D0AC9-CB70-4104-9E6E-D3227A8E88B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CEB6E2D-6BC6-40E2-AC62-82A950622F4C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{9E3BB7F8-04F7-4A4D-846C-68D9A212E1CE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{9F776C2B-1384-4783-B666-B463F63056C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{9F85F676-1031-4335-A6FB-FC25C53C8FAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{A026AF2C-D327-458D-9D16-95DE7BD461DC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\syberia\game.exe | 
"{A1F82C01-7AD0-4D77-8FAF-2BB7CBF22A30}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A4D709B7-3C2A-48FF-AAEB-980E580911C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{A65C3AF2-30A7-40F8-A3A0-5482841CD986}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{A7FC2B55-3A6C-4D92-87AC-70E40154B533}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bastion\bastion.exe | 
"{A89CEC9E-A3BB-43E6-BCBE-A3838943B898}" = dir=out | app=e:\games\aliens colonial marines\binaries\win32\acm.exe | 
"{A955C6B2-DD65-4F6C-B31C-C3A05818A527}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB8C7966-17C9-4B90-9380-7C167A08F7BA}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"{ADB8D8E0-16D4-46D9-B2D8-1CFE1637DA35}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bastion\bastion.exe | 
"{AF02D12B-BF32-4698-8923-96E48107BCA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{B3E64866-308D-40D1-AB60-D418117D6E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{B68A5CCB-DBFD-4C31-AA19-392F940BB344}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\gemini rue\reslists\gemini rue.exe | 
"{B741CC1D-19BF-44E9-BBC5-5B8E6E519809}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{BD8002EF-EB45-490F-92BA-06E78F59B736}" = dir=out | app=d:\dead space 3 limited edition cracked multi -sc\deadspace3.exe | 
"{BEEAC3C6-F9E3-4D12-A643-E271AF776AB6}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{BFDD9C4C-C6A5-43D3-9CE5-FE25DCCFB0E4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{C5A6B742-9BF7-4581-8305-6F628AF55640}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{C60E94D8-1486-4578-B259-315FA76EA53A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\broken sword 3\bstsd.exe | 
"{C6DC1755-CE4F-4ACB-8001-2BE971D0ED46}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{C98487D8-227C-4937-9D51-D633AC7F74B2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver 2\sr2.exe | 
"{CC3B62F7-8CF0-4827-8DE5-70BAD097613B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE6A0F2F-9D7C-4C96-B442-8CA0B6044A07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{CE7CE979-7A9D-492E-9762-31640E248831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFCED5EC-56D9-41C2-A0D6-54C3428C7850}" = dir=out | name=microsoft solitaire collection | 
"{D02D6750-3B91-437E-BCB1-64EC980D4F2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0C381D6-943A-49BB-9782-522086E6FCA9}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{D45F8B8C-79ED-411E-BD96-7A60013C65ED}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{D4C01400-D761-4709-ADF7-8C644D91AC02}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\hunted\binaries\win32\hunted.exe | 
"{D564323A-86A3-45E0-9E45-11A6D14C19A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{D7E35302-DFEB-4E22-A69C-15D75217D426}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{D8BC9C61-1816-42B6-AA68-E3345C3957EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DE545514-39F8-40BE-842D-1B3EFA55510D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{DF30FB73-4021-49E9-89BF-6BBA81D61AE6}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E1896871-F32C-4DB0-A27D-3F711ED4C566}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E1D3A9FB-919C-4993-80F4-3A6B938C1C25}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{E29AC9BB-7E1B-43C6-8892-CE3EA1D31C75}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\syberia 2\game.exe | 
"{E3D09B75-89AA-4968-A7CE-EE374D5AE96A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E53E5FDF-489D-49DD-8A8A-69683E139DED}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{E541A26D-F0B9-4BBD-9A96-A67E61449EBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7EC451B-C6EE-4946-BF5D-1533507255EC}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{EBCD2E76-7300-4F28-B01B-0F15A77A92B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC5F0710-A5AC-4F28-ADA3-E4E5C04B793F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EF35C19D-FC14-40CA-B395-91BD21073618}" = dir=out | name=google search | 
"{F8924637-CF88-455F-90FE-A8F512E8462F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C925017-72A8-4C4A-AF21-84901E26638F}" = HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6047A78-062F-4C6F-A82D-B94DAF72FB73}" = Microsoft Games for Windows 8 x64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013.SP1
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.114.08260
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C86E1E36-6D30-4834-9C85-5501F31F7BB4}" = F4200
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFA33E6D-2D7D-4785-8025-974398E940D1}" = DJ_AIO_03_F4200_Software_Min
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E500DF84-3A0A-4989-93C2-D33B935008C1}" = Inhaltsmanager-Assistent für PlayStation(R)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AVG Secure Search" = AVG Security Toolbar
"Biet-O-Matic v2.14.10" = Biet-O-Matic v2.14.10
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Steam App 107100" = Bastion
"Steam App 11330" = Obulis
"Steam App 201700" = DiRT Showdown
"Steam App 20500" = Red Faction: Guerrilla 
"Steam App 219150" = Hotline Miami
"Steam App 224300" = Legacy of Kain: Defiance
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 224920" = Legacy of Kain: Soul Reaver
"Steam App 224940" = Legacy of Kain: Soul Reaver 2
"Steam App 33600" = Broken Sword II: The Smoking Mirror
"Steam App 33610" = Broken Sword III: The Sleeping Dragon
"Steam App 39160" = Dungeon Siege III
"Steam App 43110" = Metro 2033
"Steam App 46500" = Syberia
"Steam App 46510" = Syberia 2
"Steam App 49520" = Borderlands 2
"Steam App 50650" = Darksiders II
"Steam App 57640" = Broken Sword: Shadow of the Templars - Director's Cut
"Steam App 80310" = Gemini Rue
"Steam App 8870" = BioShock Infinite
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2013 14:55:25 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 327599bd-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 16.04.2013 14:55:45 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 3e5cdbd5-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 16.04.2013 14:55:46 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 3e73bfef-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 16.04.2013 14:55:46 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 3e88cf41-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 17.04.2013 15:20:48 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: dmsynth.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x5010a507  Ausnahmecode: 0xc000001d  Fehleroffset: 0x00012886  ID des fehlerhaften
 Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01ce3b9877315311  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\System32\dmsynth.dll  Berichtskennung: e83fa589-a793-11e2-be7d-00241dd02982
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 17.04.2013 15:20:48 | Computer Name = dark-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm HotlineMiami.exe wurde wegen dieses Fehlers 
geschlossen.    Programm: HotlineMiami.exe  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche
 Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.  Diese Situation
 ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das 
Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei zugreifen
 können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 25.04.2013 16:10:46 | Computer Name = dark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 25.04.2013 16:18:18 | Computer Name = dark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 25.04.2013 16:18:54 | Computer Name = dark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 26.04.2013 09:58:35 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.2.223.0, 
Zeitstempel: 0x51023a8b  Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9402.0,
 Zeitstempel: 0x5164e0d4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000008929a
ID
 des fehlerhaften Prozesses: 0x13bc  Startzeit der fehlerhaften Anwendung: 0x01ce38889b039aba
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Defender\MsMpEng.exe  Pfad des
 fehlerhaften Moduls: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6943D80-31F9-4D41-8665-FAD82C1D6C76}\mpengine.dll
Berichtskennung:
 629016eb-ae79-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
[ System Events ]
Error - 18.04.2013 05:26:12 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 18.04.2013 18:20:58 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19.04.2013 08:54:55 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 21.04.2013 12:05:18 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 24.04.2013 20:13:58 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.04.2013 13:44:53 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 25.04.2013 13:44:53 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 25.04.2013 19:52:27 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.04.2013 05:57:28 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.04.2013 09:59:06 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Defender-Dienst" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
Leider kann ich nix von GMER Posten weil wenn ich es Starte sagt mein PC Fehler es wird runter gefahren.

Alt 27.04.2013, 10:24   #2
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Zitat:
Zitat von Darklee Beitrag anzeigen
AVG hat grade den Virus Trojan Generic.32.CCGO 2 mal gefunden und gelöscht. Meine frage ist jetzt ob die wirklich gelöscht wurden und ob die Gefährlich sind.
Ein ähnliches Thema gibt es hier schon, welches ich auch betreue:
nvxdsync.exe/dwm.exe ein Virus?

Es scheint sich hier um einen Fehlalarm von AVG zu handeln.

Gibt es überhaupt Probleme mit deinem Rechner, die auf Malware hindeuten?
__________________


Alt 27.04.2013, 12:22   #3
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Hallo Matthias, danke für die schnelle Antwort und Nein ich habe überhaupt keine Probleme mit meinem Rechner. Alles läuft wie es sein sollte, das einzige wo ich ein Problem hatte war bei einem Beta test Spiel(dessen Name ich leider nicht nennen darf) wo ich mich gestern anmelden wollte und es nicht ging. Ich hatte eine Mail bekommen wo drin stand

(Wir möchten Sie darüber informieren, dass wir den Zugang zu Ihrem Konto vorübergehend eingeschränkt haben. Dies wurde zu Ihrer eigenen Sicherheit durchgeführt, da in unserem System ein ungewöhnlicher Zugriff auf Ihr Konto festgestellt wurde. Aus diesem Grund wurde das Konto temporär geschlossen.)

aber was genau passiert ist wollen/dürfen sie angeblich nicht sagen. Ich bin dann davon ausgegangen da ich mein Account in der alten Wohnung mit Unity-media als Anbieter erstellt und einmal eingeloggt hatte und jetzt vor einer Woche umgezogen bin und als neuen Anbieter Telekom habe, das die wohl das nicht ganz kapiert haben und mein Account deswegen geschlossen haben. Naja darauf hin habe ich halt ein Scan gemacht und die beiden Viren gefunden, die gelöscht wurden. Windows hat danach auch ein update gemacht und alles ist wie vorher, nur die Angst bleibt weil ich viel Online Banking benutzte.

Beim Bericht Steht das es Windows\Explorer\exe(680) sein soll!

Sollte ich die 3 schritte befolgen die du im Anderen Post geschrieben hast? Vielen Dank für die Hilfe!
__________________

Alt 27.04.2013, 15:26   #4
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Servus,



wir können ja mal kurz einen Blick auf deinen Rechner werfen.






Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.

