E-Mail Spam, Tojaner: tr/dldr.karagany.i.58

Freezer123 · 04.12.2012, 04:33

Hallo miteinander,

mein Yahoo-Mailaccount hat letzte Nacht an alle meine Kontakte Spam Mails geschickt. Der Inhalt war folgender:
"A Guide to Starting a Home Based Web Business hxxp://www.socialmediamanagementtraining**********************"

Avira Antivir hat folgenden Trojaner festgestellt: tr/dldr.karagany.i.58
Malwarebytes hat 20 Dateien gefunden die ich auch gleich gelöscht habe. Ihr findet die Log Datei im Anhang. Ich habe nach einem Neustart Malwarebytes gleich nochmal laufen lassen, dass Programm hat dann nichts mehr gefunden.

Das Passwort meines E-Mail Accounts habe ich auch geändert.
Bin ich jetzt auf der sicheren Seite, oder was muss ich noch tun?

Vielen Dank für eure Hilfe!

cosinus · 04.12.2012, 13:02

Hallo und

Zitat:

Avira Antivir hat folgenden Trojaner festgestellt: tr/dldr.karagany.i.58

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Freezer123 · 04.12.2012, 17:13

Danke für die Antwort und entschuldigt mich, ich mache das alles zum ersten mal hier...
Ich dachte es reicht wenn ich denn Log anhänge...
Also hier von Malwarebyte:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fabio :: XXXX-PC [Administrator]

Schutz: Aktiviert

04.12.2012 03:59:40
mbam-log-2012-12-04 (03-59-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207512
Laufzeit: 4 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Die Log- Datei von Antivir habe ich leider nicht mehr gefunden.
Bin ich jetzt sicher, oder was soll ich noch machen?
Wie gesagt Passwörter wurden auch schon gewechselt (zuerst am eigenen PC und dann an einem fremden).
Vielen Dank für eure Hilfe!

cosinus · 04.12.2012, 19:16

Zitat:

Die Log- Datei von Antivir habe ich leider nicht mehr gefunden.

Äh, genau deswegen hab ich dir ja eigentlich einen Artikel verlinkt!

Da war zB dieser Screenshot zu sehen:

Freezer123 · 05.12.2012, 05:35

Entschuldigung!
Hier ist der Antivir Bericht

Code:

ATTFilter

04.12.2012 17:06 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\XXXX\Music\Musik Mutter 50er\Musik\Rod Stewart\Rod Stewart 
      - Jos Lament.wma'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Wimad.J' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f919fbf.qua' 
      verschoben!

04.12.2012 17:06 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\XXXX\Music\Musik Mutter 50er\Musik\Rod Stewart\Rod Stewart 
      - Downtown Train.wma'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Wimad.J' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1dcec550.qua' 
      verschoben!

04.12.2012 17:06 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\XXXX\Music\Musik Mutter 50er\Musik\Rod Stewart\Rod Stewart 
      - She Wont Dance With Me.wma'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Wimad.J' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5706b018.qua' 
      verschoben!

04.12.2012 03:50 [System Scanner] Malware gefunden
      Die Datei 
      'C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\145e0c74-40382
      adc'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Karagany.I.58' 
      [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5546c124.qua' 
      verschoben!

04.12.2012 03:44 [Echtzeit Scanner] Malware gefunden
      In der Datei 
      'C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\145e0c74-40382
      adc'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Karagany.I.58' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.12.2012 03:06 [System Scanner] Malware gefunden
      Die Datei 'C:\Windows\crack.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Sasfis.afks' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54bdf2d5.qua' 
      verschoben!

04.12.2012 03:05 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Windows\crack.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sasfis.afks' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus · 05.12.2012, 14:54

Sind das alle Funde von AntiVir?

Mach bitte einen CustomScan mit OTL .

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Freezer123 · 05.12.2012, 16:50

Hey ich versuche jetzt seit einer halben Stunde den Scan durchzuführen, jedoch bleibt der Scan immer bei Firefox Setup hängen.
Ich habe verschiedene OTL.exe von verschiedenen Seiten heruntergeladen, jedoch haben alle das selbe Problem gehbat...
Ich habe vor jedem Scan alle Programme geschloßen.
Wie bekomme ich es hin den Scan durchzuführen ohne das er hängen bleibt?

cosinus · 05.12.2012, 16:54

Probier den Scan im abgesicherten Modus mit Netzwerktreibern aus

Freezer123 · 05.12.2012, 17:42

Es funktioniert leider auch nicht im abgesicherten Modus... Bleibt bei Firefox wieder hängen

cosinus · 06.12.2012, 08:35

Dann so:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Freezer123 · 07.12.2012, 17:44

Okay es hat jetzt funktioniert.
Danke für die Tipps soweit!

Code:

ATTFilter

OTL Extras logfile created on: 07.12.2012 16:48:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fabio\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 35,53% Memory free
7,87 Gb Paging File | 4,76 Gb Available in Paging File | 60,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 225,56 Gb Free Space | 50,00% Space Free | Partition Type: NTFS
 
