Sythemcrash nach Popups

benkei80 · 04.12.2012, 15:18

Hallo,
Ich habe folgendes Problem.

ich habe einen Laptop von Acer.
Er lief bestimmt 3 Jahre stabil, dann hatte ich einen Virus.
Ich habe daraufhin die Festplatten formatiert und das Systhem wieder neu aufgespielt.
Seitdem gibt es einen totalen Systhemcrash, wenn ich mit FF oder Chrome surfe und Popups erscheinen.
Die Treiber für den Laptop habe ich alle vom Hersteller runtergeladen und auch immer auf die aktuellste Version geachtet.
Prinzipiell läuft der Rechner stabil, das Problem tritt nur auf, wenn sich Popups öffnen.
Ich dachte, es könnte an FF liegen und installierte Chrome, aber da gibt es die gleichen Probleme. Bisher konnte ich keinen ähnlichen Fall über Google finde.
Ein Hijack Protokoll habe ich schonmal gemacht, aber ich verstehe das leider nicht so ganz.

Danke schonmal an jeden der Hilft.

Grüße Stephan

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:22, on 04.12.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe
C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe
D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Siebi\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: Twonky Tray Control.lnk = C:\Program Files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: hxxp://www.samsungsetup.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager (mitsijm2013) -   - D:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9654 bytes

--- --- ---

M-K-D-B · 04.12.2012, 19:55

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Zitat:

Zitat von benkei80

Seitdem gibt es einen totalen Systhemcrash, wenn ich mit FF oder Chrome surfe und Popups erscheinen.

Wie sieht ein solcher "Systemcrash" aus?
Welche Fehlermeldungen erscheinen?
Welche Popups erscheinen in FF bzw. Chrome? Welche Werbung wird angezeigt? Wo wird das Pop up angezeigt?

HijackThis ist nicht mehr zeitgemäß... wir brauchen andere Tools... mal schaun, ob wirklich Malware für dein Problem verantwortlich ist...

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
Klicke auf Scan
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von aswMBR,
die Logdatei von TDSSKiller.

benkei80 · 04.12.2012, 23:20

Hallo, danke für deine Hilfe.
Der Bildschirm wird komplett schwarz, dann grün, dann blau und dann rot. Evtl. in einer anderen Reihenfolge.
Dannach kommt ein Bluescreen, mit einem Haufen von Text.
Wenn es nötig ist provoziere ich einen Absturz und mache ein Foto.

Bei den Popups handelt es sich meisten um irgendwelche Seiten bei denen man ganz schnell viel Geld verdienen kann. Wenn man das Fenster schliessen will, fragt der Browser ob man die Seite wirklich verlassen will.
Das finde ich schon immer bescheiden, dort etwas anzuklicken, aber sonst kann man den Popup nur über den Taskmanager schliessen, was auf Dauer nervt.

Auf der Seite kann man kostenlose 3D Modelle herunterladen, die ich für mein Studium benötige.

Schritt 1.

Otl Scan Teil 1:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.12.2012 23:03:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siebi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 72,92% Memory free
7,80 Gb Paging File | 6,64 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,69 Gb Free Space | 11,99% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 36,89 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive E: | 246,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,76 Gb Total Space | 338,20 Gb Free Space | 72,61% Space Free | Partition Type: NTFS
 