Alt 27.04.2013, 19:47   #5
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



hi selbst im abgesicherten modus startet mein pc neu wenn GMER am scannen ist hier sind die anderen files
Code:
ATTFilter
OTL logfile created on: 27.04.2013 19:29:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,45 Gb Available Physical Memory | 80,69% Memory free
16,00 Gb Paging File | 14,28 Gb Available in Paging File | 89,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 77,04 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
Drive D: | 258,79 Gb Total Space | 190,59 Gb Free Space | 73,65% Space Free | Partition Type: NTFS
Drive E: | 265,43 Gb Total Space | 77,10 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
 
Computer Name: DARK-PC | User Name: dark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 23:01:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.18 19:23:40 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.18 19:23:40 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012.12.29 10:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.12.10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.02.18 19:23:40 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.18 19:23:40 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.18 19:23:40 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012.12.29 10:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV - [2012.12.10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2008.12.27 04:55:28 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.27 00:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 05:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\sandra.sys -- (SANDRA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={5F309518-9942-4EAF-9462-12FC8D7BB673}&mid=1fe52ba940dd47d09ddcd16d5b34c071-1ff06a90c643aa812b62f3bc0071b03903534728&lang=de&ds=AVG&pr=fr&d=2013-01-30 17:47:26&v=14.2.0.1&pid=avg&sg=&sap=hp
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 1E 75 38 CB E2 CD 01  [binary data]
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5F309518-9942-4EAF-9462-12FC8D7BB673}&mid=1fe52ba940dd47d09ddcd16d5b34c071-1ff06a90c643aa812b62f3bc0071b03903534728&lang=de&ds=AVG&pr=fr&d=2013-01-30 17:47:26&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-412062012-3371450894-644002048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 19:23:48 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Docs = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: One Piece Theme2 = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggndmjeamglljedlcacmjipmlhbdgioi\2_0\
CHR - Extension: New Tab Redirect! = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\
CHR - Extension: Google Mail = C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-412062012-3371450894-644002048-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-412062012-3371450894-644002048-1000..\Run: [Steam] E:\Games\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9FB75D9-BC75-43D0-854D-290B2F72F658}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{96fca61d-8177-11e2-be77-00241dd02982}\Shell - "" = AutoRun
O33 - MountPoints2\{96fca61d-8177-11e2-be77-00241dd02982}\Shell\AutoRun\command - "" = "J:\CMADownloader.exe" 
O33 - MountPoints2\{d98f093f-4f5f-11e2-be6c-00241dd02982}\Shell - "" = AutoRun
O33 - MountPoints2\{d98f093f-4f5f-11e2-be6c-00241dd02982}\Shell\AutoRun\command - "" = "I:\CMADownloader.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ACTIVEX CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 00:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.04.14 00:06:51 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2013.04.14 00:06:47 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2013.04.14 00:06:46 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013.04.14 00:06:45 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013.04.14 00:06:43 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2013.04.14 00:06:42 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013.04.14 00:06:42 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2013.04.14 00:06:42 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BCP47Langs.dll
[2013.04.14 00:06:42 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2013.04.14 00:06:42 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2013.04.14 00:06:41 | 001,151,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mcmde.dll
[2013.04.14 00:06:41 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013.04.14 00:06:41 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2013.04.14 00:06:41 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ubpm.dll
[2013.04.14 00:06:40 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2013.04.14 00:06:40 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2013.04.14 00:06:40 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BCP47Langs.dll
[2013.04.14 00:06:39 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013.04.14 00:06:39 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013.04.14 00:06:39 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.14 00:06:39 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2013.04.14 00:06:39 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2013.04.14 00:06:38 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2013.04.14 00:06:38 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2013.04.14 00:06:38 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TimeBrokerServer.dll
[2013.04.14 00:06:37 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013.04.14 00:06:37 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2013.04.14 00:06:37 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2013.04.14 00:06:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2013.04.14 00:06:37 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usbmon.dll
[2013.04.14 00:06:36 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2013.04.14 00:06:36 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2013.04.14 00:06:36 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.14 00:06:35 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013.04.14 00:06:35 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013.04.14 00:06:35 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvstore.dll
[2013.04.14 00:06:35 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2013.04.14 00:06:35 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\discan.dll
[2013.04.14 00:06:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhost.exe
[2013.04.14 00:06:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2013.04.14 00:06:34 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013.04.14 00:06:34 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013.04.14 00:06:34 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013.04.14 00:06:34 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2013.04.14 00:06:34 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys
[2013.04.14 00:06:34 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2013.04.14 00:06:34 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NdisImPlatform.dll
[2013.04.14 00:06:34 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2013.04.14 00:06:34 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013.04.14 00:06:34 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013.04.14 00:06:33 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013.04.14 00:06:33 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\powercfg.cpl
[2013.04.14 00:06:33 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.cpl
[2013.04.14 00:06:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
[2013.04.14 00:06:33 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhostex.exe
[2013.04.14 00:06:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDPrintProxy.DLL
[2013.04.14 00:06:33 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevDispItemProvider.dll
[2013.04.14 00:06:32 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2013.04.14 00:06:32 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2013.04.14 00:06:32 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncInfo.dll
[2013.04.14 00:06:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2013.04.14 00:06:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2013.04.14 00:06:32 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2013.04.14 00:06:32 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2013.04.14 00:06:32 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2013.04.14 00:06:31 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
[2013.04.10 21:05:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.04.10 21:05:33 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.04.10 21:05:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.04.10 21:05:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.04.10 21:05:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.04.10 21:05:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2013.04.10 21:05:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2013.04.10 21:05:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2013.04.10 21:05:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.04.10 21:05:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2013.04.10 18:36:21 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.04.10 17:23:03 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2013.04.10 17:23:03 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2013.04.02 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\dark\AppData\Roaming\Zeal Game Studio
[2013.04.02 00:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2013.04.02 00:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2013.04.02 00:32:21 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\WINDOWS\SysWow64\mkl_blueripple.dll
[2013.04.02 00:32:21 | 001,306,624 | ---- | C] (Blue Ripple Sound Limited) -- C:\WINDOWS\SysWow64\rapture3d_oal.dll
[2013.04.02 00:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2013.04.01 13:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HideIPVPN
[2013.03.29 11:53:32 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvoglv64.dll
[2013.03.29 11:53:32 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglv32.dll
[2013.03.29 11:53:32 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvwgf2um.dll
[2013.03.29 11:53:32 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvopencl.dll
[2013.03.29 11:53:32 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvopencl.dll
[2013.03.29 11:53:32 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdispco6431422.dll
[2013.03.29 11:53:32 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdispgenco6431422.dll
[2013.03.29 11:53:31 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcompiler.dll
[2013.03.29 11:53:31 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvd3dumx.dll
[2013.03.29 11:53:31 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2013.03.29 11:53:31 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuda.dll
[2013.03.29 11:53:31 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll
[2013.03.29 11:53:31 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuvid.dll
[2013.03.29 11:53:31 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll
[2013.03.29 11:53:31 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuvenc.dll
[2013.03.29 11:53:31 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.27 19:18:37 | 000,001,118 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.27 19:17:23 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.27 13:03:00 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.27 00:38:32 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.04.27 00:38:32 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.04.27 00:38:32 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.04.27 00:38:32 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.04.27 00:38:32 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.04.27 00:33:48 | 719,718,680 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013.04.27 00:33:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.27 00:33:48 | 2575,712,255 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 23:22:45 | 000,290,496 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.04.26 23:01:22 | 000,000,000 | ---- | M] () -- C:\Users\dark\defogger_reenable
[2013.04.16 21:03:20 | 000,000,017 | ---- | M] () -- C:\Users\dark\AppData\Local\resmon.resmoncfg
[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.02 00:32:16 | 000,466,456 | ---- | M] (Creative Labs) -- C:\WINDOWS\SysNative\wrap_oal.dll
[2013.04.02 00:32:15 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\SysWow64\wrap_oal.dll
[2013.04.02 00:32:15 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\SysNative\OpenAL32.dll
[2013.04.02 00:32:15 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\SysWow64\OpenAL32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.27 00:33:48 | 719,718,680 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2013.04.26 23:22:35 | 000,290,496 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.04.26 23:01:22 | 000,000,000 | ---- | C] () -- C:\Users\dark\defogger_reenable
[2013.04.16 21:03:20 | 000,000,017 | ---- | C] () -- C:\Users\dark\AppData\Local\resmon.resmoncfg
[2013.04.14 00:06:31 | 000,387,867 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.01.11 15:02:22 | 000,015,873 | ---- | C] () -- C:\WINDOWS\SysWow64\Inetde.dll
[2013.01.11 10:16:12 | 000,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2013.01.09 01:09:25 | 013,131,776 | ---- | C] () -- C:\Users\dark\AppData\Roaming\Sandra.mdb
[2012.12.30 22:28:41 | 000,204,154 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2012.12.30 22:28:41 | 000,000,584 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2012.12.25 22:17:10 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2013.01.02 22:14:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 27.04.2013 19:29:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,45 Gb Available Physical Memory | 80,69% Memory free
16,00 Gb Paging File | 14,28 Gb Available in Paging File | 89,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 77,04 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
Drive D: | 258,79 Gb Total Space | 190,59 Gb Free Space | 73,65% Space Free | Partition Type: NTFS
Drive E: | 265,43 Gb Total Space | 77,10 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
 