Computer Name: FABIO-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098C4F0D-3228-456B-A7B4-3DC2AE6D39BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{120903D1-697C-4CFF-8B71-5387034FC30E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15538D72-6D3E-4A40-BC2D-E59A77482716}" = lport=137 | protocol=17 | dir=in | app=system | 
"{232F741B-E9CA-4803-93F7-692FD42E1517}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25BC7E81-B085-4EB3-AD15-9BFFBD36D75A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27EEF838-A11B-4C13-A3B7-E69F0AFBB7DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B642D6C-F0AB-4DAB-816F-D6C41B0D35FA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E5517F3-5C63-43A0-A9A2-1AC32172CAC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39EF8459-991A-4F91-9909-21CE04CBA48F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F045632-EE2D-4091-A663-9405EA55B019}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{524B1B9A-D3D2-46B3-AB72-A4E809CC833D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{54178F42-B769-4761-8605-2A5B9EDEF95E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5E19C896-8906-41EC-952D-67151D3DEE11}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{6B85EB96-ED5B-4238-970D-1556BE8C3003}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7112A1DF-9858-4378-B037-7DC4CF8BDF68}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{782110F6-45A6-4AD6-AE72-972E8B099EC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9325419E-901D-448F-9381-D4E5D3154AB7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{94638F81-3DEB-464A-BACB-843C595D47E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AAA5A19B-3629-4B4D-B9CB-E28A63071D38}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ADA7E60E-ABEC-424E-AC66-8572805B5D81}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B4891A9C-E742-44CA-B10F-37DA7D0581C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA9FCF02-0DE1-4150-963F-8B832210B455}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DCF1683F-7FFA-40E7-89FA-6E07B8AF0B27}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DD3957D4-4655-4C49-A272-F2457FD21103}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D5897E-A53B-4D26-88FB-D3E1A770C893}" = protocol=6 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"{057106CD-2D92-4273-84A2-81AE0A50545D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{06A6B654-8B83-4D48-BBAD-998CEB3B8C16}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{07946956-AB7B-49B8-84EF-A6354060E8AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EBB26AC-F0C1-4FB1-B48E-DDA5D0336A52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F6D3663-C53A-4944-9F76-7FCE4CE1FD7E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1AEFEC89-9737-4FF0-91BE-4377E6E93770}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{1B119D55-538E-454C-B0BC-77C02A66BCED}" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe | 
"{1F159AE7-C490-4305-9F1E-57AC72E2A7C5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{230C8203-F4E0-47BD-AF13-4A0BB5C41687}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{25DBAFF2-2AAD-422D-93EE-DCB4EB405015}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{38BEECA5-F28B-4D29-95DB-0B478DEEB6FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3FBA9F3B-7975-4349-8B67-57F112E869B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{42BCA4E2-9A63-4F64-94A2-373C9B2E8199}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{43AD69C7-E0F5-409B-857A-6A7901193A8D}" = dir=in | app=c:\program files (x86)\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"{442077E0-B9A2-4D43-AC5B-31D9DA9462AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4538F8A2-8D1B-4CAD-B182-9DFEB14F411C}" = protocol=17 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4672E1DB-2D70-4F42-8867-CBE8BD978D22}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4FA8825A-B559-4658-9F3F-26760FC77E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4FEA5C74-2297-45F5-90F4-6C293E4C9FD5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{50C3A1E6-9353-4049-BD25-3E469F5401FC}" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe | 
"{516DDBFA-2073-404B-9FAD-99173C8712D8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{5643305A-999B-44B8-BF70-B5E05C5196CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{595A097F-7892-4B63-8754-F7BE858DC365}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5D6FA9C8-8695-41BE-ABF4-247EB05E68FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{5F0478DE-817A-4490-98B3-BDE88C62237F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5F112A39-AC9A-4312-8C08-B4A6F51524A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{64A74650-7B06-48E4-A071-2C89B3AFD3DC}" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe | 
"{67B6A398-3CCC-4F17-9888-0D165423B4B3}" = protocol=6 | dir=in | app=c:\users\fabio\appdata\local\apps\2.0\gw1ae2ox.jwt\zyd91w7j.5y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{70A91C23-6386-48D2-AFC1-B529F3AD5AE3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 
"{749DF5CE-AED1-4DBB-902C-F83E10CB0ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7EA7F607-0636-41A6-8187-78E72B1F7E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{8689247F-DEDC-4D33-A897-B3229BA78F3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{89E608B6-D8BB-4597-99A3-44AFCE76F9B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8A35B825-ADBE-49E1-943B-D60EE681571C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{9325A355-A147-4A43-B2FF-15288C9152D0}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{93754244-66CA-48F9-9382-8EB53BF2C37E}" = protocol=6 | dir=out | app=system | 
"{971ABE22-D9F5-4C4F-A916-D3DF78E7B4B5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{977BB6E8-A090-4E45-960E-493B9689DE96}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{9DFE75E8-011C-4EBF-AC38-FFABC3EA2EAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B6DFAC32-455B-4B90-96E8-2709D825890D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B7C28C8C-BDE4-4586-9062-5ECF2FB7E26A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDE7BD6D-30CD-469B-9039-5170FCAFAF1C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BFBE1DC2-6EDD-4D7D-8C34-CC2D21C93B29}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{C3D21738-F14F-4862-BAAA-7773FC278991}" = protocol=17 | dir=in | app=c:\users\fabio\appdata\local\apps\2.0\gw1ae2ox.jwt\zyd91w7j.5y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{C483D6F9-248D-4184-8026-981DAC475BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C63A0B45-2C6C-432D-8CD0-A1C01EBFB898}" = dir=in | app=c:\users\fabio\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{CCDEF4AB-D177-4CE0-AE61-B9BF82D02D31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CDE59E6A-E967-4711-B0AC-196CC5CC14D4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D041E357-F32C-4819-8AD1-761AA81136C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D042B201-99E5-44CA-B89F-293659A8BD7A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D09F5B2D-5800-4C8B-A9B4-A8A0D643978B}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{D253B02D-F292-461B-9889-6769D7428312}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{D45AC7E8-5691-4669-BDC5-E1C24017CD1C}" = protocol=6 | dir=in | app=c:\users\fabio\appdata\local\apps\2.0\gw1ae2ox.jwt\zyd91w7j.5y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{D5EA3EB3-AEF9-4487-9DAA-663194D07A16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DA8BBD26-A8AE-4C2A-B431-C4F6AA553DCB}" = protocol=17 | dir=in | app=c:\users\fabio\appdata\local\apps\2.0\gw1ae2ox.jwt\zyd91w7j.5y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{DF21A487-6913-4F4A-A067-A7E3FAA1C779}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{EAF78009-6FF4-4933-BD8D-7D7A50699F6B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{EB16F4C0-052C-4A50-B5B9-58D50A9A9EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe | 
"{ED78A3B4-C1F7-4355-A11E-8E581421F7A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F606021B-A7AC-48E2-91C9-A18C58F23395}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7864831-D65A-469F-8DD5-4BB4B304048A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F81D113D-880F-4ABC-A647-0CF55C452340}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{F99455A7-BC95-4F00-A966-6B1EAD3A91A9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{0F37D4A5-F97A-455B-8B41-EFD2B51B6CD5}C:\users\fabio\desktop\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\fabio\desktop\redsn0w_win_0.9.10b2\redsn0w.exe | 
"TCP Query User{1DABFA11-F90F-4F39-91CE-519C81E59885}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{6D8AC269-1C62-45D8-9C88-E40C6DC4F096}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{B012D964-7CE5-42BC-8CA3-8EB8CC79C767}C:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C6D21E1D-3AAF-4B19-AF1D-B055C6EF8D75}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{ED92483E-09D0-4199-A09E-872622FC4FF8}C:\users\fabio\desktop\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\fabio\desktop\redsn0w_win_0.9.10b3\redsn0w.exe | 
"TCP Query User{FB6B6F9D-E4D4-4BE3-8715-1305EF03A7B9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{10A521DE-40AE-4537-AA51-D3FE26E0296D}C:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fabio\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1FAEBFF6-07A7-4916-A631-A3789A6C603D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{2E9DB325-8546-4C00-911D-35233F8F7F8D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{3322C6FB-4BC1-4AE0-A9C9-EBF10BA59A50}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6BE3B6D3-30BA-4C41-95F6-ED83F8F95EAF}C:\users\fabio\desktop\redsn0w_win_0.9.10b3\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\fabio\desktop\redsn0w_win_0.9.10b3\redsn0w.exe | 
"UDP Query User{C16B0FFB-57DE-4514-BCEA-A58DE0E2F94B}C:\users\fabio\desktop\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\fabio\desktop\redsn0w_win_0.9.10b2\redsn0w.exe | 
"UDP Query User{D9A0CAAF-DF67-4759-94A8-772C6E5F65BF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11B7FDD0-6D31-1CAB-3BC4-9EB1ACD67803}" = ATI AVIVO64 Codecs
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B1F3524F-1F3B-4B79-0346-38669CD828C8}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDE1F7BF-9B4B-44AB-9788-A9EBF9453F13}" = Harzing's Publish or Perish 3.2.4150
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDAA17FB-9CDD-AA3B-ED37-FA6F0C052123}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{2A00CD93-492D-0B32-C144-A8B9792CCE3E}" = Catalyst Control Center Localization All
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3ECECC41-64EC-47F7-BCD1-6EC7039FF88A}" = YTD Toolbar v6.6
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4979A82C-4EBE-32C4-81E5-94532C4BAEED}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52F8811F-2BA4-F47F-600C-8C93C94E93DD}" = Catalyst Control Center InstallProxy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BC352F2-A0F5-5162-B519-ADCD72761DCE}" = ccc-core-static
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{7087BFF5-88C7-4B82-2EF6-B7F09DD4A86B}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{818E0212-DA58-E255-00D2-4C22D50A12F2}" = CCC Help English
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95587AD6-8953-3288-49A1-4BBD8655E94D}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE4AD67B-9EA0-31F1-F5EE-E9B836248839}" = CCC Help English
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Webcam Central" = Dell Webcam Central
"Free FLV Converter_is1" = Free FLV Converter V 6.8.0
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.3
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.11.1661" = Opera 12.11
"PlayerVideo" = PlayerVideo Screen Saver
"TeamViewer 6" = TeamViewer 6
"Trojan Remover_is1" = Trojan Remover 6.8.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"VLC Setup Helper_is1" = VLC Setup Helper 3.04
"VLC Streamer_is1" = VLC Streamer 1.26
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.0.7
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1831652054-585087053-2589245715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2011 07:27:27 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.12.2011 07:27:27 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
 
Error - 15.12.2011 07:27:27 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error - 15.12.2011 11:05:21 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.12.2011 11:05:21 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1029
 
Error - 15.12.2011 11:05:21 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1029
 
Error - 15.12.2011 11:05:22 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.12.2011 11:05:22 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028
 
Error - 15.12.2011 11:05:22 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error - 15.12.2011 11:05:23 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.12.2011 11:05:23 | Computer Name = Fabio-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3026
 
[ Broadcom Wireless LAN Events ]
Error - 16.08.2012 00:24:30 | Computer Name = Fabio-PC | Source = WLAN-Tray | ID = 0
Description = 06:24:30, Thu, Aug 16, 12 Error - Unable to gain access to user store

 
Error - 05.12.2012 12:10:44 | Computer Name = Fabio-PC | Source = WLAN-Tray | ID = 0
Description = 17:10:44, Wed, Dec 05, 12 Error - Unable to gain access to user store

 
[ Cisco AnyConnect VPN Client Events ]
Error - 02.12.2012 10:18:39 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4128
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 02.12.2012 10:18:39 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 02.12.2012 10:18:39 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.12.2012 02:17:27 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.12.2012 02:17:27 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.12.2012 02:17:27 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.12.2012 02:17:27 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4128
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.12.2012 02:17:27 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2484 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 04.12.2012 02:17:27 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 05.12.2012 12:54:55 | Computer Name = Fabio-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ Dell Events ]
Error - 16.08.2012 12:18:09 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 16.08.2012 13:35:43 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 16.08.2012 13:35:43 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.08.2012 17:06:39 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.08.2012 17:06:39 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.08.2012 17:23:41 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.08.2012 17:23:41 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.08.2012 17:26:11 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.08.2012 17:26:11 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.10.2012 10:37:15 | Computer Name = Fabio-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ System Events ]
Error - 07.12.2012 08:07:48 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 08:07:50 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 08:07:51 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 09:49:42 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 09:49:42 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 11:41:10 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 11:41:13 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 11:41:14 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 11:41:16 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 07.12.2012 11:41:16 | Computer Name = Fabio-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 07.12.2012 16:48:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fabio\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 35,53% Memory free
7,87 Gb Paging File | 4,76 Gb Available in Paging File | 60,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 225,56 Gb Free Space | 50,00% Space Free | Partition Type: NTFS
 