Computer Name: SIEBI-LAPPI | User Name: Siebi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.12.04 23:01:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siebi\Downloads\OTL.exe
PRC - [2012.11.25 23:26:16 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
PRC - [2012.08.10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.23 16:32:20 | 001,632,216 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
PRC - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () -- D:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
PRC - [2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010.10.25 14:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.10.25 14:15:46 | 000,019,968 | ---- | M] () -- D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.16 14:59:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012.09.07 22:21:32 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.01.31 02:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- D:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.02 10:41:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.07.31 20:50:49 | 000,029,184 | ---- | M] (Egistec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2012.05.11 06:20:10 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.16 15:32:38 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.16 15:32:38 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.16 14:10:08 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.07.16 13:54:52 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009.07.16 13:54:52 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 07:32:52 | 000,311,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAF15.sys -- (AVerAF15)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.07 16:57:00 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009.05.07 16:47:00 | 000,048,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2007.03.28 06:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 28 FC 1F 50 6F CD 01  [binary data]
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-60234808-489003216-2873783-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {aab35b56-0206-4472-9993-9cb5c09bb722}:1.5.5
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.22 10:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.08.22 10:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 20:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.06 12:19:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 20:27:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.31 20:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebi\AppData\Roaming\mozilla\Extensions
[2012.10.24 07:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebi\AppData\Roaming\mozilla\Firefox\Profiles\f3f3o73t.default\extensions
[2012.08.29 07:56:19 | 000,000,000 | ---D | M] (Snip It! Button for eBay) -- C:\Users\Siebi\AppData\Roaming\mozilla\Firefox\Profiles\f3f3o73t.default\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}
[2012.09.11 09:49:19 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Siebi\AppData\Roaming\mozilla\firefox\profiles\f3f3o73t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.31 21:00:18 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Drive = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.12.04 15:31:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-60234808-489003216-2873783-1001..\Run: [Akamai NetSession Interface] C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-60234808-489003216-2873783-1001..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-60234808-489003216-2873783-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-60234808-489003216-2873783-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-60234808-489003216-2873783-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-60234808-489003216-2873783-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-60234808-489003216-2873783-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-60234808-489003216-2873783-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-60234808-489003216-2873783-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.102 80.69.103.78 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD48AFDF-8940-43FB-B2D1-27730181C252}: DhcpNameServer = 80.69.100.102 80.69.103.78 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E93320C2-FACB-4948-8064-F15375C4C6DF}: DhcpNameServer = 80.69.100.182 80.69.100.174 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.07 22:22:59 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012.09.08 06:39:06 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {296DF24B-595A-9E08-C934-1C7AE31DF2D4} - Browser Customizations
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3365D4F1-1916-1E61-EC03-3D74C75E0426} - Microsoft Windows Media Player
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {605E8D1D-0583-374E-E35E-4AD3373F9064} - Microsoft Windows Media Player
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {9AF8939C-1D6A-B0AB-F7EA-1FAB60445CE1} - Themes Setup
ActiveX:64bit: {B009AA63-54A0-60CD-5BEE-B1E86D7032BB} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D22A70E0-64FF-0C00-AF53-8BA0E2C0E4B4} - Offline Browsing Pack
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {F8C3C7B1-C463-43C5-B6CF-A0CD4A866E83} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.04 16:54:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.04 15:34:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.04 15:26:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.04 15:26:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.04 15:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.04 15:25:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.04 15:25:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.25 23:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.25 23:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.25 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\Siebi\AppData\Local\Google