Computer Name: DARK-PC | User Name: dark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_USERS\S-1-5-21-412062012-3371450894-644002048-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05879DF9-A64A-43EE-ADBF-ABBD6BBF7A2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B4831FE-92BD-49D0-93F0-44C966B2F202}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0B54734B-7CD6-4CA1-BC0F-CFD74233AE2E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1001D7F9-2E70-47D1-8235-672DC2FD3A54}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1D1301A7-080E-4430-8BBC-702606371B61}" = lport=445 | protocol=6 | dir=in | app=system | 
"{26C8168F-4AC6-4E81-A625-974511BA6D63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27C1642A-DDFF-4ED6-9E4B-A029559853BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2919AB06-27C0-45F7-B375-6CAB9A2BDCDF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{29F7C959-3957-4342-8A1A-41D0429231B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2E3736C8-8E8A-4BAA-AEEB-393B07BD9AF9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{314E714B-78D2-41F9-93A8-2DBACA1BAECD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{34AFA95C-F0F8-4762-A5F8-671440C9B919}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{369772DC-EB26-47E6-ACC0-58B1A463DD07}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{39B64C1E-EF83-45F5-BE92-57A9B7A0D3A3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{43875428-9540-492F-8858-6A775D8D4E20}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4B5E10E2-1405-4E57-B9D0-60FC3B6CD290}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4DB74AE0-E55E-480D-B5B4-029DFDD3EB48}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4F855B00-ECF7-44FE-ADDD-860D75993B76}" = rport=137 | protocol=17 | dir=out | app=system | 
"{50657FA9-5C9A-4A26-9F4C-857B7AD0405B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{51458DDE-AA26-4860-8085-0511BAC85E04}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{56C15E6A-5153-48C5-878F-90C2FB3E550D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5ABF6C48-4676-4157-B11E-1B973A1285BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5B2A6852-8625-4043-9DB5-8C0D50744ABD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp1\rpcagentsrv.exe | 
"{5FAE2EF0-DCB6-40A1-BC5C-7EB63913BED2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{6005BC74-C85A-4263-AE6E-A8337E7CA05A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{60C56A0A-8D0D-4992-BCC4-BE224E31D9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6C1BBD5F-3711-4683-96F1-2320D8B94854}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7674A5A8-FFCD-4511-B807-E5A8E91F5BA4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7709D004-63F0-42EE-83E4-85BDA33EF472}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78DF92A4-E544-4C81-8407-BE6E66EF10DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C6731D3-C3EB-40CA-A62B-30DE6CFC88D8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7E1A1E7B-6AC7-4DD7-8776-14C096F5AFD6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{80490B46-C4F3-4385-87EB-8F48E9619A11}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{811B7712-EF9A-4EF4-9DBF-F164B5992090}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{850B99DD-2372-4D0A-8322-12B928E9C67B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8930A487-2132-4461-9F0A-6693703FA484}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A4DFF0A-7A8A-4B7E-A841-C0C1FAD23808}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8C24B8C9-6BC5-4C8F-843C-67D068685B0D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8DF8E31D-0ED3-4344-9DCC-9C90543A94FE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{900077AC-997E-47DB-BEE6-FE96F3755FD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91F58C1D-0E07-4510-9579-F5B8BEB4AC98}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9D99D511-9A05-49B1-BE96-6DDDF609EF32}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AF040F0C-DC65-4CA2-9630-1D3379CFE30B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AFDE8176-EFB7-4F10-AF4F-A0B454B724C5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B62DC570-E3DA-4687-8199-3490FBE44B45}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C05A270F-4C8D-4626-9324-B2D58A294533}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C20A691C-4774-4E4B-B474-B7D80FB3DDA1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C4A6E9FE-14BC-474E-B38E-86754F173553}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C4D2E709-EC54-4C5F-B931-80E019FC2307}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C71660E1-6D1F-4ADE-97A7-4CBAB6DDC149}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C8C83B7D-F39C-4498-8D27-25EA48342B50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C990528C-0916-4F4A-82F2-B04DF72B7D5E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D286363C-7ACC-4572-B14D-E7E02D31D2C6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D4B2E897-762E-4FD4-8092-8D0C63017290}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D5B9C98B-35BE-467E-B903-0960C867F440}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC11997B-86E8-42B4-B2D1-0B7871634759}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E7212302-D318-4681-A188-46AA6FF493F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E784BF5E-22E4-4E52-969D-D0E4F76A87A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E9978137-0281-498E-976B-4C453F4FCA3C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EAC04FA8-CDA6-4CC3-BFB5-58D6A3598F8E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EB586D47-0F37-45F9-8C22-69C2F2080F48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE80F5BF-1771-43FB-9507-B58FC6C44B99}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp1\wnt500x64\rpcsandrasrv.exe | 
"{F5FF16CD-C708-46A8-BB36-5BA770A8545A}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EED615-6E3A-4142-A013-AC2B859B3437}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dirt showdown\showdown.exe | 
"{0242A155-71D5-4440-AAE7-203A7B284A61}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{02AA7E21-6C40-43DF-86E7-CFAD619EBE9F}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\obulis\obulis_steam.exe | 
"{02E7E4AF-FB99-4C66-8EAA-4063C0005B6F}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{02EF1314-FDC3-4C7D-996C-6665BFD3AA8A}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{0649DF62-1F91-40DE-A251-33A0D286DE32}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\legacy_kain_defiance\defiance.exe | 
"{07787231-5547-4FBF-8034-562A092C82F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{0848EB06-8659-409F-BC03-697281C61324}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{08755D7F-7247-41BE-AD1D-0B46F9EA2988}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{08C95D18-2DF8-45B9-84A8-4B246AF35276}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{0911F109-E612-4931-9368-F700021C1D33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{09FE4E65-D7B3-45D2-8E94-85355BE7634B}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\broken sword 2\brokensword2.exe | 
"{0A8F589B-FCE1-4E12-B104-4C5E258EDFE5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{0B42F019-697F-4D34-B74C-DD073445FAF0}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver\kain2.exe | 
"{0F699860-E7C1-42B0-ACA3-A0039A983A29}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{11392134-D6C7-4DF4-96A6-44BBEB553670}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{1471B14F-C022-4000-9AC6-33231E72CCE2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1527037C-7E6A-46A1-A3A9-8DDD72A53BCD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\broken sword 3\bstsd.exe | 
"{19C0199E-07DE-4754-A03A-660258790E08}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{1BEC744D-C351-4ECF-A13C-F6BB262E6FA7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\hunted\binaries\win32\hunted.exe | 
"{1D1799BA-DD68-44C9-9424-4250FA8AF421}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\obulis\obulis_steam.exe | 
"{1FF8B8B3-376F-4B9D-87CB-DABBAA76974E}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe | 
"{206281A0-D6B6-44B6-AED9-69D3D2CE0A0E}" = dir=in | app=e:\games\aliens colonial marines\binaries\win32\acm.exe | 
"{24427341-9BFA-4DCB-A280-14B5DC237147}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{36419C2D-F0E5-40FE-AD00-BEAD360C6029}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{37A4DC29-FE68-495C-A737-B6620988BDB5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{398D5B5A-0CA7-4100-A3E5-2A916943D143}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\broken sword shadow of the templars\bs1dc.exe | 
"{3C751295-7E2B-4C8D-ADCB-92C656104AD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41DCF90D-BE71-4032-A5A2-DA91A45C1C89}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{46F083B1-3CC9-4804-B946-D44AA9E23C9A}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{4CE65A3A-528F-4D90-A428-BD359B87AD90}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\hotline_miami\hotlinemiami.exe | 
"{4F42FDF9-E187-4718-8408-E6CA55398316}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{4F5E0D7E-0A2B-4713-89CD-9BD65B08DB40}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4FB636FF-B2D7-4E8E-898C-39D41D416DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{508C5AD8-5734-4965-85E6-90FC7A5C923C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{51A3AB47-D80E-4E8A-BE96-900F0A588073}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dirt showdown\showdown.exe | 
"{52434B39-2A97-48F9-AA6B-9C993EA72311}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\gemini rue\reslists\gemini rue.exe | 
"{53FD1274-797B-453F-9478-2D40ABC673B7}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\legacy_kain_defiance\defiance.exe | 
"{55272F96-904C-421D-8A66-9BA498C08003}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{560F99ED-1D45-478F-B6AA-C8584F38C7DE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{57442398-C694-4CBA-87D3-DC4B41923243}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{5A18A35D-649B-4442-9FFA-EA6FE74565E4}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{5A2DC7E8-DE2D-4186-B8AE-7D70018DF6B8}" = dir=in | app=d:\dead space 3 limited edition cracked multi -sc\deadspace3.exe | 
"{5CCAFFAF-41A9-40A2-9309-9613BAADF2FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{61B99864-EEE0-49F7-A7F2-4CE3A9EFC7CD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{64ADCCAA-60AF-4BFA-9656-EBAD0EF23C48}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{66131969-1A21-4654-87D5-25CC34B46BAD}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{664462E7-074B-4DE9-8F03-0F4A585DFA42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{6C1982FE-A4BC-4D1B-9597-3186D9E99208}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{6CE97925-9012-4945-A1CF-82C0802449F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6DF3B82B-4AE8-4EE8-8D85-22616C6B1861}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\broken sword 2\brokensword2.exe | 
"{6FB484E4-A701-4EC8-BFAC-75B51CE45985}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{6FB628C7-4E8D-4988-B473-941F5DE8CA63}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{70E6EF96-A1DE-4998-B47E-384A8EE3DD78}" = protocol=17 | dir=in | app=e:\games\steam\steam.exe | 
"{773FADBC-8AA9-447D-A654-225A6DC11760}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77C4F5FD-150C-4AD4-B924-64FC93DE9149}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\syberia\game.exe | 
"{799D29BB-4443-402E-ABCA-62FDB96EFB5E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{7BAC34BC-3C4F-413D-B7AC-B938A669DF00}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{7BD71061-8E77-45A3-A6E5-CD9E33AA34BC}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{7D4BB418-6F96-4728-8F0D-E74606E7B76B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8192DD4D-7CC4-458D-8D20-4E537ADB6178}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{850371DD-B193-45CE-B928-AABB64F26537}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8510D509-D579-4DA4-BA9D-9BCD49F2EA51}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{8522140C-E3F4-4A47-AAF9-E9D22F9BD2BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8747D911-DCF4-467D-97D8-77547C341155}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver\kain2.exe | 
"{87E88AC2-90CA-4188-884B-FAA3B91C9F6B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\syberia 2\game.exe | 
"{884A7B90-4FFD-4BA2-BFE0-95B24B902009}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver 2\sr2.exe | 
"{8B831EDE-92F8-451E-B37B-22A2459830D8}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{8BA63F91-484D-4F9D-9BDA-F0B3A95433EF}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{90A9D207-E9F5-47C0-9741-F7D4273D2D12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{92B9489D-647E-4F85-A8BC-46AF3C973B11}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{93297F35-565D-4606-8982-4B1B271E793B}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{9837027A-DC82-494D-8E62-D242F9B12908}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{98862D39-8A78-4723-9DA2-53B541CB06AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{9B05068E-104D-4DE7-9CD5-0B98A8F87AF3}" = protocol=6 | dir=out | app=system | 
"{9C8D0AC9-CB70-4104-9E6E-D3227A8E88B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CEB6E2D-6BC6-40E2-AC62-82A950622F4C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{9E3BB7F8-04F7-4A4D-846C-68D9A212E1CE}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{9F776C2B-1384-4783-B666-B463F63056C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{9F85F676-1031-4335-A6FB-FC25C53C8FAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{A026AF2C-D327-458D-9D16-95DE7BD461DC}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\syberia\game.exe | 
"{A1F82C01-7AD0-4D77-8FAF-2BB7CBF22A30}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{A4D709B7-3C2A-48FF-AAEB-980E580911C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{A65C3AF2-30A7-40F8-A3A0-5482841CD986}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{A7FC2B55-3A6C-4D92-87AC-70E40154B533}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\bastion\bastion.exe | 
"{A89CEC9E-A3BB-43E6-BCBE-A3838943B898}" = dir=out | app=e:\games\aliens colonial marines\binaries\win32\acm.exe | 
"{A955C6B2-DD65-4F6C-B31C-C3A05818A527}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB8C7966-17C9-4B90-9380-7C167A08F7BA}" = protocol=6 | dir=in | app=e:\games\steam\steam.exe | 
"{ADB8D8E0-16D4-46D9-B2D8-1CFE1637DA35}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\bastion\bastion.exe | 
"{AF02D12B-BF32-4698-8923-96E48107BCA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{B3E64866-308D-40D1-AB60-D418117D6E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{B68A5CCB-DBFD-4C31-AA19-392F940BB344}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\gemini rue\reslists\gemini rue.exe | 
"{B741CC1D-19BF-44E9-BBC5-5B8E6E519809}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{BD8002EF-EB45-490F-92BA-06E78F59B736}" = dir=out | app=d:\dead space 3 limited edition cracked multi -sc\deadspace3.exe | 
"{BEEAC3C6-F9E3-4D12-A643-E271AF776AB6}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{BFDD9C4C-C6A5-43D3-9CE5-FE25DCCFB0E4}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{C5A6B742-9BF7-4581-8305-6F628AF55640}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{C60E94D8-1486-4578-B259-315FA76EA53A}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\broken sword 3\bstsd.exe | 
"{C6DC1755-CE4F-4ACB-8001-2BE971D0ED46}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{C98487D8-227C-4937-9D51-D633AC7F74B2}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\legacy of kain soul reaver 2\sr2.exe | 
"{CC3B62F7-8CF0-4827-8DE5-70BAD097613B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE6A0F2F-9D7C-4C96-B442-8CA0B6044A07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{CE7CE979-7A9D-492E-9762-31640E248831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFCED5EC-56D9-41C2-A0D6-54C3428C7850}" = dir=out | name=microsoft solitaire collection | 
"{D02D6750-3B91-437E-BCB1-64EC980D4F2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D0C381D6-943A-49BB-9782-522086E6FCA9}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\red faction guerrilla\rfg_launcher.exe | 
"{D45F8B8C-79ED-411E-BD96-7A60013C65ED}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{D4C01400-D761-4709-ADF7-8C644D91AC02}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\hunted\binaries\win32\hunted.exe | 
"{D564323A-86A3-45E0-9E45-11A6D14C19A8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{D7E35302-DFEB-4E22-A69C-15D75217D426}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{D8BC9C61-1816-42B6-AA68-E3345C3957EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DE545514-39F8-40BE-842D-1B3EFA55510D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{DF30FB73-4021-49E9-89BF-6BBA81D61AE6}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E1896871-F32C-4DB0-A27D-3F711ED4C566}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E1D3A9FB-919C-4993-80F4-3A6B938C1C25}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{E29AC9BB-7E1B-43C6-8892-CE3EA1D31C75}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\syberia 2\game.exe | 
"{E3D09B75-89AA-4968-A7CE-EE374D5AE96A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E53E5FDF-489D-49DD-8A8A-69683E139DED}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{E541A26D-F0B9-4BBD-9A96-A67E61449EBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7EC451B-C6EE-4946-BF5D-1533507255EC}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{EBCD2E76-7300-4F28-B01B-0F15A77A92B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC5F0710-A5AC-4F28-ADA3-E4E5C04B793F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EF35C19D-FC14-40CA-B395-91BD21073618}" = dir=out | name=google search | 
"{F8924637-CF88-455F-90FE-A8F512E8462F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C925017-72A8-4C4A-AF21-84901E26638F}" = HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6047A78-062F-4C6F-A82D-B94DAF72FB73}" = Microsoft Games for Windows 8 x64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013.SP1
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.114.08260
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C86E1E36-6D30-4834-9C85-5501F31F7BB4}" = F4200
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFA33E6D-2D7D-4785-8025-974398E940D1}" = DJ_AIO_03_F4200_Software_Min
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E500DF84-3A0A-4989-93C2-D33B935008C1}" = Inhaltsmanager-Assistent für PlayStation(R)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AVG Secure Search" = AVG Security Toolbar
"Biet-O-Matic v2.14.10" = Biet-O-Matic v2.14.10
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Steam App 107100" = Bastion
"Steam App 11330" = Obulis
"Steam App 201700" = DiRT Showdown
"Steam App 20500" = Red Faction: Guerrilla 
"Steam App 219150" = Hotline Miami
"Steam App 224300" = Legacy of Kain: Defiance
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 224920" = Legacy of Kain: Soul Reaver
"Steam App 224940" = Legacy of Kain: Soul Reaver 2
"Steam App 33600" = Broken Sword II: The Smoking Mirror
"Steam App 33610" = Broken Sword III: The Sleeping Dragon
"Steam App 39160" = Dungeon Siege III
"Steam App 43110" = Metro 2033
"Steam App 46500" = Syberia
"Steam App 46510" = Syberia 2
"Steam App 49520" = Borderlands 2
"Steam App 50650" = Darksiders II
"Steam App 57640" = Broken Sword: Shadow of the Templars - Director's Cut
"Steam App 80310" = Gemini Rue
"Steam App 8870" = BioShock Infinite
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2013 14:55:45 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 3e5cdbd5-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 16.04.2013 14:55:46 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 3e73bfef-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 16.04.2013 14:55:46 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: bgm.dll, Version: 2.0.4.8,
 Zeitstempel: 0x450a2d55  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005250  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01ce3ad3d86515c0  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: E:\Games\Steam\steamapps\common\hotline_miami\bgm.dll  Berichtskennung:
 3e88cf41-a6c7-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 17.04.2013 15:20:48 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0,
 Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: dmsynth.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x5010a507  Ausnahmecode: 0xc000001d  Fehleroffset: 0x00012886  ID des fehlerhaften
 Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01ce3b9877315311  Pfad der
 fehlerhaften Anwendung: E:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
Pfad
 des fehlerhaften Moduls: C:\WINDOWS\System32\dmsynth.dll  Berichtskennung: e83fa589-a793-11e2-be7d-00241dd02982
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 17.04.2013 15:20:48 | Computer Name = dark-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm HotlineMiami.exe wurde wegen dieses Fehlers 
geschlossen.    Programm: HotlineMiami.exe  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche
 Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.  Diese Situation
 ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das 
Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei zugreifen
 können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 25.04.2013 16:10:46 | Computer Name = dark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 25.04.2013 16:18:18 | Computer Name = dark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 25.04.2013 16:18:54 | Computer Name = dark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 26.04.2013 09:58:35 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.2.223.0, 
Zeitstempel: 0x51023a8b  Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9402.0,
 Zeitstempel: 0x5164e0d4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000008929a
ID
 des fehlerhaften Prozesses: 0x13bc  Startzeit der fehlerhaften Anwendung: 0x01ce38889b039aba
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Defender\MsMpEng.exe  Pfad des
 fehlerhaften Moduls: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6943D80-31F9-4D41-8665-FAD82C1D6C76}\mpengine.dll
Berichtskennung:
 629016eb-ae79-11e2-be7d-00241dd02982  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 26.04.2013 17:15:44 | Computer Name = dark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OTL.exe, Version: 3.2.69.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: OTL.exe, Version: 3.2.69.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012c42  ID des fehlerhaften Prozesses:
 0x1ea4  Startzeit der fehlerhaften Anwendung: 0x01ce42c199140329  Pfad der fehlerhaften
 Anwendung: D:\OTL.exe  Pfad des fehlerhaften Moduls: D:\OTL.exe  Berichtskennung: 746f5f46-aeb6-11e2-be7d-00241dd02982
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 26.04.2013 17:18:49 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.04.2013 17:23:00 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 26.04.2013 17:23:03 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 26.04.2013 18:33:56 | Computer Name = dark-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?04.?2013 um 00:02:51 unerwartet heruntergefahren.
 