Computer Name: FABIO-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Fabio\AppData\Local\Apps\2.0\GW1AE2OX.JWT\ZYD91W7J.5Y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Razer\Copperhead\razerhid.exe ()
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Razer\Copperhead\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Fabio\AppData\Local\Apps\2.0\GW1AE2OX.JWT\ZYD91W7J.5Y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Razer\Copperhead\razerhid.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Program Files (x86)\Belkin\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files (x86)\Razer\Copperhead\download.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe (IDT, Inc.)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (btwdins) -- C:\Program Files (x86)\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (copperhd) -- C:\Windows\SysNative\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C74F0377-6577-4BDF-8BC2-EFE6F5477B0C}
IE:64bit: - HKLM\..\SearchScopes\{C74F0377-6577-4BDF-8BC2-EFE6F5477B0C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{4C94AA13-E2F8-42F8-ACE1-9EA1140A7306}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
IE - HKLM\..\SearchScopes\{B82A73F7-D1B9-49E3-BEA0-880B815CA57C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {4C94AA13-E2F8-42F8-ACE1-9EA1140A7306}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.rz.dhbw-heidenheim.de/proxy/vpn-edu.pac
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {4C94AA13-E2F8-42F8-ACE1-9EA1140A7306}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.rz.dhbw-heidenheim.de/proxy/vpn-edu.pac
 
 
 
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\SearchScopes,DefaultScope = {2F341BA5-6BAD-43A8-B453-A0BE1025DCF3}
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\SearchScopes\{2F341BA5-6BAD-43A8-B453-A0BE1025DCF3}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\SearchScopes\{B82A73F7-D1B9-49E3-BEA0-880B815CA57C}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\SearchScopes\{DF7D7E5C-A4A3-470B-83B0-FC95AC1F7686}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://www.rz.dhbw-heidenheim.de/proxy/vpn-edu.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "FreeOnlineRadioPlayerRecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: {f999a48b-1950-4d81-9971-79018f807b4b}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.5
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {f999a48b-1950-4d81-9971-79018f807b4b}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fabio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.16 16:43:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.16 16:43:08 | 000,000,000 | ---D | M]
 
[2010.04.06 00:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions
[2012.12.04 17:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\3n2bn0p9.default\extensions
[2012.09.25 17:09:27 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Community Toolbar) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\3n2bn0p9.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2010.12.20 20:56:31 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\3n2bn0p9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.08.26 18:54:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\3n2bn0p9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.03.25 10:31:06 | 000,000,961 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\3n2bn0p9.default\searchplugins\conduit.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\mozilla\firefox\profiles\3n2bn0p9.default\searchplugins\startsear.xml
[2012.04.13 12:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.13 12:27:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.04 17:03:57 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.12.04 17:03:57 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2011.11.29 21:02:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.11.29 21:02:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.29 21:02:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.29 21:02:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.29 21:02:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.29 21:02:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.29 21:02:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000..\Run: [AVMUSBFernanschluss] C:\Users\Fabio\AppData\Local\Apps\2.0\GW1AE2OX.JWT\ZYD91W7J.5Y1\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000..\Run: [Facebook Update] C:\Users\Fabio\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1831652054-585087053-2589245715-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabio\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.40.192.254 202.40.192.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC24383-F4E1-4578-8C36-82BEF103AB98}: DhcpNameServer = 202.40.192.254 202.40.192.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13513E1E-AF82-4F54-B1F5-513F2FB84298}: DhcpNameServer = 202.40.192.254 202.40.192.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91853545-FE09-43D7-8AD0-8E2A961480FF}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0a6c070-45ad-11df-a113-b8ac6f53c6cd}\Shell - "" = AutoRun
O33 - MountPoints2\{d0a6c070-45ad-11df-a113-b8ac6f53c6cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f43b6dfb-9968-11df-bd15-b8ac6f53c6cd}\Shell - "" = AutoRun
O33 - MountPoints2\{f43b6dfb-9968-11df-bd15-b8ac6f53c6cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.05 17:50:39 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Desktop\backups
[2012.12.05 17:44:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fabio\Desktop\HiJackThis204.exe
[2012.12.05 16:37:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fabio\Desktop\OTL.exe
[2012.12.05 05:36:10 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Desktop\Virus
[2012.12.04 17:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.04 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Documents\Simply Super Software
[2012.12.04 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Simply Super Software
[2012.12.04 17:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.12.04 17:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.12.04 17:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.12.04 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
[2012.12.04 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.12.04 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.12.04 17:03:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.04 07:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 07:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 03:01:15 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Malwarebytes
[2012.12.04 03:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.04 03:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.04 03:01:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.04 03:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.01 12:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.01 12:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.30 11:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.30 10:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.30 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.30 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.11.30 10:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.11.14 11:10:08 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 11:10:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 11:00:27 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 11:00:27 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 11:00:27 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 11:00:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 10:57:31 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 10:57:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 10:57:31 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 10:57:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 10:57:21 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 10:57:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 10:57:19 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 10:57:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 10:57:18 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 10:57:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 10:57:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2011.01.21 18:54:29 | 019,877,696 | ---- | C] (TuneUp Software) -- C:\Users\Fabio\AppData\Roaming\TU2011_DE_Beta7_10.0.1070.2.exe
[2010.10.19 17:07:24 | 019,887,424 | ---- | C] (TuneUp Software) -- C:\Users\Fabio\AppData\Roaming\Tune Up Utilities 2011 Beta.exe
[2010.04.29 16:38:19 | 008,656,832 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Fabio\AppData\Roaming\DataSafeDotNet.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.07 16:41:32 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1831652054-585087053-2589245715-1000UA.job
[2012.12.07 16:41:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.07 16:41:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.07 13:25:03 | 004,288,537 | ---- | M] () -- C:\Users\Fabio\Desktop\Attachments_2012_12_7.zip
[2012.12.07 13:10:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.07 13:10:53 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.07 13:10:53 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.07 13:10:53 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.07 13:10:53 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.07 13:08:04 | 000,011,672 | ---- | M] () -- C:\Users\Fabio\Desktop\ebooks.adr
[2012.12.07 10:48:04 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.07 10:48:04 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.07 10:40:22 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.12.07 10:40:11 | 3168,165,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.05 18:27:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1831652054-585087053-2589245715-1000Core.job
[2012.12.05 17:44:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fabio\Desktop\HiJackThis204.exe
[2012.12.05 16:43:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabio\Desktop\OTL.exe
[2012.12.04 07:44:23 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.02 12:11:18 | 002,329,148 | ---- | M] () -- C:\Users\Fabio\Desktop\Handelsbarrieren.pdf
[2012.11.30 11:00:39 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.15 12:43:19 | 004,979,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.12 15:10:35 | 002,645,476 | ---- | M] () -- C:\Users\Fabio\Desktop\20121112_114509[1].jpg
[2012.11.12 14:52:38 | 002,635,004 | ---- | M] () -- C:\Users\Fabio\Desktop\20121112_114545[1].jpg
 
========== Files Created - No Company Name ==========
 
[2012.12.07 13:24:13 | 004,288,537 | ---- | C] () -- C:\Users\Fabio\Desktop\Attachments_2012_12_7.zip
[2012.12.07 13:08:04 | 000,011,672 | ---- | C] () -- C:\Users\Fabio\Desktop\ebooks.adr
[2012.12.04 07:44:23 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.02 12:11:17 | 002,329,148 | ---- | C] () -- C:\Users\Fabio\Desktop\Handelsbarrieren.pdf
[2012.11.30 11:00:39 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.14 11:10:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 11:00:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 15:10:10 | 002,645,476 | ---- | C] () -- C:\Users\Fabio\Desktop\20121112_114509[1].jpg
[2012.11.12 14:52:20 | 002,635,004 | ---- | C] () -- C:\Users\Fabio\Desktop\20121112_114545[1].jpg
[2012.06.04 12:29:46 | 033,017,896 | ---- | C] () -- C:\Windows\avira_antivir_premium_de.exe
[2012.01.03 21:14:13 | 000,000,600 | ---- | C] () -- C:\Users\Fabio\PUTTY.RND
[2010.12.15 20:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.19 17:07:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabio\AppData\Roaming\chrtmp
[2010.06.17 12:50:35 | 000,006,144 | ---- | C] () -- C:\Users\Fabio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 00:42:24 | 000,001,024 | ---- | C] () -- C:\Users\Fabio\.rnd
[2010.04.21 14:00:11 | 000,000,017 | ---- | C] () -- C:\Users\Fabio\AppData\Local\resmon.resmoncfg
[2010.04.06 00:04:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Danke für eure Hilfe!!!

cosinus · 07.12.2012, 20:10

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Freezer123 · 11.12.2012, 11:19

Sorry für den verspäteten Post. Ich war die letzten Tage nicht mehr an meinem Rechner...
Leider funktioniert Schritt 1. aswMBR nicht. Ich hab Antivir ausgeschaltet, dann das Programm gestartet, aktualisiet und den scan laufen lassen. Leider hängt es sich imm nach 5 Minuten auf (es kommt eine Meldung das es nicht mehr reagiert).
Was kann ich dagegen machen? Ich habe bei im Internat nichts sinnvolles gefunden was zu meinem Problem passt.
Danke für eure Hilfe!!!

cosinus · 11.12.2012, 11:21

Zitat:

Was kann ich dagegen machen? Ich habe bei im Internat nichts sinnvolles gefunden was zu meinem Problem passt.

Meine Anleitungen bitte auch komplett lesen!

Zitat:

Zitat von cosinus

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Freezer123 · 12.12.2012, 10:59

Hier sind beide Logs:
aswMBR Log:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-12 10:43:01
-----------------------------
10:43:01.798    OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:01.798    Number of processors: 8 586 0x1E05
10:43:01.798    ComputerName: FABIO-PC  UserName: Fabio
10:43:03.748    Initialize success
10:43:09.614    AVAST engine defs: 12121102
10:43:14.637    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:43:14.637    Disk 0 Vendor: ST9500420AS 0004SDM1 Size: 476940MB BusType: 11
10:43:14.652    Disk 0 MBR read successfully
10:43:14.652    Disk 0 MBR scan
10:43:14.668    Disk 0 Windows VISTA default MBR code
10:43:14.668    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
10:43:14.684    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 80325
10:43:14.699    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30800325
10:43:14.715    Disk 0 scanning C:\Windows\system32\drivers
10:43:29.207    Service scanning
10:43:58.176    Modules scanning
10:43:58.192    Disk 0 trace - called modules:
10:43:58.208    ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
10:43:58.223    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d64790]
10:43:58.239    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004c87ce0]
10:43:58.239    5 stdflt.sys[fffff88001991a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b11680]
10:43:58.254    Scan finished successfully
10:46:28.844    Disk 0 MBR has been saved successfully to "C:\Users\Fabio\Desktop\MBR.dat"
10:46:28.859    The log file has been saved successfully to "C:\Users\Fabio\Desktop\aswMBR.txt"

TDSS rootkit log:

Code:

ATTFilter

10:55:19.0249 4348  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:55:20.0074 4348  ============================================================
10:55:20.0074 4348  Current date / time: 2012/12/12 10:55:20.0074
10:55:20.0074 4348  SystemInfo:
10:55:20.0074 4348  
10:55:20.0074 4348  OS Version: 6.1.7601 ServicePack: 1.0
10:55:20.0074 4348  Product type: Workstation
10:55:20.0074 4348  ComputerName: FABIO-PC
10:55:20.0075 4348  UserName: Fabio
10:55:20.0075 4348  Windows directory: C:\Windows
10:55:20.0075 4348  System windows directory: C:\Windows
10:55:20.0075 4348  Running under WOW64
10:55:20.0075 4348  Processor architecture: Intel x64
10:55:20.0075 4348  Number of processors: 8
10:55:20.0075 4348  Page size: 0x1000
10:55:20.0075 4348  Boot type: Normal boot
10:55:20.0075 4348  ============================================================
10:55:21.0400 4348  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:55:21.0422 4348  ============================================================
10:55:21.0422 4348  \Device\Harddisk0\DR0:
10:55:21.0422 4348  MBR partitions:
10:55:21.0422 4348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
10:55:21.0422 4348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
10:55:21.0422 4348  ============================================================
10:55:21.0448 4348  C: <-> \Device\Harddisk0\DR0\Partition2
10:55:21.0492 4348  ============================================================
10:55:21.0493 4348  Initialize success
10:55:21.0493 4348  ============================================================
10:55:52.0015 3972  ============================================================
10:55:52.0015 3972  Scan started
10:55:52.0015 3972  Mode: Manual; SigCheck; TDLFS; 
10:55:52.0015 3972  ============================================================
10:55:52.0385 3972  ================ Scan system memory ========================
10:55:52.0385 3972  System memory - ok
10:55:52.0386 3972  ================ Scan services =============================
10:55:52.0585 3972  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:55:52.0807 3972  1394ohci - ok
10:55:52.0896 3972  [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler         C:\Windows\system32\DRIVERS\Acceler.sys
10:55:52.0912 3972  Acceler - ok
10:55:52.0993 3972  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:55:53.0033 3972  ACPI - ok
10:55:53.0088 3972  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:55:53.0191 3972  AcpiPmi - ok
10:55:53.0370 3972  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:55:53.0397 3972  AdobeFlashPlayerUpdateSvc - ok
10:55:53.0488 3972  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:55:53.0527 3972  adp94xx - ok
10:55:53.0578 3972  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:55:53.0614 3972  adpahci - ok
10:55:53.0627 3972  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:55:53.0640 3972  adpu320 - ok
10:55:53.0691 3972  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:55:53.0839 3972  AeLookupSvc - ok
10:55:54.0001 3972  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\AESTSr64.exe
10:55:54.0052 3972  AESTFilters - ok
10:55:54.0113 3972  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:55:54.0180 3972  AFD - ok
10:55:54.0245 3972  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:55:54.0257 3972  agp440 - ok
10:55:54.0268 3972  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:55:54.0334 3972  ALG - ok
10:55:54.0359 3972  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:55:54.0384 3972  aliide - ok
10:55:54.0441 3972  [ 11276158EEEEADF3EB154061BFC80A19 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:55:54.0527 3972  AMD External Events Utility - ok
10:55:54.0553 3972  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:55:54.0578 3972  amdide - ok
10:55:54.0628 3972  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:55:54.0684 3972  AmdK8 - ok
10:55:54.0892 3972  [ DF943A113060D3ABFDA4730AE4163D6F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:55:55.0107 3972  amdkmdag - ok
10:55:55.0156 3972  [ 4003B34B4A83DE29CD1C88EB6C869E58 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:55:55.0210 3972  amdkmdap - ok
10:55:55.0226 3972  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:55:55.0256 3972  AmdPPM - ok
10:55:55.0309 3972  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:55:55.0338 3972  amdsata - ok
10:55:55.0391 3972  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:55:55.0421 3972  amdsbs - ok
10:55:55.0435 3972  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:55:55.0460 3972  amdxata - ok
10:55:55.0660 3972  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:55:55.0694 3972  AntiVirSchedulerService - ok
10:55:55.0738 3972  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:55:55.0759 3972  AntiVirService - ok
10:55:55.0822 3972  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:55:56.0011 3972  AppID - ok
10:55:56.0066 3972  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:55:56.0140 3972  AppIDSvc - ok
10:55:56.0176 3972  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:55:56.0237 3972  Appinfo - ok
10:55:56.0350 3972  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:55:56.0369 3972  Apple Mobile Device - ok
10:55:56.0430 3972  [ 2C349460E40EF6B9604D774AAF367730 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
10:55:56.0469 3972  Application Updater ( UnsignedFile.Multi.Generic ) - warning
10:55:56.0469 3972  Application Updater - detected UnsignedFile.Multi.Generic (1)
10:55:56.0522 3972  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:55:56.0551 3972  arc - ok
10:55:56.0568 3972  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:55:56.0581 3972  arcsas - ok
10:55:56.0603 3972  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:55:56.0660 3972  AsyncMac - ok
10:55:56.0732 3972  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:55:56.0759 3972  atapi - ok
10:55:56.0839 3972  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
10:55:58.0244 3972  AtiHdmiService - ok
10:55:58.0523 3972  [ DF943A113060D3ABFDA4730AE4163D6F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:55:58.0606 3972  atikmdag - ok
10:55:58.0664 3972  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:55:58.0745 3972  AudioEndpointBuilder - ok
10:55:58.0768 3972  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:55:58.0807 3972  AudioSrv - ok
10:55:58.0880 3972  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:55:58.0906 3972  avgntflt - ok
10:55:58.0947 3972  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:55:58.0971 3972  avipbb - ok
10:55:59.0001 3972  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:55:59.0020 3972  avkmgr - ok
10:55:59.0057 3972  [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
10:55:59.0090 3972  avmaudio - ok
10:55:59.0151 3972  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:55:59.0268 3972  AxInstSV - ok
10:55:59.0320 3972  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:55:59.0371 3972  b06bdrv - ok
10:55:59.0395 3972  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:55:59.0433 3972  b57nd60a - ok
10:55:59.0553 3972  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:55:59.0583 3972  BBSvc - ok
10:55:59.0656 3972  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:55:59.0677 3972  BBUpdate - ok
10:55:59.0705 3972  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
10:55:59.0723 3972  BCM42RLY - ok
10:55:59.0802 3972  [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:55:59.0911 3972  BCM43XX - ok
10:56:00.0021 3972  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:56:00.0132 3972  BDESVC - ok
10:56:00.0180 3972  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:56:00.0253 3972  Beep - ok
10:56:00.0319 3972  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:56:00.0373 3972  BFE - ok
10:56:00.0405 3972  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
10:56:00.0529 3972  BITS - ok
10:56:00.0553 3972  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:56:00.0590 3972  blbdrive - ok
10:56:00.0700 3972  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:56:00.0734 3972  Bonjour Service - ok
10:56:00.0782 3972  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:56:00.0874 3972  bowser - ok
10:56:00.0894 3972  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:56:00.0963 3972  BrFiltLo - ok
10:56:00.0995 3972  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:56:01.0029 3972  BrFiltUp - ok
10:56:01.0071 3972  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:56:01.0142 3972  Browser - ok
10:56:01.0179 3972  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:56:01.0253 3972  Brserid - ok
10:56:01.0287 3972  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:56:01.0322 3972  BrSerWdm - ok
10:56:01.0354 3972  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:56:01.0386 3972  BrUsbMdm - ok
10:56:01.0401 3972  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:56:01.0415 3972  BrUsbSer - ok
10:56:01.0502 3972  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:56:01.0627 3972  BthEnum - ok
10:56:01.0661 3972  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:56:01.0708 3972  BTHMODEM - ok
10:56:01.0769 3972  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:56:01.0856 3972  BthPan - ok
10:56:01.0906 3972  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:56:01.0954 3972  BTHPORT - ok
10:56:01.0996 3972  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:56:02.0059 3972  bthserv - ok
10:56:02.0098 3972  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:56:02.0180 3972  BTHUSB - ok
10:56:02.0273 3972  [ 22462828CF5FABDEE29CC6638B381377 ] btwdins         C:\Program Files (x86)\Belkin\Bluetooth Software\bin\btwdins.exe
10:56:02.0321 3972  btwdins ( UnsignedFile.Multi.Generic ) - warning
10:56:02.0321 3972  btwdins - detected UnsignedFile.Multi.Generic (1)
10:56:02.0382 3972  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:56:02.0427 3972  cdfs - ok
10:56:02.0498 3972  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
10:56:02.0540 3972  cdrom - ok
10:56:02.0593 3972  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:56:02.0649 3972  CertPropSvc - ok
10:56:02.0662 3972  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:56:02.0708 3972  circlass - ok
10:56:02.0763 3972  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:56:02.0796 3972  CLFS - ok
10:56:02.0893 3972  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:02.0914 3972  clr_optimization_v2.0.50727_32 - ok
10:56:02.0983 3972  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:56:03.0008 3972  clr_optimization_v2.0.50727_64 - ok
10:56:03.0102 3972  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:56:03.0178 3972  clr_optimization_v4.0.30319_32 - ok
10:56:03.0235 3972  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:56:03.0290 3972  clr_optimization_v4.0.30319_64 - ok
10:56:03.0355 3972  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:03.0394 3972  CmBatt - ok
10:56:03.0415 3972  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:56:03.0431 3972  cmdide - ok
10:56:03.0477 3972  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:56:03.0526 3972  CNG - ok
10:56:03.0566 3972  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:56:03.0593 3972  Compbatt - ok
10:56:03.0647 3972  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:56:03.0691 3972  CompositeBus - ok
10:56:03.0709 3972  COMSysApp - ok
10:56:03.0762 3972  [ 44622785D2D2DD8B13E6DC969B6E34A4 ] copperhd        C:\Windows\system32\drivers\copperhd.sys
10:56:03.0805 3972  copperhd - ok
10:56:03.0824 3972  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:56:03.0845 3972  crcdisk - ok
10:56:03.0898 3972  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:56:03.0967 3972  CryptSvc - ok
10:56:03.0995 3972  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:56:04.0060 3972  CtClsFlt - ok
10:56:04.0121 3972  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:56:04.0213 3972  DcomLaunch - ok
10:56:04.0268 3972  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:56:04.0338 3972  defragsvc - ok
10:56:04.0372 3972  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:56:04.0432 3972  DfsC - ok
10:56:04.0459 3972  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:56:04.0506 3972  Dhcp - ok
10:56:04.0545 3972  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:56:04.0603 3972  discache - ok
10:56:04.0632 3972  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:56:04.0644 3972  Disk - ok
10:56:04.0689 3972  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:56:04.0756 3972  Dnscache - ok
10:56:04.0825 3972  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
10:56:04.0839 3972  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
10:56:04.0840 3972  DockLoginService - detected UnsignedFile.Multi.Generic (1)