Error - 26.04.2013 18:34:04 | Computer Name = DARK-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 26.04.2013 18:34:07 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 26.04.2013 18:34:09 | Computer Name = dark-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 26.04.2013 20:19:54 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.04.2013 03:49:00 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.04.2013 07:45:00 | Computer Name = dark-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:41 on 27/04/2013 (dark)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
kann ich noch was anderes machen damit GMER scannen kann ohne neustart?


Alt 28.04.2013, 19:55   #6
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Servus,



Zitat:
Zitat von Darklee Beitrag anzeigen
kann ich noch was anderes machen damit GMER scannen kann ohne neustart?
Wir lassen GMER mal liegen und versuchen es mit diesen beiden Programmen:



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).








Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Alt 28.04.2013, 23:34   #7
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



hallo und vielen dank nochmal für die mühe. also als aswMBR am scannen war hatte mein pc ein frezze. ich musste neu starten weil garnichts mehr ging! nach dem neutstart mit der einstellung av scan (none) gabs ein fehler und das programm wurde beendet, habs 2 mal versucht. hier die daten von tdsskiller
Code:
ATTFilter
00:22:01.0450 3900  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:22:01.0982 3900  ============================================================
00:22:01.0982 3900  Current date / time: 2013/04/29 00:22:01.0982
00:22:01.0982 3900  SystemInfo:
00:22:01.0982 3900  
00:22:01.0982 3900  OS Version: 6.2.9200 ServicePack: 0.0
00:22:01.0982 3900  Product type: Workstation
00:22:01.0982 3900  ComputerName: DARK-PC
00:22:01.0982 3900  UserName: dark
00:22:01.0982 3900  Windows directory: C:\WINDOWS
00:22:01.0982 3900  System windows directory: C:\WINDOWS
00:22:01.0983 3900  Running under WOW64
00:22:01.0983 3900  Processor architecture: Intel x64
00:22:01.0983 3900  Number of processors: 4
00:22:01.0983 3900  Page size: 0x1000
00:22:01.0983 3900  Boot type: Normal boot
00:22:01.0983 3900  ============================================================
00:22:02.0410 3900  Drive \Device\Harddisk0\DR0 - Size: 0xA7ACF60000 (670.70 Gb), SectorSize: 0x200, Cylinders: 0x15602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:02.0414 3900  ============================================================
00:22:02.0414 3900  \Device\Harddisk0\DR0:
00:22:02.0414 3900  MBR partitions:
00:22:02.0414 3900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x124F8000
00:22:02.0414 3900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x20594000
00:22:02.0414 3900  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x32A8C800, BlocksNum 0x212DA800
00:22:02.0414 3900  ============================================================
00:22:02.0433 3900  C: <-> \Device\Harddisk0\DR0\Partition1
00:22:02.0487 3900  D: <-> \Device\Harddisk0\DR0\Partition2
00:22:02.0517 3900  E: <-> \Device\Harddisk0\DR0\Partition3
00:22:02.0517 3900  ============================================================
00:22:02.0518 3900  Initialize success
00:22:02.0518 3900  ============================================================
00:22:53.0098 2184  ============================================================
00:22:53.0098 2184  Scan started
00:22:53.0098 2184  Mode: Manual; SigCheck; TDLFS; 
00:22:53.0098 2184  ============================================================
00:22:53.0386 2184  ================ Scan system memory ========================
00:22:53.0386 2184  System memory - ok
00:22:53.0386 2184  ================ Scan services =============================
00:22:53.0532 2184  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
00:22:53.0634 2184  1394ohci - ok
00:22:53.0651 2184  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
00:22:53.0665 2184  3ware - ok
00:22:53.0695 2184  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
00:22:53.0719 2184  ACPI - ok
00:22:53.0740 2184  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
00:22:53.0759 2184  acpiex - ok
00:22:53.0784 2184  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
00:22:53.0813 2184  acpipagr - ok
00:22:53.0835 2184  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
00:22:53.0878 2184  AcpiPmi - ok
00:22:53.0901 2184  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
00:22:53.0914 2184  acpitime - ok
00:22:53.0952 2184  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
00:22:53.0985 2184  adp94xx - ok
00:22:54.0010 2184  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
00:22:54.0031 2184  adpahci - ok
00:22:54.0064 2184  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
00:22:54.0097 2184  adpu320 - ok
00:22:54.0127 2184  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
00:22:54.0175 2184  AeLookupSvc - ok
00:22:54.0209 2184  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\WINDOWS\system32\drivers\afd.sys
00:22:54.0314 2184  AFD - ok
00:22:54.0339 2184  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
00:22:54.0358 2184  agp440 - ok
00:22:54.0386 2184  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\WINDOWS\System32\alg.exe
00:22:54.0415 2184  ALG - ok
00:22:54.0440 2184  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
00:22:54.0480 2184  AllUserInstallAgent - ok
00:22:54.0504 2184  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
00:22:54.0565 2184  AmdK8 - ok
00:22:54.0589 2184  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
00:22:54.0611 2184  AmdPPM - ok
00:22:54.0639 2184  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
00:22:54.0651 2184  amdsata - ok
00:22:54.0676 2184  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
00:22:54.0694 2184  amdsbs - ok
00:22:54.0709 2184  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
00:22:54.0721 2184  amdxata - ok
00:22:54.0740 2184  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
00:22:54.0766 2184  AppID - ok
00:22:54.0793 2184  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
00:22:54.0821 2184  AppIDSvc - ok
00:22:54.0845 2184  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
00:22:54.0877 2184  Appinfo - ok
00:22:54.0906 2184  [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
00:22:54.0956 2184  AppMgmt - ok
00:22:54.0988 2184  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\WINDOWS\system32\drivers\arc.sys
00:22:55.0001 2184  arc - ok
00:22:55.0015 2184  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
00:22:55.0028 2184  arcsas - ok
00:22:55.0051 2184  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:22:55.0075 2184  AsyncMac - ok
00:22:55.0092 2184  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
00:22:55.0104 2184  atapi - ok
00:22:55.0134 2184  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
00:22:55.0165 2184  AudioEndpointBuilder - ok
00:22:55.0206 2184  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
00:22:55.0237 2184  Audiosrv - ok
00:22:55.0287 2184  [ 58D7FAF5C81ECEFFD2EDEDA9C2619D82 ] Avgboota        C:\WINDOWS\system32\DRIVERS\avgboota.sys
00:22:55.0299 2184  Avgboota - ok
00:22:55.0317 2184  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys
00:22:55.0328 2184  Avgfwfd - ok
00:22:55.0444 2184  [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
00:22:55.0491 2184  avgfws - ok
00:22:55.0633 2184  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
00:22:55.0715 2184  AVGIDSAgent - ok
00:22:55.0743 2184  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
00:22:55.0754 2184  AVGIDSDriver - ok
00:22:55.0764 2184  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\WINDOWS\system32\DRIVERS\avgidsha.sys
00:22:55.0773 2184  AVGIDSHA - ok
00:22:55.0799 2184  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\WINDOWS\system32\DRIVERS\avgldx64.sys
00:22:55.0810 2184  Avgldx64 - ok
00:22:55.0826 2184  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\WINDOWS\system32\DRIVERS\avgloga.sys
00:22:55.0838 2184  Avgloga - ok
00:22:55.0868 2184  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
00:22:55.0877 2184  Avgmfx64 - ok
00:22:55.0887 2184  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
00:22:55.0896 2184  Avgrkx64 - ok
00:22:55.0914 2184  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
00:22:55.0925 2184  avgwd - ok
00:22:55.0956 2184  [ 64A0A811F096834E8B85AB5009609D10 ] Avgwfpa         C:\WINDOWS\system32\DRIVERS\avgwfpa.sys
00:22:55.0968 2184  Avgwfpa - ok
00:22:55.0999 2184  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
00:22:56.0059 2184  AxInstSV - ok
00:22:56.0096 2184  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
00:22:56.0141 2184  b06bdrv - ok
00:22:56.0164 2184  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
00:22:56.0181 2184  BasicDisplay - ok
00:22:56.0193 2184  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
00:22:56.0211 2184  BasicRender - ok
00:22:56.0239 2184  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
00:22:56.0287 2184  BDESVC - ok
00:22:56.0309 2184  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:22:56.0372 2184  Beep - ok
00:22:56.0421 2184  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\WINDOWS\System32\bfe.dll
00:22:56.0500 2184  BFE - ok
00:22:56.0540 2184  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\WINDOWS\System32\qmgr.dll
00:22:56.0599 2184  BITS - ok
00:22:56.0615 2184  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
00:22:56.0668 2184  bowser - ok
00:22:56.0693 2184  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
00:22:56.0738 2184  BrokerInfrastructure - ok
00:22:56.0770 2184  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\WINDOWS\System32\browser.dll
00:22:56.0799 2184  Browser - ok
00:22:56.0825 2184  [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
00:22:56.0856 2184  BthAvrcpTg - ok
00:22:56.0879 2184  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
00:22:56.0982 2184  BthHFEnum - ok
00:22:57.0011 2184  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
00:22:57.0052 2184  bthhfhid - ok
00:22:57.0079 2184  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
00:22:57.0102 2184  BTHMODEM - ok
00:22:57.0124 2184  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\WINDOWS\system32\bthserv.dll
00:22:57.0146 2184  bthserv - ok
00:22:57.0196 2184  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
00:22:57.0244 2184  cdfs - ok
00:22:57.0272 2184  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
00:22:57.0325 2184  cdrom - ok
00:22:57.0354 2184  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
00:22:57.0400 2184  CertPropSvc - ok
00:22:57.0426 2184  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
00:22:57.0449 2184  circlass - ok
00:22:57.0503 2184  [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
00:22:57.0508 2184  ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
00:22:57.0508 2184  ClassicShellService - detected UnsignedFile.Multi.Generic (1)
00:22:57.0541 2184  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
00:22:57.0567 2184  CLFS - ok
00:22:57.0600 2184  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
00:22:57.0627 2184  CmBatt - ok
00:22:57.0666 2184  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
00:22:57.0701 2184  CNG - ok
00:22:57.0727 2184  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
00:22:57.0758 2184  CompositeBus - ok
00:22:57.0763 2184  COMSysApp - ok
00:22:57.0782 2184  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
00:22:57.0835 2184  condrv - ok
00:22:57.0862 2184  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
00:22:57.0891 2184  CryptSvc - ok
00:22:57.0932 2184  [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
00:22:57.0992 2184  CSC - ok
00:22:58.0029 2184  [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService      C:\WINDOWS\System32\cscsvc.dll
00:22:58.0107 2184  CscService - ok
00:22:58.0130 2184  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\WINDOWS\system32\drivers\dam.sys
00:22:58.0143 2184  dam - ok
00:22:58.0183 2184  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:22:58.0232 2184  DcomLaunch - ok
00:22:58.0258 2184  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
00:22:58.0300 2184  defragsvc - ok
00:22:58.0332 2184  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
00:22:58.0355 2184  DeviceAssociationService - ok
00:22:58.0378 2184  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
00:22:58.0392 2184  DeviceInstall - ok
00:22:58.0414 2184  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
00:22:58.0436 2184  Dfsc - ok
00:22:58.0464 2184  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
00:22:58.0480 2184  Dhcp - ok
00:22:58.0506 2184  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\WINDOWS\system32\drivers\discache.sys
00:22:58.0524 2184  discache - ok
00:22:58.0544 2184  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\WINDOWS\system32\drivers\disk.sys
00:22:58.0557 2184  disk - ok
00:22:58.0583 2184  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
00:22:58.0630 2184  dmvsc - ok
00:22:58.0657 2184  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:22:58.0718 2184  Dnscache - ok
00:22:58.0745 2184  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
00:22:58.0792 2184  dot3svc - ok
00:22:58.0819 2184  [ 27069CFFF29B7F04F4B1BB10154BE52B ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
00:22:58.0829 2184  dot4 - ok
00:22:58.0840 2184  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
00:22:58.0848 2184  Dot4Print - ok
00:22:58.0866 2184  [ B7D595F2F464F7B628AD53F06547792C ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
00:22:58.0874 2184  dot4usb - ok
00:22:58.0922 2184  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\WINDOWS\system32\dps.dll
00:22:58.0964 2184  DPS - ok
00:22:58.0989 2184  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
00:22:59.0032 2184  drmkaud - ok
00:22:59.0062 2184  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
00:22:59.0109 2184  DsmSvc - ok
00:22:59.0167 2184  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
00:22:59.0227 2184  DXGKrnl - ok
00:22:59.0253 2184  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
00:22:59.0284 2184  Eaphost - ok
00:22:59.0386 2184  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
00:22:59.0512 2184  ebdrv - ok
00:22:59.0540 2184  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\WINDOWS\System32\lsass.exe
00:22:59.0553 2184  EFS - ok
00:22:59.0600 2184  [ 4B84E647C934EDFF7F28C4B91A5C0864 ] ehRecvr         C:\WINDOWS\ehome\ehRecvr.exe
00:22:59.0685 2184  ehRecvr - ok
00:22:59.0714 2184  [ 72781EC7A97E44B9651550D7A83D1B96 ] ehSched         C:\WINDOWS\ehome\ehsched.exe
00:22:59.0729 2184  ehSched - ok
00:22:59.0761 2184  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
00:22:59.0774 2184  EhStorClass - ok
00:22:59.0792 2184  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
00:22:59.0806 2184  EhStorTcgDrv - ok
00:22:59.0832 2184  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
00:22:59.0857 2184  ErrDev - ok
00:22:59.0891 2184  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\WINDOWS\system32\es.dll
00:22:59.0909 2184  EventSystem - ok
00:22:59.0932 2184  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
00:22:59.0959 2184  exfat - ok
00:22:59.0982 2184  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
00:22:59.0999 2184  fastfat - ok
00:23:00.0032 2184  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\WINDOWS\system32\fxssvc.exe
00:23:00.0059 2184  Fax - ok
00:23:00.0075 2184  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
00:23:00.0100 2184  fdc - ok
00:23:00.0123 2184  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
00:23:00.0153 2184  fdPHost - ok
00:23:00.0183 2184  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
00:23:00.0202 2184  FDResPub - ok
00:23:00.0229 2184  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
00:23:00.0294 2184  fhsvc - ok
00:23:00.0325 2184  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
00:23:00.0338 2184  FileInfo - ok
00:23:00.0350 2184  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
00:23:00.0381 2184  Filetrace - ok
00:23:00.0397 2184  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
00:23:00.0413 2184  flpydisk - ok
00:23:00.0443 2184  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
00:23:00.0462 2184  FltMgr - ok
00:23:00.0505 2184  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\WINDOWS\system32\FntCache.dll
00:23:00.0578 2184  FontCache - ok
00:23:00.0666 2184  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:23:00.0687 2184  FontCache3.0.0.0 - ok
00:23:00.0703 2184  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
00:23:00.0716 2184  FsDepends - ok
00:23:00.0743 2184  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:23:00.0755 2184  Fs_Rec - ok
00:23:00.0787 2184  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
00:23:00.0808 2184  fvevol - ok
00:23:00.0831 2184  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
00:23:00.0842 2184  FxPPM - ok
00:23:00.0856 2184  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
00:23:00.0869 2184  gagp30kx - ok
00:23:00.0888 2184  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
00:23:00.0913 2184  gencounter - ok
00:23:00.0940 2184  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
00:23:00.0953 2184  GPIOClx0101 - ok
00:23:01.0002 2184  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
00:23:01.0037 2184  gpsvc - ok
00:23:01.0059 2184  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:23:01.0069 2184  gupdate - ok
00:23:01.0075 2184  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:23:01.0085 2184  gupdatem - ok
00:23:01.0105 2184  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
00:23:01.0157 2184  HdAudAddService - ok
00:23:01.0187 2184  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
00:23:01.0242 2184  HDAudBus - ok
00:23:01.0258 2184  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
00:23:01.0276 2184  HidBatt - ok
00:23:01.0303 2184  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
00:23:01.0345 2184  HidBth - ok
00:23:01.0363 2184  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
00:23:01.0406 2184  hidi2c - ok
00:23:01.0436 2184  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
00:23:01.0468 2184  HidIr - ok
00:23:01.0494 2184  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\WINDOWS\system32\hidserv.dll
00:23:01.0507 2184  hidserv - ok
00:23:01.0534 2184  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
00:23:01.0599 2184  HidUsb - ok
00:23:01.0626 2184  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
00:23:01.0665 2184  hkmsvc - ok
00:23:01.0692 2184  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
00:23:01.0728 2184  HomeGroupListener - ok
00:23:01.0761 2184  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
00:23:01.0802 2184  HomeGroupProvider - ok
00:23:01.0904 2184  [ 930370725FA0FE272346583A7A7D6BDB ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:23:01.0920 2184  hpqcxs08 - ok
00:23:01.0944 2184  [ EE281DD6843F3F697C1AD7933EEB1E9B ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:23:01.0953 2184  hpqddsvc - ok
00:23:01.0982 2184  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
00:23:01.0995 2184  HpSAMD - ok
00:23:02.0037 2184  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
00:23:02.0128 2184  HTTP - ok
00:23:02.0151 2184  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
00:23:02.0163 2184  hwpolicy - ok
00:23:02.0200 2184  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
00:23:02.0218 2184  hyperkbd - ok
00:23:02.0238 2184  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
00:23:02.0250 2184  HyperVideo - ok
00:23:02.0283 2184  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
00:23:02.0331 2184  i8042prt - ok
00:23:02.0360 2184  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
00:23:02.0392 2184  iaStorV - ok
00:23:02.0418 2184  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
00:23:02.0430 2184  iirsp - ok
00:23:02.0509 2184  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
00:23:02.0568 2184  IKEEXT - ok
00:23:02.0584 2184  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
00:23:02.0602 2184  intelide - ok
00:23:02.0627 2184  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
00:23:02.0644 2184  intelppm - ok
00:23:02.0669 2184  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:23:02.0695 2184  IpFilterDriver - ok
00:23:02.0729 2184  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
00:23:02.0768 2184  iphlpsvc - ok
00:23:02.0786 2184  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
00:23:02.0850 2184  IPMIDRV - ok
00:23:02.0876 2184  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
00:23:02.0905 2184  IPNAT - ok
00:23:02.0923 2184  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
00:23:02.0992 2184  IRENUM - ok
00:23:03.0013 2184  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
00:23:03.0026 2184  isapnp - ok
00:23:03.0057 2184  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
00:23:03.0076 2184  iScsiPrt - ok
00:23:03.0104 2184  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
00:23:03.0117 2184  kbdclass - ok
00:23:03.0139 2184  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
00:23:03.0161 2184  kbdhid - ok
00:23:03.0200 2184  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
00:23:03.0252 2184  kdnic - ok
00:23:03.0267 2184  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\WINDOWS\system32\lsass.exe
00:23:03.0287 2184  KeyIso - ok
00:23:03.0319 2184  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
00:23:03.0339 2184  KSecDD - ok
00:23:03.0371 2184  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
00:23:03.0393 2184  KSecPkg - ok
00:23:03.0417 2184  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
00:23:03.0435 2184  ksthunk - ok
00:23:03.0460 2184  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
00:23:03.0487 2184  KtmRm - ok
00:23:03.0515 2184  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
00:23:03.0545 2184  LanmanServer - ok
00:23:03.0558 2184  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
00:23:03.0574 2184  LanmanWorkstation - ok
00:23:03.0604 2184  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
00:23:03.0620 2184  lltdio - ok
00:23:03.0638 2184  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
00:23:03.0681 2184  lltdsvc - ok
00:23:03.0695 2184  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
00:23:03.0740 2184  lmhosts - ok
00:23:03.0759 2184  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
00:23:03.0773 2184  LSI_SAS - ok
00:23:03.0795 2184  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
00:23:03.0809 2184  LSI_SAS2 - ok
00:23:03.0825 2184  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
00:23:03.0839 2184  LSI_SCSI - ok
00:23:03.0864 2184  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
00:23:03.0877 2184  LSI_SSS - ok
00:23:03.0910 2184  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\WINDOWS\System32\lsm.dll
00:23:03.0958 2184  LSM - ok
00:23:03.0987 2184  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
00:23:04.0007 2184  luafv - ok
00:23:04.0023 2184  [ 4448CCEA974F0B15A00EA33FCEDFC062 ] Mcx2Svc         C:\WINDOWS\system32\Mcx2Svc.dll
00:23:04.0038 2184  Mcx2Svc - ok
00:23:04.0053 2184  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
00:23:04.0066 2184  megasas - ok
00:23:04.0096 2184  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
00:23:04.0117 2184  MegaSR - ok
00:23:04.0144 2184  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
00:23:04.0182 2184  MMCSS - ok
00:23:04.0203 2184  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
00:23:04.0228 2184  Modem - ok
00:23:04.0251 2184  [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
00:23:04.0308 2184  monitor - ok
00:23:04.0327 2184  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
00:23:04.0345 2184  mouclass - ok
00:23:04.0365 2184  [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
00:23:04.0398 2184  mouhid - ok
00:23:04.0414 2184  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
00:23:04.0428 2184  mountmgr - ok
00:23:04.0457 2184  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
00:23:04.0523 2184  mpsdrv - ok
00:23:04.0563 2184  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
00:23:04.0597 2184  MpsSvc - ok
00:23:04.0628 2184  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
00:23:04.0651 2184  MRxDAV - ok
00:23:04.0679 2184  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:23:04.0731 2184  mrxsmb - ok
00:23:04.0758 2184  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
00:23:04.0775 2184  mrxsmb10 - ok
00:23:04.0791 2184  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
00:23:04.0813 2184  mrxsmb20 - ok
00:23:04.0841 2184  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
00:23:04.0870 2184  MsBridge - ok
00:23:04.0901 2184  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
00:23:04.0920 2184  MSDTC - ok
00:23:04.0950 2184  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
00:23:04.0973 2184  Msfs - ok
00:23:04.0990 2184  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
00:23:05.0001 2184  msgpiowin32 - ok
00:23:05.0027 2184  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
00:23:05.0049 2184  mshidkmdf - ok
00:23:05.0069 2184  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
00:23:05.0081 2184  mshidumdf - ok
00:23:05.0108 2184  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
00:23:05.0120 2184  msisadrv - ok
00:23:05.0147 2184  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
00:23:05.0174 2184  MSiSCSI - ok
00:23:05.0178 2184  msiserver - ok
00:23:05.0198 2184  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:23:05.0220 2184  MSKSSRV - ok
00:23:05.0233 2184  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
00:23:05.0259 2184  MsLldp - ok
00:23:05.0273 2184  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:23:05.0294 2184  MSPCLOCK - ok
00:23:05.0324 2184  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
00:23:05.0344 2184  MSPQM - ok
00:23:05.0363 2184  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
00:23:05.0382 2184  MsRPC - ok
00:23:05.0402 2184  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
00:23:05.0414 2184  mssmbios - ok
00:23:05.0423 2184  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
00:23:05.0435 2184  MSTEE - ok
00:23:05.0458 2184  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
00:23:05.0470 2184  MTConfig - ok
00:23:05.0500 2184  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
00:23:05.0513 2184  Mup - ok
00:23:05.0533 2184  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
00:23:05.0545 2184  mvumis - ok
00:23:05.0580 2184  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\WINDOWS\system32\qagentRT.dll
00:23:05.0623 2184  napagent - ok
00:23:05.0644 2184  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
00:23:05.0665 2184  NativeWifiP - ok
00:23:05.0692 2184  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
00:23:05.0729 2184  NcaSvc - ok
00:23:05.0755 2184  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
00:23:05.0782 2184  NcdAutoSetup - ok
00:23:05.0815 2184  [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
00:23:05.0863 2184  NDIS - ok
00:23:05.0880 2184  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
00:23:05.0902 2184  NdisCap - ok
00:23:05.0928 2184  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
00:23:05.0958 2184  NdisImPlatform - ok
00:23:05.0988 2184  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:23:06.0012 2184  NdisTapi - ok
00:23:06.0036 2184  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:23:06.0060 2184  Ndisuio - ok
00:23:06.0078 2184  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:23:06.0109 2184  NdisWan - ok
00:23:06.0127 2184  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:23:06.0144 2184  NDISWANLEGACY - ok
00:23:06.0172 2184  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