10:56:04.0890 3972  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:56:04.0947 3972  dot3svc - ok
10:56:04.0993 3972  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:56:05.0058 3972  DPS - ok
10:56:05.0081 3972  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:56:05.0118 3972  drmkaud - ok
10:56:05.0179 3972  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:56:05.0232 3972  DXGKrnl - ok
10:56:05.0276 3972  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:56:05.0331 3972  EapHost - ok
10:56:05.0437 3972  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:56:05.0561 3972  ebdrv - ok
10:56:05.0600 3972  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:56:05.0660 3972  EFS - ok
10:56:05.0735 3972  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:56:05.0852 3972  ehRecvr - ok
10:56:05.0895 3972  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:56:05.0961 3972  ehSched - ok
10:56:06.0022 3972  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:56:06.0066 3972  elxstor - ok
10:56:06.0113 3972  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:56:06.0151 3972  ErrDev - ok
10:56:06.0217 3972  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:56:06.0264 3972  EventSystem - ok
10:56:06.0294 3972  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:56:06.0346 3972  exfat - ok
10:56:06.0365 3972  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:56:06.0408 3972  fastfat - ok
10:56:06.0471 3972  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:56:06.0593 3972  Fax - ok
10:56:06.0608 3972  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:56:06.0621 3972  fdc - ok
10:56:06.0638 3972  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:56:06.0681 3972  fdPHost - ok
10:56:06.0696 3972  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:56:06.0740 3972  FDResPub - ok
10:56:06.0769 3972  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:56:06.0781 3972  FileInfo - ok
10:56:06.0794 3972  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:56:06.0826 3972  Filetrace - ok
10:56:06.0841 3972  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:06.0863 3972  flpydisk - ok
10:56:06.0987 3972  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:56:07.0022 3972  FltMgr - ok
10:56:07.0171 3972  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:56:07.0265 3972  FontCache - ok
10:56:07.0333 3972  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:56:07.0353 3972  FontCache3.0.0.0 - ok
10:56:07.0406 3972  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:56:07.0433 3972  FsDepends - ok
10:56:07.0475 3972  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:56:07.0487 3972  Fs_Rec - ok
10:56:07.0545 3972  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:56:07.0571 3972  fvevol - ok
10:56:07.0593 3972  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:56:07.0607 3972  gagp30kx - ok
10:56:07.0663 3972  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:56:07.0682 3972  GEARAspiWDM - ok
10:56:07.0736 3972  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:56:07.0810 3972  gpsvc - ok
10:56:07.0826 3972  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:56:07.0882 3972  hcw85cir - ok
10:56:07.0929 3972  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:56:07.0979 3972  HDAudBus - ok
10:56:08.0016 3972  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
10:56:08.0025 3972  HECIx64 - ok
10:56:08.0042 3972  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:56:08.0067 3972  HidBatt - ok
10:56:08.0086 3972  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:56:08.0104 3972  HidBth - ok
10:56:08.0133 3972  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:56:08.0177 3972  HidIr - ok
10:56:08.0218 3972  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:56:08.0292 3972  hidserv - ok
10:56:08.0346 3972  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:56:08.0377 3972  HidUsb - ok
10:56:08.0421 3972  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:56:08.0498 3972  hkmsvc - ok
10:56:08.0540 3972  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:56:08.0608 3972  HomeGroupListener - ok
10:56:08.0654 3972  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:56:08.0693 3972  HomeGroupProvider - ok
10:56:08.0750 3972  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:56:08.0781 3972  HpSAMD - ok
10:56:08.0841 3972  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:56:08.0919 3972  HTTP - ok
10:56:08.0961 3972  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:56:08.0974 3972  hwpolicy - ok
10:56:09.0014 3972  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:56:09.0044 3972  i8042prt - ok
10:56:09.0091 3972  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:56:09.0128 3972  iaStorV - ok
10:56:09.0170 3972  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:56:09.0218 3972  idsvc - ok
10:56:09.0266 3972  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:56:09.0291 3972  iirsp - ok
10:56:09.0318 3972  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:56:09.0379 3972  IKEEXT - ok
10:56:09.0408 3972  [ FD5EF1D0210CB9C0773BBA7CA360D762 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
10:56:09.0426 3972  InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
10:56:09.0426 3972  InstallFilterService - detected UnsignedFile.Multi.Generic (1)
10:56:09.0467 3972  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:56:09.0478 3972  intelide - ok
10:56:09.0494 3972  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:56:09.0522 3972  intelppm - ok
10:56:09.0567 3972  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:56:09.0621 3972  IPBusEnum - ok
10:56:09.0681 3972  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:09.0736 3972  IpFilterDriver - ok
10:56:09.0794 3972  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:56:09.0866 3972  iphlpsvc - ok
10:56:09.0916 3972  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:56:09.0946 3972  IPMIDRV - ok
10:56:09.0966 3972  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:56:10.0035 3972  IPNAT - ok
10:56:10.0111 3972  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:56:10.0144 3972  iPod Service - ok
10:56:10.0166 3972  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:56:10.0250 3972  IRENUM - ok
10:56:10.0272 3972  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:56:10.0294 3972  isapnp - ok
10:56:10.0312 3972  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:56:10.0328 3972  iScsiPrt - ok
10:56:10.0349 3972  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:56:10.0360 3972  kbdclass - ok
10:56:10.0406 3972  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:56:10.0446 3972  kbdhid - ok
10:56:10.0476 3972  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:56:10.0498 3972  KeyIso - ok
10:56:10.0531 3972  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:56:10.0544 3972  KSecDD - ok
10:56:10.0584 3972  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:56:10.0604 3972  KSecPkg - ok
10:56:10.0644 3972  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:56:10.0722 3972  ksthunk - ok
10:56:10.0765 3972  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:56:10.0843 3972  KtmRm - ok
10:56:10.0899 3972  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:56:10.0968 3972  LanmanServer - ok
10:56:11.0005 3972  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:56:11.0061 3972  LanmanWorkstation - ok
10:56:11.0105 3972  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:56:11.0195 3972  lltdio - ok
10:56:11.0215 3972  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:56:11.0267 3972  lltdsvc - ok
10:56:11.0288 3972  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:56:11.0320 3972  lmhosts - ok
10:56:11.0363 3972  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:56:11.0386 3972  LSI_FC - ok
10:56:11.0403 3972  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:56:11.0414 3972  LSI_SAS - ok
10:56:11.0428 3972  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:56:11.0439 3972  LSI_SAS2 - ok
10:56:11.0452 3972  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:56:11.0465 3972  LSI_SCSI - ok
10:56:11.0479 3972  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:56:11.0541 3972  luafv - ok
10:56:11.0614 3972  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:56:11.0641 3972  MBAMProtector - ok
10:56:11.0775 3972  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:56:11.0789 3972  MBAMScheduler - ok
10:56:11.0841 3972  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:56:11.0870 3972  MBAMService - ok
10:56:11.0918 3972  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:56:11.0960 3972  Mcx2Svc - ok
10:56:11.0974 3972  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:56:11.0988 3972  megasas - ok
10:56:12.0041 3972  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:56:12.0067 3972  MegaSR - ok
10:56:12.0138 3972  Microsoft SharePoint Workspace Audit Service - ok
10:56:12.0222 3972  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:56:12.0289 3972  MMCSS - ok
10:56:12.0307 3972  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:56:12.0350 3972  Modem - ok
10:56:12.0394 3972  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:56:12.0442 3972  monitor - ok
10:56:12.0501 3972  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:56:12.0528 3972  mouclass - ok
10:56:12.0589 3972  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:56:12.0602 3972  mouhid - ok
10:56:12.0647 3972  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:56:12.0671 3972  mountmgr - ok
10:56:12.0718 3972  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:56:12.0748 3972  mpio - ok
10:56:12.0762 3972  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:56:12.0795 3972  mpsdrv - ok
10:56:12.0850 3972  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:56:12.0938 3972  MpsSvc - ok
10:56:12.0982 3972  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:56:13.0018 3972  MRxDAV - ok
10:56:13.0066 3972  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:56:13.0153 3972  mrxsmb - ok
10:56:13.0202 3972  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:56:13.0252 3972  mrxsmb10 - ok
10:56:13.0274 3972  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:56:13.0315 3972  mrxsmb20 - ok
10:56:13.0352 3972  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:56:13.0379 3972  msahci - ok
10:56:13.0415 3972  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:56:13.0443 3972  msdsm - ok
10:56:13.0458 3972  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:56:13.0501 3972  MSDTC - ok
10:56:13.0555 3972  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:56:13.0591 3972  Msfs - ok
10:56:13.0609 3972  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:56:13.0640 3972  mshidkmdf - ok
10:56:13.0676 3972  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:56:13.0700 3972  msisadrv - ok
10:56:13.0746 3972  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:56:13.0815 3972  MSiSCSI - ok
10:56:13.0820 3972  msiserver - ok
10:56:13.0839 3972  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:56:13.0902 3972  MSKSSRV - ok
10:56:13.0925 3972  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:56:13.0967 3972  MSPCLOCK - ok
10:56:13.0979 3972  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:56:14.0028 3972  MSPQM - ok
10:56:14.0069 3972  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:56:14.0103 3972  MsRPC - ok
10:56:14.0144 3972  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:56:14.0170 3972  mssmbios - ok
10:56:14.0190 3972  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:56:14.0232 3972  MSTEE - ok
10:56:14.0250 3972  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:56:14.0264 3972  MTConfig - ok
10:56:14.0279 3972  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:56:14.0296 3972  Mup - ok
10:56:14.0344 3972  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:56:14.0422 3972  napagent - ok
10:56:14.0449 3972  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:56:14.0493 3972  NativeWifiP - ok
10:56:14.0549 3972  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:56:14.0606 3972  NDIS - ok
10:56:14.0622 3972  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:56:14.0666 3972  NdisCap - ok
10:56:14.0690 3972  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:56:14.0752 3972  NdisTapi - ok
10:56:14.0790 3972  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:56:14.0838 3972  Ndisuio - ok
10:56:14.0880 3972  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:56:14.0935 3972  NdisWan - ok
10:56:14.0983 3972  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:56:15.0049 3972  NDProxy - ok
10:56:15.0122 3972  [ 307BC83250FC8E3B2878D81E7D760299 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
10:56:15.0144 3972  Netaapl ( UnsignedFile.Multi.Generic ) - warning