00:23:06.0184 2184  NDProxy - ok
00:23:06.0197 2184  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
00:23:06.0218 2184  Ndu - ok
00:23:06.0238 2184  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
00:23:06.0242 2184  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:23:06.0242 2184  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:23:06.0254 2184  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
00:23:06.0278 2184  NetBIOS - ok
00:23:06.0310 2184  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
00:23:06.0363 2184  NetBT - ok
00:23:06.0378 2184  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\WINDOWS\system32\lsass.exe
00:23:06.0391 2184  Netlogon - ok
00:23:06.0423 2184  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\WINDOWS\System32\netman.dll
00:23:06.0452 2184  Netman - ok
00:23:06.0483 2184  [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
00:23:06.0533 2184  netprofm - ok
00:23:06.0571 2184  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:23:06.0668 2184  NetTcpPortSharing - ok
00:23:06.0692 2184  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
00:23:06.0710 2184  nfrd960 - ok
00:23:06.0742 2184  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
00:23:06.0758 2184  NlaSvc - ok
00:23:06.0769 2184  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
00:23:06.0782 2184  Npfs - ok
00:23:06.0802 2184  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
00:23:06.0841 2184  npsvctrig - ok
00:23:06.0869 2184  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\WINDOWS\system32\nsisvc.dll
00:23:06.0883 2184  nsi - ok
00:23:06.0906 2184  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
00:23:06.0918 2184  nsiproxy - ok
00:23:06.0979 2184  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
00:23:07.0035 2184  Ntfs - ok
00:23:07.0060 2184  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\WINDOWS\system32\drivers\Null.sys
00:23:07.0083 2184  Null - ok
00:23:07.0323 2184  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
00:23:07.0635 2184  nvlddmkm - ok
00:23:07.0660 2184  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
00:23:07.0674 2184  nvraid - ok
00:23:07.0699 2184  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
00:23:07.0714 2184  nvstor - ok
00:23:07.0749 2184  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
00:23:07.0770 2184  nvsvc - ok
00:23:07.0845 2184  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:23:07.0880 2184  nvUpdatusService - ok
00:23:07.0903 2184  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
00:23:07.0917 2184  nv_agp - ok
00:23:07.0946 2184  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
00:23:07.0989 2184  p2pimsvc - ok
00:23:08.0021 2184  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
00:23:08.0068 2184  p2psvc - ok
00:23:08.0094 2184  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
00:23:08.0126 2184  Parport - ok
00:23:08.0149 2184  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
00:23:08.0162 2184  partmgr - ok
00:23:08.0189 2184  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
00:23:08.0229 2184  PcaSvc - ok
00:23:08.0257 2184  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\WINDOWS\system32\drivers\pci.sys
00:23:08.0279 2184  pci - ok
00:23:08.0307 2184  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
00:23:08.0320 2184  pciide - ok
00:23:08.0352 2184  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
00:23:08.0369 2184  pcmcia - ok
00:23:08.0392 2184  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
00:23:08.0405 2184  pcw - ok
00:23:08.0425 2184  [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
00:23:08.0438 2184  pdc - ok
00:23:08.0472 2184  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
00:23:08.0512 2184  PEAUTH - ok
00:23:08.0584 2184  [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
00:23:08.0685 2184  PeerDistSvc - ok
00:23:08.0757 2184  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
00:23:08.0899 2184  PerfHost - ok
00:23:08.0970 2184  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\WINDOWS\system32\pla.dll
00:23:09.0026 2184  pla - ok
00:23:09.0049 2184  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
00:23:09.0063 2184  PlugPlay - ok
00:23:09.0084 2184  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
00:23:09.0088 2184  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:23:09.0089 2184  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:23:09.0112 2184  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
00:23:09.0126 2184  PNRPAutoReg - ok
00:23:09.0144 2184  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
00:23:09.0160 2184  PNRPsvc - ok
00:23:09.0200 2184  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
00:23:09.0226 2184  PolicyAgent - ok
00:23:09.0252 2184  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\WINDOWS\system32\umpo.dll
00:23:09.0266 2184  Power - ok
00:23:09.0290 2184  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:23:09.0314 2184  PptpMiniport - ok
00:23:09.0395 2184  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
00:23:09.0534 2184  PrintNotify - ok
00:23:09.0560 2184  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\WINDOWS\System32\drivers\processr.sys
00:23:09.0583 2184  Processor - ok
00:23:09.0600 2184  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
00:23:09.0615 2184  ProfSvc - ok
00:23:09.0638 2184  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
00:23:09.0664 2184  Psched - ok
00:23:09.0694 2184  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\WINDOWS\system32\qwave.dll
00:23:09.0730 2184  QWAVE - ok
00:23:09.0745 2184  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
00:23:09.0758 2184  QWAVEdrv - ok
00:23:09.0779 2184  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:23:09.0794 2184  RasAcd - ok
00:23:09.0810 2184  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
00:23:09.0825 2184  RasAgileVpn - ok
00:23:09.0851 2184  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
00:23:09.0877 2184  RasAuto - ok
00:23:09.0883 2184  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:23:09.0905 2184  Rasl2tp - ok
00:23:09.0945 2184  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:23:09.0993 2184  RasMan - ok
00:23:10.0019 2184  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:23:10.0035 2184  RasPppoe - ok
00:23:10.0041 2184  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
00:23:10.0057 2184  RasSstp - ok
00:23:10.0068 2184  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:23:10.0089 2184  rdbss - ok
00:23:10.0099 2184  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
00:23:10.0132 2184  rdpbus - ok
00:23:10.0154 2184  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
00:23:10.0195 2184  RDPDR - ok
00:23:10.0218 2184  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
00:23:10.0230 2184  RdpVideoMiniport - ok
00:23:10.0256 2184  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
00:23:10.0279 2184  RDPWD - ok
00:23:10.0309 2184  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
00:23:10.0324 2184  rdyboost - ok
00:23:10.0350 2184  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
00:23:10.0382 2184  RemoteAccess - ok
00:23:10.0405 2184  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
00:23:10.0435 2184  RemoteRegistry - ok
00:23:10.0471 2184  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
00:23:10.0495 2184  RpcEptMapper - ok
00:23:10.0512 2184  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\WINDOWS\system32\locator.exe
00:23:10.0526 2184  RpcLocator - ok
00:23:10.0573 2184  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
00:23:10.0595 2184  RpcSs - ok
00:23:10.0614 2184  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
00:23:10.0638 2184  rspndr - ok
00:23:10.0678 2184  [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
00:23:10.0722 2184  RTL8168 - ok
00:23:10.0735 2184  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
00:23:10.0746 2184  s3cap - ok
00:23:10.0760 2184  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\WINDOWS\system32\lsass.exe
00:23:10.0773 2184  SamSs - ok
00:23:10.0849 2184  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys
00:23:10.0862 2184  SANDRA - ok
00:23:10.0890 2184  [ D5C3BE660BA6DB061C7D05BAFC1C4242 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe
00:23:10.0905 2184  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
00:23:10.0905 2184  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
00:23:10.0931 2184  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
00:23:10.0950 2184  sbp2port - ok
00:23:10.0984 2184  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
00:23:11.0005 2184  SCardSvr - ok
00:23:11.0039 2184  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
00:23:11.0073 2184  scfilter - ok
00:23:11.0130 2184  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\WINDOWS\system32\schedsvc.dll
00:23:11.0164 2184  Schedule - ok
00:23:11.0189 2184  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
00:23:11.0206 2184  SCPolicySvc - ok
00:23:11.0226 2184  [ 047315E75392CEA447ACC86257824C16 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
00:23:11.0243 2184  sdbus - ok
00:23:11.0271 2184  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
00:23:11.0308 2184  SDRSVC - ok
00:23:11.0332 2184  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
00:23:11.0345 2184  sdstor - ok
00:23:11.0359 2184  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
00:23:11.0373 2184  secdrv - ok
00:23:11.0399 2184  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\WINDOWS\system32\seclogon.dll
00:23:11.0424 2184  seclogon - ok
00:23:11.0450 2184  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\WINDOWS\System32\sens.dll
00:23:11.0480 2184  SENS - ok
00:23:11.0499 2184  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
00:23:11.0546 2184  SensrSvc - ok
00:23:11.0562 2184  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
00:23:11.0574 2184  SerCx - ok
00:23:11.0606 2184  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
00:23:11.0632 2184  Serenum - ok
00:23:11.0673 2184  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
00:23:11.0691 2184  Serial - ok
00:23:11.0709 2184  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
00:23:11.0726 2184  sermouse - ok
00:23:11.0761 2184  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
00:23:11.0790 2184  SessionEnv - ok
00:23:11.0818 2184  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
00:23:11.0840 2184  sfloppy - ok
00:23:11.0888 2184  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
00:23:11.0929 2184  SharedAccess - ok
00:23:11.0993 2184  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:23:12.0028 2184  ShellHWDetection - ok
00:23:12.0050 2184  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
00:23:12.0062 2184  SiSRaid2 - ok
00:23:12.0088 2184  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
00:23:12.0100 2184  SiSRaid4 - ok
00:23:12.0123 2184  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
00:23:12.0150 2184  SNMPTRAP - ok
00:23:12.0176 2184  [ 739A739DCC5D02FE30EDEADEBD7B9898 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
00:23:12.0193 2184  spaceport - ok
00:23:12.0207 2184  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
00:23:12.0220 2184  SpbCx - ok
00:23:12.0258 2184  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
00:23:12.0279 2184  Spooler - ok
00:23:12.0397 2184  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
00:23:12.0458 2184  sppsvc - ok
00:23:12.0474 2184  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
00:23:12.0504 2184  srv - ok
00:23:12.0535 2184  [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
00:23:12.0566 2184  srv2 - ok
00:23:12.0584 2184  [ FD8B4F201B681C555A4AF41922C52557 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
00:23:12.0615 2184  srvnet - ok
00:23:12.0655 2184  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
00:23:12.0677 2184  SSDPSRV - ok
00:23:12.0709 2184  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
00:23:12.0730 2184  SstpSvc - ok
00:23:12.0757 2184  Steam Client Service - ok
00:23:12.0822 2184  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:23:12.0841 2184  Stereo Service - ok
00:23:12.0859 2184  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
00:23:12.0871 2184  stexstor - ok
00:23:12.0907 2184  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\WINDOWS\System32\wiaservc.dll
00:23:12.0948 2184  stisvc - ok
00:23:12.0973 2184  [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
00:23:12.0986 2184  storahci - ok
00:23:13.0017 2184  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
00:23:13.0030 2184  storflt - ok
00:23:13.0044 2184  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
00:23:13.0079 2184  StorSvc - ok
00:23:13.0101 2184  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
00:23:13.0114 2184  storvsc - ok
00:23:13.0146 2184  [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
00:23:13.0179 2184  storvsp - ok
00:23:13.0196 2184  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\WINDOWS\system32\svsvc.dll
00:23:13.0230 2184  svsvc - ok
00:23:13.0243 2184  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
00:23:13.0255 2184  swenum - ok
00:23:13.0303 2184  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\WINDOWS\System32\swprv.dll
00:23:13.0369 2184  swprv - ok
00:23:13.0423 2184  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\WINDOWS\system32\sysmain.dll
00:23:13.0461 2184  SysMain - ok
00:23:13.0500 2184  [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
00:23:13.0549 2184  SystemEventsBroker - ok
00:23:13.0568 2184  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
00:23:13.0600 2184  TabletInputService - ok
00:23:13.0636 2184  [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:23:13.0682 2184  tap0901 - ok
00:23:13.0712 2184  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
00:23:13.0741 2184  TapiSrv - ok