10:56:15.0144 3972  Netaapl - detected UnsignedFile.Multi.Generic (1)
10:56:15.0174 3972  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:56:15.0228 3972  NetBIOS - ok
10:56:15.0271 3972  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:56:15.0339 3972  NetBT - ok
10:56:15.0345 3972  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:56:15.0356 3972  Netlogon - ok
10:56:15.0406 3972  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:56:15.0472 3972  Netman - ok
10:56:15.0493 3972  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:56:15.0547 3972  netprofm - ok
10:56:15.0587 3972  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:56:15.0597 3972  NetTcpPortSharing - ok
10:56:15.0616 3972  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:56:15.0629 3972  nfrd960 - ok
10:56:15.0828 3972  [ 6200B74C3397A6844B74D934D71E2779 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
10:56:15.0943 3972  NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
10:56:15.0943 3972  NIHardwareService - detected UnsignedFile.Multi.Generic (1)
10:56:16.0007 3972  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:56:16.0049 3972  NlaSvc - ok
10:56:16.0068 3972  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:56:16.0101 3972  Npfs - ok
10:56:16.0140 3972  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:56:16.0213 3972  nsi - ok
10:56:16.0230 3972  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:56:16.0275 3972  nsiproxy - ok
10:56:16.0346 3972  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:56:16.0400 3972  Ntfs - ok
10:56:16.0417 3972  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:56:16.0485 3972  Null - ok
10:56:16.0515 3972  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:56:16.0528 3972  nvraid - ok
10:56:16.0571 3972  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:56:16.0595 3972  nvstor - ok
10:56:16.0647 3972  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:56:16.0668 3972  nv_agp - ok
10:56:16.0702 3972  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:56:16.0722 3972  ohci1394 - ok
10:56:16.0830 3972  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:56:16.0854 3972  ose - ok
10:56:17.0064 3972  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:56:17.0142 3972  osppsvc - ok
10:56:17.0196 3972  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:56:17.0270 3972  p2pimsvc - ok
10:56:17.0292 3972  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:56:17.0312 3972  p2psvc - ok
10:56:17.0350 3972  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:56:17.0392 3972  Parport - ok
10:56:17.0439 3972  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:56:17.0463 3972  partmgr - ok
10:56:17.0479 3972  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:56:17.0523 3972  PcaSvc - ok
10:56:17.0627 3972  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
10:56:17.0758 3972  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
10:56:17.0824 3972  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:56:17.0854 3972  pci - ok
10:56:17.0867 3972  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:56:17.0879 3972  pciide - ok
10:56:17.0923 3972  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:56:17.0947 3972  pcmcia - ok
10:56:17.0961 3972  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:56:17.0973 3972  pcw - ok
10:56:17.0992 3972  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:56:18.0033 3972  PEAUTH - ok
10:56:18.0145 3972  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:56:18.0185 3972  PerfHost - ok
10:56:18.0253 3972  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:56:18.0371 3972  pla - ok
10:56:18.0441 3972  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:56:18.0483 3972  PlugPlay - ok
10:56:18.0627 3972  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
10:56:18.0691 3972  PMBDeviceInfoProvider - ok
10:56:18.0712 3972  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:56:18.0751 3972  PNRPAutoReg - ok
10:56:18.0771 3972  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:56:18.0790 3972  PNRPsvc - ok
10:56:18.0831 3972  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:56:18.0885 3972  PolicyAgent - ok
10:56:18.0928 3972  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:56:18.0996 3972  Power - ok
10:56:19.0040 3972  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:56:19.0099 3972  PptpMiniport - ok
10:56:19.0111 3972  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:56:19.0136 3972  Processor - ok
10:56:19.0176 3972  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:56:19.0240 3972  ProfSvc - ok
10:56:19.0256 3972  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:56:19.0288 3972  ProtectedStorage - ok
10:56:19.0339 3972  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:56:19.0396 3972  Psched - ok
10:56:19.0420 3972  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
10:56:19.0429 3972  PxHlpa64 - ok
10:56:19.0504 3972  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:56:19.0576 3972  ql2300 - ok
10:56:19.0593 3972  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:56:19.0606 3972  ql40xx - ok
10:56:19.0656 3972  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:56:19.0689 3972  QWAVE - ok
10:56:19.0728 3972  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:56:19.0744 3972  QWAVEdrv - ok
10:56:19.0754 3972  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:56:19.0817 3972  RasAcd - ok
10:56:19.0872 3972  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:56:19.0933 3972  RasAgileVpn - ok
10:56:19.0937 3972  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:56:19.0970 3972  RasAuto - ok
10:56:20.0014 3972  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:56:20.0094 3972  Rasl2tp - ok
10:56:20.0118 3972  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:56:20.0164 3972  RasMan - ok
10:56:20.0179 3972  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:56:20.0238 3972  RasPppoe - ok
10:56:20.0254 3972  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:56:20.0296 3972  RasSstp - ok
10:56:20.0339 3972  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:56:20.0394 3972  rdbss - ok
10:56:20.0410 3972  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:56:20.0424 3972  rdpbus - ok
10:56:20.0447 3972  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:56:20.0504 3972  RDPCDD - ok
10:56:20.0518 3972  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:56:20.0560 3972  RDPENCDD - ok
10:56:20.0575 3972  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:56:20.0605 3972  RDPREFMP - ok
10:56:20.0657 3972  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:56:20.0701 3972  RDPWD - ok
10:56:20.0747 3972  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:56:20.0779 3972  rdyboost - ok
10:56:20.0820 3972  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:56:20.0894 3972  RemoteAccess - ok
10:56:20.0946 3972  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:56:21.0017 3972  RemoteRegistry - ok
10:56:21.0075 3972  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:56:21.0121 3972  RFCOMM - ok
10:56:21.0173 3972  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
10:56:21.0228 3972  rimmptsk - ok
10:56:21.0250 3972  [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci         C:\Windows\system32\DRIVERS\rimspe64.sys
10:56:21.0296 3972  rimspci - ok
10:56:21.0315 3972  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
10:56:21.0344 3972  rimsptsk - ok
10:56:21.0359 3972  [ A6DA2B0C8F5BB3F9F5423CFF8D6A02D9 ] risdpcie        C:\Windows\system32\DRIVERS\risdpe64.sys
10:56:21.0401 3972  risdpcie - ok
10:56:21.0414 3972  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
10:56:21.0440 3972  rismxdp - ok
10:56:21.0448 3972  [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe64.sys
10:56:21.0489 3972  rixdpcie - ok
10:56:21.0533 3972  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:56:21.0591 3972  RpcEptMapper - ok
10:56:21.0626 3972  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:56:21.0670 3972  RpcLocator - ok
10:56:21.0721 3972  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:56:21.0760 3972  RpcSs - ok
10:56:21.0797 3972  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:56:21.0876 3972  rspndr - ok
10:56:21.0915 3972  [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:56:21.0955 3972  RTL8167 - ok
10:56:21.0970 3972  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:56:21.0981 3972  SamSs - ok
10:56:22.0020 3972  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:56:22.0032 3972  sbp2port - ok
10:56:22.0047 3972  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:56:22.0082 3972  SCardSvr - ok
10:56:22.0126 3972  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:56:22.0188 3972  scfilter - ok
10:56:22.0250 3972  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:56:22.0328 3972  Schedule - ok
10:56:22.0370 3972  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:56:22.0403 3972  SCPolicySvc - ok
10:56:22.0439 3972  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:56:22.0513 3972  SDRSVC - ok
10:56:22.0562 3972  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:56:22.0609 3972  secdrv - ok
10:56:22.0650 3972  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:56:22.0724 3972  seclogon - ok
10:56:22.0736 3972  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:56:22.0780 3972  SENS - ok
10:56:22.0799 3972  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:56:22.0821 3972  SensrSvc - ok
10:56:22.0835 3972  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:56:22.0860 3972  Serenum - ok
10:56:22.0887 3972  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:56:22.0921 3972  Serial - ok
10:56:22.0975 3972  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:56:23.0010 3972  sermouse - ok
10:56:23.0071 3972  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:56:23.0145 3972  SessionEnv - ok
10:56:23.0175 3972  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:56:23.0209 3972  sffdisk - ok
10:56:23.0225 3972  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:56:23.0241 3972  sffp_mmc - ok
10:56:23.0250 3972  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:56:23.0278 3972  sffp_sd - ok
10:56:23.0311 3972  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:56:23.0339 3972  sfloppy - ok
10:56:23.0408 3972  [ 38F88F0DF46C4D42125EF721ABD7F6B9 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:56:23.0437 3972  SftService - ok
10:56:23.0493 3972  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:56:23.0566 3972  SharedAccess - ok
10:56:23.0611 3972  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:56:23.0683 3972  ShellHWDetection - ok
10:56:23.0708 3972  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:56:23.0720 3972  SiSRaid2 - ok
10:56:23.0729 3972  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:56:23.0742 3972  SiSRaid4 - ok
10:56:23.0808 3972  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:56:23.0818 3972  SkypeUpdate - ok
10:56:23.0831 3972  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:56:23.0897 3972  Smb - ok
10:56:23.0953 3972  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:56:23.0994 3972  SNMPTRAP - ok
10:56:24.0015 3972  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:56:24.0027 3972  spldr - ok
10:56:24.0079 3972  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:56:24.0179 3972  Spooler - ok
10:56:24.0272 3972  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:56:24.0437 3972  sppsvc - ok
10:56:24.0453 3972  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:56:24.0496 3972  sppuinotify - ok
10:56:24.0510 3972  sptd - ok
10:56:24.0558 3972  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:56:24.0627 3972  srv - ok
10:56:24.0653 3972  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:56:24.0694 3972  srv2 - ok
10:56:24.0722 3972  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:56:24.0762 3972  srvnet - ok
10:56:24.0787 3972  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:56:24.0841 3972  SSDPSRV - ok
10:56:24.0858 3972  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:56:24.0919 3972  SstpSvc - ok
10:56:25.0096 3972  [ 7AA12DB4BB2CB414C3525E1C02DA911F ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_42d83e1760b1e973\STacSV64.exe
10:56:25.0135 3972  STacSV - ok
10:56:25.0191 3972  [ C48E0745D33897C7A73394214F2B9B4F ] stdflt          C:\Windows\system32\DRIVERS\stdflt.sys
10:56:25.0206 3972  stdflt - ok
10:56:25.0248 3972  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:56:25.0259 3972  stexstor - ok
10:56:25.0311 3972  [ 2D7C3CA0FDB0F438671C89FA1804674F ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
10:56:25.0342 3972  STHDA - ok
10:56:25.0399 3972  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:56:25.0455 3972  stisvc - ok