00:23:13.0824 2184  [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
00:23:13.0884 2184  Tcpip - ok
00:23:13.0940 2184  [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:23:14.0000 2184  TCPIP6 - ok
00:23:14.0027 2184  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
00:23:14.0042 2184  tcpipreg - ok
00:23:14.0063 2184  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
00:23:14.0089 2184  tdx - ok
00:23:14.0108 2184  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
00:23:14.0120 2184  terminpt - ok
00:23:14.0155 2184  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\WINDOWS\System32\termsrv.dll
00:23:14.0193 2184  TermService - ok
00:23:14.0214 2184  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\WINDOWS\system32\themeservice.dll
00:23:14.0244 2184  Themes - ok
00:23:14.0272 2184  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
00:23:14.0285 2184  THREADORDER - ok
00:23:14.0322 2184  [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
00:23:14.0339 2184  TimeBroker - ok
00:23:14.0356 2184  [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
00:23:14.0371 2184  TPM - ok
00:23:14.0402 2184  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\WINDOWS\System32\trkwks.dll
00:23:14.0427 2184  TrkWks - ok
00:23:14.0471 2184  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
00:23:14.0502 2184  TrustedInstaller - ok
00:23:14.0518 2184  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
00:23:14.0556 2184  TsUsbFlt - ok
00:23:14.0573 2184  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
00:23:14.0591 2184  TsUsbGD - ok
00:23:14.0609 2184  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
00:23:14.0626 2184  tunnel - ok
00:23:14.0652 2184  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
00:23:14.0665 2184  uagp35 - ok
00:23:14.0691 2184  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
00:23:14.0705 2184  UASPStor - ok
00:23:14.0726 2184  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
00:23:14.0742 2184  UCX01000 - ok
00:23:14.0802 2184  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
00:23:14.0844 2184  udfs - ok
00:23:14.0872 2184  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
00:23:14.0890 2184  UI0Detect - ok
00:23:14.0906 2184  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
00:23:14.0919 2184  uliagpkx - ok
00:23:14.0942 2184  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
00:23:14.0967 2184  umbus - ok
00:23:14.0989 2184  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
00:23:15.0007 2184  UmPass - ok
00:23:15.0035 2184  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
00:23:15.0069 2184  UmRdpService - ok
00:23:15.0103 2184  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\WINDOWS\System32\upnphost.dll
00:23:15.0137 2184  upnphost - ok
00:23:15.0160 2184  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
00:23:15.0185 2184  usbccgp - ok
00:23:15.0211 2184  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
00:23:15.0245 2184  usbcir - ok
00:23:15.0269 2184  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
00:23:15.0282 2184  usbehci - ok
00:23:15.0305 2184  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
00:23:15.0339 2184  usbhub - ok
00:23:15.0365 2184  [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
00:23:15.0392 2184  USBHUB3 - ok
00:23:15.0403 2184  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
00:23:15.0424 2184  usbohci - ok
00:23:15.0451 2184  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
00:23:15.0496 2184  usbprint - ok
00:23:15.0516 2184  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:23:15.0545 2184  usbscan - ok
00:23:15.0582 2184  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
00:23:15.0595 2184  USBSTOR - ok
00:23:15.0634 2184  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
00:23:15.0669 2184  usbuhci - ok
00:23:15.0693 2184  [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
00:23:15.0714 2184  USBXHCI - ok
00:23:15.0719 2184  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\WINDOWS\system32\lsass.exe
00:23:15.0733 2184  VaultSvc - ok
00:23:15.0758 2184  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
00:23:15.0770 2184  vdrvroot - ok
00:23:15.0899 2184  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\WINDOWS\System32\vds.exe
00:23:15.0972 2184  vds - ok
00:23:15.0999 2184  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
00:23:16.0019 2184  VerifierExt - ok
00:23:16.0073 2184  [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
00:23:16.0119 2184  vhdmp - ok
00:23:16.0136 2184  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
00:23:16.0148 2184  viaide - ok
00:23:16.0215 2184  [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
00:23:16.0252 2184  Vid - ok
00:23:16.0270 2184  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
00:23:16.0285 2184  vmbus - ok
00:23:16.0305 2184  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
00:23:16.0317 2184  VMBusHID - ok
00:23:16.0354 2184  [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
00:23:16.0371 2184  vmbusr - ok
00:23:16.0437 2184  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
00:23:16.0481 2184  vmicheartbeat - ok
00:23:16.0503 2184  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
00:23:16.0522 2184  vmickvpexchange - ok
00:23:16.0607 2184  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
00:23:16.0631 2184  vmicrdv - ok
00:23:16.0667 2184  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
00:23:16.0682 2184  vmicshutdown - ok
00:23:16.0727 2184  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
00:23:16.0743 2184  vmictimesync - ok
00:23:16.0780 2184  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
00:23:16.0795 2184  vmicvss - ok
00:23:16.0832 2184  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
00:23:16.0854 2184  volmgr - ok
00:23:16.0917 2184  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
00:23:16.0943 2184  volmgrx - ok
00:23:17.0001 2184  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
00:23:17.0026 2184  volsnap - ok
00:23:17.0080 2184  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
00:23:17.0099 2184  vpci - ok
00:23:17.0129 2184  [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
00:23:17.0142 2184  vpcivsp - ok
00:23:17.0190 2184  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
00:23:17.0205 2184  vsmraid - ok
00:23:17.0315 2184  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\WINDOWS\system32\vssvc.exe
00:23:17.0392 2184  VSS - ok
00:23:17.0453 2184  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
00:23:17.0500 2184  VSTXRAID - ok
00:23:17.0641 2184  [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
00:23:17.0672 2184  vToolbarUpdater14.2.0 - ok
00:23:17.0709 2184  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
00:23:17.0748 2184  vwifibus - ok
00:23:17.0781 2184  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\WINDOWS\system32\w32time.dll
00:23:17.0832 2184  W32Time - ok
00:23:17.0848 2184  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
00:23:17.0870 2184  WacomPen - ok
00:23:17.0893 2184  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:23:17.0911 2184  Wanarp - ok
00:23:17.0936 2184  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:23:17.0954 2184  Wanarpv6 - ok
00:23:18.0074 2184  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\WINDOWS\system32\wbengine.exe
00:23:18.0143 2184  wbengine - ok
00:23:18.0169 2184  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
00:23:18.0209 2184  WbioSrvc - ok
00:23:18.0233 2184  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
00:23:18.0250 2184  Wcmsvc - ok
00:23:18.0331 2184  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
00:23:18.0389 2184  wcncsvc - ok
00:23:18.0405 2184  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
00:23:18.0446 2184  WcsPlugInService - ok
00:23:18.0461 2184  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\WINDOWS\system32\drivers\wd.sys
00:23:18.0474 2184  Wd - ok
00:23:18.0493 2184  [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
00:23:18.0505 2184  WdBoot - ok
00:23:18.0590 2184  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
00:23:18.0622 2184  Wdf01000 - ok
00:23:18.0693 2184  [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
00:23:18.0741 2184  WdFilter - ok
00:23:18.0773 2184  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
00:23:18.0794 2184  WdiServiceHost - ok
00:23:18.0805 2184  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
00:23:18.0825 2184  WdiSystemHost - ok
00:23:18.0870 2184  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\WINDOWS\System32\webclnt.dll
00:23:18.0900 2184  WebClient - ok
00:23:18.0914 2184  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
00:23:18.0935 2184  Wecsvc - ok
00:23:18.0946 2184  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
00:23:18.0971 2184  wercplsupport - ok
00:23:18.0994 2184  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
00:23:19.0100 2184  WerSvc - ok
00:23:19.0128 2184  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
00:23:19.0148 2184  WFPLWFS - ok
00:23:19.0172 2184  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
00:23:19.0205 2184  WiaRpc - ok
00:23:19.0224 2184  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
00:23:19.0242 2184  WIMMount - ok
00:23:19.0273 2184  WinDefend - ok
00:23:19.0411 2184  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
00:23:19.0465 2184  WinHttpAutoProxySvc - ok
00:23:19.0556 2184  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
00:23:19.0602 2184  Winmgmt - ok
00:23:19.0760 2184  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
00:23:19.0860 2184  WinRM - ok
00:23:19.0904 2184  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
00:23:19.0944 2184  WinUsb - ok
00:23:20.0063 2184  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
00:23:20.0132 2184  WlanSvc - ok
00:23:20.0273 2184  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
00:23:20.0389 2184  wlidsvc - ok
00:23:20.0405 2184  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
00:23:20.0417 2184  WmiAcpi - ok
00:23:20.0482 2184  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
00:23:20.0514 2184  wmiApSrv - ok
00:23:20.0530 2184  WMPNetworkSvc - ok
00:23:20.0549 2184  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
00:23:20.0585 2184  wpcfltr - ok
00:23:20.0615 2184  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
00:23:20.0641 2184  WPCSvc - ok
00:23:20.0672 2184  [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
00:23:20.0734 2184  WPDBusEnum - ok
00:23:20.0745 2184  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
00:23:20.0779 2184  WpdUpFltr - ok
00:23:20.0808 2184  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
00:23:20.0820 2184  ws2ifsl - ok
00:23:20.0849 2184  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
00:23:20.0898 2184  wscsvc - ok
00:23:20.0901 2184  WSearch - ok
00:23:21.0023 2184  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\WINDOWS\System32\WSService.dll
00:23:21.0139 2184  WSService - ok
00:23:21.0404 2184  [ 79F95469604B77296346DE7DB463EA2A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
00:23:21.0537 2184  wuauserv - ok
00:23:21.0569 2184  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
00:23:21.0595 2184  WudfPf - ok
00:23:21.0615 2184  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
00:23:21.0636 2184  WUDFRd - ok
00:23:21.0674 2184  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
00:23:21.0687 2184  WUDFSensorLP - ok
00:23:21.0704 2184  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
00:23:21.0730 2184  wudfsvc - ok
00:23:21.0749 2184  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
00:23:21.0762 2184  WUDFWpdFs - ok
00:23:21.0779 2184  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
00:23:21.0793 2184  WUDFWpdMtp - ok
00:23:21.0873 2184  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
00:23:21.0925 2184  WwanSvc - ok
00:23:21.0933 2184  ================ Scan global ===============================
00:23:21.0984 2184  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\WINDOWS\system32\basesrv.dll
00:23:22.0039 2184  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\WINDOWS\system32\winsrv.dll
00:23:22.0057 2184  [ BD7C6949984D19AAA609896B675E7357 ] C:\WINDOWS\system32\sxssrv.dll
00:23:22.0152 2184  [ 8F226143046435C75C033B0C52E90FFE ] C:\WINDOWS\system32\services.exe
00:23:22.0157 2184  [Global] - ok
00:23:22.0158 2184  ================ Scan MBR ==================================
00:23:22.0174 2184  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:23:22.0984 2184  \Device\Harddisk0\DR0 - ok
00:23:22.0985 2184  ================ Scan VBR ==================================
00:23:23.0012 2184  [ C936DB38D1726711ECD7E3653D13369F ] \Device\Harddisk0\DR0\Partition1
00:23:23.0023 2184  \Device\Harddisk0\DR0\Partition1 - ok
00:23:23.0058 2184  [ 7220452F30E0B913BEB7A4330600909E ] \Device\Harddisk0\DR0\Partition2
00:23:23.0073 2184  \Device\Harddisk0\DR0\Partition2 - ok
00:23:23.0103 2184  [ 6F8B0E884325D94F34DB63768022C197 ] \Device\Harddisk0\DR0\Partition3
00:23:23.0140 2184  \Device\Harddisk0\DR0\Partition3 - ok
00:23:23.0141 2184  ============================================================
00:23:23.0141 2184  Scan finished
00:23:23.0141 2184  ============================================================
00:23:23.0152 1324  Detected object count: 4
00:23:23.0152 1324  Actual detected object count: 4
00:24:24.0863 1324  ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:24.0863 1324  ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:24:24.0863 1324  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:24.0863 1324  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:24:24.0865 1324  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:24.0865 1324  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:24:24.0866 1324  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:24.0866 1324  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:24:32.0561 4788  Deinitialize success
         

Alt 29.04.2013, 08:15   #8
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Servus,



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAR.

Alt 29.04.2013, 13:17   #9
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



also nach 2 std scannen mit mbar wollte ich auf die festplatte zugreifen was nicht geklappt hat (keine rückmeldung) mbar hat auch nicht mehr reagiert ich konnte garnichts mehr machen ausser neustart. lag das an mbar? soll ich nochmal versuchen zu scannen?? hier ist die log datei von adw cleaner
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 29/04/2013 um 11:54:54 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center  (64 bits)
# Benutzer : dark - DARK-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : vToolbarUpdater14.2.0

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\dark\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\dark\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\dark\AppData\LocalLow\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16540

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={5F309518-9942-4EAF-9462-12FC8D7BB673}&mid=1fe52ba940dd47d09ddcd16d5b34c071-1ff06a90c643aa812b62f3bc0071b03903534728&lang=de&ds=AVG&pr=fr&d=2013-01-30 17:47:26&v=14.2.0.1&pid=avg&sg=&sap=hp --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\dark\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [6537 octets] - [29/04/2013 11:54:54]

########## EOF - C:\AdwCleaner[S1].txt - [6597 octets] ##########
         

Alt 29.04.2013, 14:30   #10
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Servus,


MBAR dauert eigentlich nicht lange.


Wir versuchen es mal so:



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAR.

Alt 29.04.2013, 15:11   #11
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



oh man selbst das klappt nicht, er hat zwar einige zeit was gemacht aber dann stand da auch keine rückmeldung. soll ich mal mbar nochmal starten?

Alt 29.04.2013, 15:17   #12
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Zitat:
Zitat von Darklee Beitrag anzeigen
soll ich mal mbar nochmal starten?
Ja, versuchen wirs nochmal.

Alt 29.04.2013, 19:48   #13
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



hi und hallo, ich habe jetzt nach über 3 std das programm abgebrochen weil es einfach nicht zu ende gehen will. hier die logdatei. kann ich noch was anderes machen?
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.29.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
dark :: DARK-PC [administrator]

29.04.2013 19:38:55
mbar-log-2013-04-29 (19-38-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 34176
Time elapsed: 3 hour(s), 17 minute(s), 57 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 30.04.2013, 09:38   #14
M-K-D-B
/// TB-Ausbilder
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



Servus,



alles klar. Wir kontrollieren nochmal alles.

Bitte gedulde dich insbesondere bei ESET. Dieser Scan kann lange dauern.






Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:Commands
[emptyjava]
[emptyflash]
[reboot]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 30.04.2013, 18:28   #15
Darklee
 
Trojan Generic.32.CCGO Gefährlich? - Standard

Trojan Generic.32.CCGO Gefährlich?



hier sind die logs :
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.30.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
dark :: DARK-PC [Administrator]

Schutz: Aktiviert

30.04.2013 15:26:13
mbam-log-2013-04-30 (15-26-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377267
Laufzeit: 12 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: dark
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: dark
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04302013_151216
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0a9f590b3b9a0644b2e0ce04bfcf8c3b
# engine=13727
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-30 04:38:42
# local_time=2013-04-30 06:38:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=1045 16777213 100 94 14000 54473906 0 0
# compatibility_mode=5893 16776573 100 94 33355 7929021 0 0
# scanned=465835
# found=3
# cleaned=0
# scan_time=10546
sh=A3400420F246FF990DFC8D223F70A7EDCB42BAD5 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Windows.old\Users\dark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C06L9YP2\firstload_com[1].htm"
sh=52B652A736EB57AF2A265F20CD02E3F09C19DD02 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="C:\Windows.old\Users\dark\AppData\Local\Temp\OptimizerPro_new.zip"
sh=415788A0C3A0C0AEFFE5DC2707F00D56BC10FC86 ft=1 fh=9a01efc3b7a794b4 vn="a variant of Win32/Adware.SpeedingUpMyPC.A application" ac=I fn="C:\Windows.old\Users\dark\AppData\Local\Temp\1606e1353324abdcd295dfd1d5956201\OptimizerPro.exe"
         
bei security check habe ich eine fehlermeldung bekommen: (Error: Recursion level has been exceeded - Autolt will Quit to prevent stack overflow.) Und meine Versteckten datein sind jetzt alle sichtbar, wie mache ich die wieder unsichtbar?

Antwort

Themen zu Trojan Generic.32.CCGO Gefährlich?
autorun, avg secure search, avg security toolbar, bho, cid, desktop, down, downloader, error, festplatte, firefox, frage, gefährlich?, google, homepage, iexplore.exe, install.exe, logfile, nicht möglich, plug-in, problem, realtek, registry, scan, secure search, security, svchost.exe, trojan, updates, virus, visual studio, vtoolbarupdater, windows



Ähnliche Themen: Trojan Generic.32.CCGO Gefährlich?


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  3. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  4. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  5. Trojan.Sirefef.MC und Trojan.Generic.8253580 lassen sich nicht entfernen!
    Log-Analyse und Auswertung - 23.02.2013 (9)
  6. Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (20)
  7. Trojan Sirefek KD Trojan Generic 7656944
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (3)
  8. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  9. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  10. PUP-Toolbar - gefährlich oder nicht gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  11. Trojan.SpyEye.config-251 und Trojan.Generic.KD.227292
    Log-Analyse und Auswertung - 10.06.2011 (5)
  12. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  13. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  14. Trojan.Generic.1850540 gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (1)
  15. Trojan.Generic.IS.541395 und Trojan.Script.190190
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (17)
  16. Trojan.Agent (evtl. Trojan.Generic)
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  17. Generic Trojan - Trojan Patch F
    Log-Analyse und Auswertung - 13.02.2008 (0)

Zum Thema Trojan Generic.32.CCGO Gefährlich? - Hallo liebe Leute habe mich grade angemeldet in der Hoffnung Hilfe zu bekommen. AVG hat grade den Virus Trojan Generic.32.CCGO 2 mal gefunden und gelöscht. Meine frage ist jetzt ob - Trojan Generic.32.CCGO Gefährlich?...
Archiv
Du betrachtest: Trojan Generic.32.CCGO Gefährlich? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.