10:56:25.0495 3972  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:56:25.0513 3972  swenum - ok
10:56:25.0556 3972  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:56:25.0662 3972  swprv - ok
10:56:25.0763 3972  [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:56:25.0778 3972  SynTP - ok
10:56:25.0839 3972  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:56:25.0891 3972  SysMain - ok
10:56:25.0936 3972  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:56:25.0983 3972  TabletInputService - ok
10:56:26.0007 3972  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:56:26.0085 3972  TapiSrv - ok
10:56:26.0104 3972  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:56:26.0135 3972  TBS - ok
10:56:26.0216 3972  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:56:26.0331 3972  Tcpip - ok
10:56:26.0369 3972  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:56:26.0401 3972  TCPIP6 - ok
10:56:26.0443 3972  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:56:26.0487 3972  tcpipreg - ok
10:56:26.0535 3972  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:56:26.0615 3972  TDPIPE - ok
10:56:26.0662 3972  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:56:26.0700 3972  TDTCP - ok
10:56:26.0749 3972  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:56:26.0810 3972  tdx - ok
10:56:26.0971 3972  [ A409A5C99C29328018E1E3DCE9ABDC36 ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
10:56:27.0005 3972  TeamViewer6 - ok
10:56:27.0054 3972  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:56:27.0074 3972  TermDD - ok
10:56:27.0100 3972  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:56:27.0163 3972  TermService - ok
10:56:27.0201 3972  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:56:27.0304 3972  Themes - ok
10:56:27.0338 3972  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:56:27.0382 3972  THREADORDER - ok
10:56:27.0392 3972  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:56:27.0439 3972  TrkWks - ok
10:56:27.0517 3972  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:56:27.0587 3972  TrustedInstaller - ok
10:56:27.0621 3972  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:56:27.0678 3972  tssecsrv - ok
10:56:27.0746 3972  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:56:27.0849 3972  TsUsbFlt - ok
10:56:27.0900 3972  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:56:27.0968 3972  tunnel - ok
10:56:28.0006 3972  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:56:28.0018 3972  uagp35 - ok
10:56:28.0060 3972  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:56:28.0148 3972  udfs - ok
10:56:28.0193 3972  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:56:28.0232 3972  UI0Detect - ok
10:56:28.0322 3972  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:56:28.0350 3972  uliagpkx - ok
10:56:28.0397 3972  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:56:28.0442 3972  umbus - ok
10:56:28.0455 3972  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:56:28.0468 3972  UmPass - ok
10:56:28.0487 3972  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:56:28.0537 3972  upnphost - ok
10:56:28.0596 3972  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:56:28.0626 3972  USBAAPL64 - ok
10:56:28.0673 3972  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:56:28.0743 3972  usbccgp - ok
10:56:28.0786 3972  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:56:28.0820 3972  usbcir - ok
10:56:28.0838 3972  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:56:28.0867 3972  usbehci - ok
10:56:28.0899 3972  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:56:28.0937 3972  usbhub - ok
10:56:28.0978 3972  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:56:29.0016 3972  usbohci - ok
10:56:29.0074 3972  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:56:29.0118 3972  usbprint - ok
10:56:29.0162 3972  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:56:29.0192 3972  usbscan - ok
10:56:29.0240 3972  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:56:29.0331 3972  USBSTOR - ok
10:56:29.0362 3972  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:56:29.0395 3972  usbuhci - ok
10:56:29.0460 3972  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:56:29.0494 3972  usbvideo - ok
10:56:29.0528 3972  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:56:29.0599 3972  UxSms - ok
10:56:29.0619 3972  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:56:29.0630 3972  VaultSvc - ok
10:56:29.0637 3972  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:56:29.0649 3972  vdrvroot - ok
10:56:29.0701 3972  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:56:29.0764 3972  vds - ok
10:56:29.0820 3972  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:56:29.0852 3972  vga - ok
10:56:29.0868 3972  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:56:29.0916 3972  VgaSave - ok
10:56:29.0959 3972  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:56:29.0974 3972  vhdmp - ok
10:56:29.0986 3972  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:56:29.0997 3972  viaide - ok
10:56:30.0016 3972  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:56:30.0028 3972  volmgr - ok
10:56:30.0079 3972  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:56:30.0116 3972  volmgrx - ok
10:56:30.0166 3972  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:56:30.0196 3972  volsnap - ok
10:56:30.0311 3972  [ 34756733F0480D68E519E80E22E05D12 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:56:30.0361 3972  vpnagent - ok
10:56:30.0433 3972  [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
10:56:30.0451 3972  vpnva - ok
10:56:30.0500 3972  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:56:30.0537 3972  vsmraid - ok
10:56:30.0608 3972  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:56:30.0700 3972  VSS - ok
10:56:30.0713 3972  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:56:30.0742 3972  vwifibus - ok
10:56:30.0775 3972  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:56:30.0823 3972  vwififlt - ok
10:56:30.0854 3972  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:56:30.0888 3972  vwifimp - ok
10:56:30.0933 3972  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:56:30.0969 3972  W32Time - ok
10:56:30.0980 3972  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:56:31.0002 3972  WacomPen - ok
10:56:31.0035 3972  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:56:31.0096 3972  WANARP - ok
10:56:31.0100 3972  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:56:31.0130 3972  Wanarpv6 - ok
10:56:31.0233 3972  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:56:31.0289 3972  WatAdminSvc - ok
10:56:31.0358 3972  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:56:31.0520 3972  wbengine - ok
10:56:31.0538 3972  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:56:31.0557 3972  WbioSrvc - ok
10:56:31.0601 3972  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:56:31.0662 3972  wcncsvc - ok
10:56:31.0679 3972  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:56:31.0741 3972  WcsPlugInService - ok
10:56:31.0778 3972  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:56:31.0803 3972  Wd - ok
10:56:31.0864 3972  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:56:31.0928 3972  Wdf01000 - ok
10:56:31.0940 3972  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:56:32.0052 3972  WdiServiceHost - ok
10:56:32.0057 3972  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:56:32.0082 3972  WdiSystemHost - ok
10:56:32.0123 3972  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:56:32.0163 3972  WebClient - ok
10:56:32.0176 3972  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:56:32.0223 3972  Wecsvc - ok
10:56:32.0267 3972  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:56:32.0327 3972  wercplsupport - ok
10:56:32.0352 3972  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:56:32.0385 3972  WerSvc - ok
10:56:32.0395 3972  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:56:32.0427 3972  WfpLwf - ok
10:56:32.0472 3972  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
10:56:32.0496 3972  WimFltr - ok
10:56:32.0512 3972  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:56:32.0524 3972  WIMMount - ok
10:56:32.0546 3972  WinDefend - ok
10:56:32.0549 3972  WinHttpAutoProxySvc - ok
10:56:32.0625 3972  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:56:32.0686 3972  Winmgmt - ok
10:56:32.0759 3972  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:56:32.0864 3972  WinRM - ok
10:56:32.0917 3972  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:56:32.0950 3972  WinUsb - ok
10:56:33.0006 3972  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:56:33.0088 3972  Wlansvc - ok
10:56:33.0157 3972  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
10:56:33.0177 3972  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
10:56:33.0177 3972  wltrysvc - detected UnsignedFile.Multi.Generic (1)
10:56:33.0222 3972  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:56:33.0250 3972  WmiAcpi - ok
10:56:33.0300 3972  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:56:33.0331 3972  wmiApSrv - ok
10:56:33.0376 3972  WMPNetworkSvc - ok
10:56:33.0390 3972  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:56:33.0457 3972  WPCSvc - ok
10:56:33.0504 3972  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:56:33.0539 3972  WPDBusEnum - ok
10:56:33.0580 3972  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:56:33.0622 3972  ws2ifsl - ok
10:56:33.0637 3972  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
10:56:33.0670 3972  wscsvc - ok
10:56:33.0676 3972  WSearch - ok
10:56:33.0773 3972  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:56:33.0862 3972  wuauserv - ok
10:56:33.0906 3972  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:56:33.0938 3972  WudfPf - ok
10:56:33.0965 3972  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:56:33.0979 3972  WUDFRd - ok
10:56:34.0015 3972  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:56:34.0050 3972  wudfsvc - ok
10:56:34.0100 3972  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:56:34.0142 3972  WwanSvc - ok
10:56:34.0179 3972  ================ Scan global ===============================
10:56:34.0224 3972  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:56:34.0271 3972  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:56:34.0285 3972  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:56:34.0329 3972  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:56:34.0348 3972  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:56:34.0356 3972  [Global] - ok
10:56:34.0357 3972  ================ Scan MBR ==================================
10:56:34.0373 3972  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:56:34.0808 3972  \Device\Harddisk0\DR0 - ok
10:56:34.0809 3972  ================ Scan VBR ==================================
10:56:34.0815 3972  [ 275B0B884E271347FDCB1D9B3129432F ] \Device\Harddisk0\DR0\Partition1
10:56:34.0818 3972  \Device\Harddisk0\DR0\Partition1 - ok
10:56:34.0857 3972  [ 716AA11C7E09F2AAFA763A07E35E0D55 ] \Device\Harddisk0\DR0\Partition2
10:56:34.0861 3972  \Device\Harddisk0\DR0\Partition2 - ok
10:56:34.0863 3972  ============================================================
10:56:34.0863 3972  Scan finished
10:56:34.0863 3972  ============================================================
10:56:34.0883 4000  Detected object count: 7
10:56:34.0883 4000  Actual detected object count: 7
10:56:54.0884 4000  Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0884 4000  Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:56:54.0887 4000  btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0887 4000  btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:56:54.0889 4000  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0889 4000  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:56:54.0891 4000  InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0891 4000  InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:56:54.0893 4000  Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0894 4000  Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:56:54.0896 4000  NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0896 4000  NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:56:54.0898 4000  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:56:54.0898 4000  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

05.12.2012, 16:54	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	E-Mail Spam, Tojaner: tr/dldr.karagany.i.58 Probier den Scan im abgesicherten Modus mit Netzwerktreibern aus __________________ Logfiles bitte immer in CODE-Tags posten

E-Mail Spam, Tojaner: tr/dldr.karagany.i.58

Plagegeister aller Art und deren Bekämpfung: E-Mail Spam, Tojaner: tr/dldr.karagany.i.58