[2012.11.14 08:50:36 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 08:50:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 08:46:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 08:46:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 08:46:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 08:46:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 08:46:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 08:46:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 08:46:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 08:46:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 08:46:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 08:46:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 08:46:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 08:46:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 08:46:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 08:46:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 08:46:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 08:44:57 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 08:44:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 08:44:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 08:44:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 08:36:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 08:36:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 08:36:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 08:36:15 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 08:36:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 08:36:15 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 08:36:15 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 08:36:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 08:36:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 08:36:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 08:36:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.04 22:59:11 | 000,047,074 | ---- | M] () -- C:\Users\Siebi\Desktop\Wegzeitrechner - CT.ods
[2012.12.04 22:31:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.04 18:59:38 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 18:59:38 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 18:56:59 | 001,633,180 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.04 18:56:59 | 000,933,826 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.04 18:56:59 | 000,450,628 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.04 18:56:59 | 000,392,006 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.04 18:56:59 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.04 18:52:38 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.04 18:52:36 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.12.04 18:52:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.04 18:52:19 | 3143,258,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.04 15:31:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.02 20:32:26 | 000,015,501 | ---- | M] () -- C:\Users\Siebi\Desktop\Liste.ods
[2012.12.01 16:49:28 | 000,027,270 | ---- | M] () -- C:\Users\Siebi\Desktop\Brückenbau.ods
[2012.12.01 11:01:23 | 000,001,013 | ---- | M] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.csv
[2012.11.30 22:55:06 | 000,527,417 | ---- | M] () -- C:\Users\Siebi\Desktop\Vorlage_Kuendigung_Autoversicherung.pdf
[2012.11.28 10:07:45 | 000,042,870 | ---- | M] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.ods
[2012.11.27 23:48:19 | 001,278,203 | ---- | M] () -- C:\Users\Siebi\Desktop\Siebol.de_sign LOGO.ai
[2012.11.27 21:37:52 | 001,461,714 | ---- | M] () -- C:\Users\Siebi\Desktop\SIEBOLD DESIGN.ai
[2012.11.25 23:26:56 | 000,002,273 | ---- | M] () -- C:\Users\Siebi\Desktop\Google Chrome.lnk
[2012.11.15 11:44:14 | 004,963,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.08 12:00:49 | 000,020,223 | ---- | M] () -- C:\Users\Siebi\Desktop\wagen teile.pdf
[2012.11.06 23:06:43 | 000,075,776 | ---- | M] () -- C:\Users\Siebi\Documents\Seitenteil.ipt
[2012.11.06 23:06:43 | 000,070,656 | ---- | M] () -- C:\Users\Siebi\Documents\Baugruppe1.iam
[2012.11.06 23:06:36 | 000,268,192 | ---- | M] () -- C:\Users\Siebi\Documents\Langes Brett.dwg
[2012.11.06 23:06:35 | 000,083,456 | ---- | M] () -- C:\Users\Siebi\Documents\Rad.ipt
[2012.11.06 23:06:27 | 000,603,072 | ---- | M] () -- C:\Users\Siebi\Documents\Puppenwagen V4.dwg
[2012.11.06 23:06:19 | 000,073,728 | ---- | M] () -- C:\Users\Siebi\Documents\Puppenwagen V4.iam
[2012.11.06 21:11:29 | 000,050,688 | ---- | M] () -- C:\Users\Siebi\Documents\Bauteil2.ipt
[2012.11.06 21:01:16 | 000,078,848 | ---- | M] () -- C:\Users\Siebi\Documents\Stange.ipt
[2012.11.06 20:40:02 | 000,077,824 | ---- | M] () -- C:\Users\Siebi\Documents\querbrett.ipt
[2012.11.06 16:30:55 | 000,200,192 | ---- | M] () -- C:\Users\Siebi\Documents\kinderwagen version 4.ipt
[2012.11.06 16:26:53 | 000,073,728 | ---- | M] () -- C:\Users\Siebi\Documents\Langes Brett.ipt
[2012.11.06 16:26:41 | 000,073,728 | ---- | M] () -- C:\Users\Siebi\Documents\Kurzes Brett.ipt
[2012.11.06 10:13:47 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.06 10:13:47 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.04 16:55:00 | 000,047,074 | ---- | C] () -- C:\Users\Siebi\Desktop\Wegzeitrechner - CT.ods
[2012.12.04 15:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.04 15:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.04 15:26:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.04 15:26:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.04 15:26:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.01 11:03:18 | 000,027,270 | ---- | C] () -- C:\Users\Siebi\Desktop\Brückenbau.ods
[2012.12.01 11:00:57 | 000,001,013 | ---- | C] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.csv
[2012.11.30 22:49:39 | 000,527,417 | ---- | C] () -- C:\Users\Siebi\Desktop\Vorlage_Kuendigung_Autoversicherung.pdf
[2012.11.27 21:55:48 | 001,278,203 | ---- | C] () -- C:\Users\Siebi\Desktop\Siebol.de_sign LOGO.ai
[2012.11.27 21:37:51 | 001,461,714 | ---- | C] () -- C:\Users\Siebi\Desktop\SIEBOLD DESIGN.ai
[2012.11.25 23:26:56 | 000,002,273 | ---- | C] () -- C:\Users\Siebi\Desktop\Google Chrome.lnk
[2012.11.25 23:26:16 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 23:26:16 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 10:31:05 | 000,042,870 | ---- | C] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.ods
[2012.11.14 08:50:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 08:44:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.08 12:00:49 | 000,020,223 | ---- | C] () -- C:\Users\Siebi\Desktop\wagen teile.pdf
[2012.11.06 23:06:41 | 000,070,656 | ---- | C] () -- C:\Users\Siebi\Documents\Baugruppe1.iam
[2012.11.06 21:12:26 | 000,075,776 | ---- | C] () -- C:\Users\Siebi\Documents\Seitenteil.ipt
[2012.11.06 21:11:29 | 000,050,688 | ---- | C] () -- C:\Users\Siebi\Documents\Bauteil2.ipt
[2012.11.06 21:00:32 | 000,078,848 | ---- | C] () -- C:\Users\Siebi\Documents\Stange.ipt
[2012.11.06 20:48:18 | 000,083,456 | ---- | C] () -- C:\Users\Siebi\Documents\Rad.ipt
[2012.11.06 20:36:05 | 000,077,824 | ---- | C] () -- C:\Users\Siebi\Documents\querbrett.ipt
[2012.11.06 16:26:21 | 000,073,728 | ---- | C] () -- C:\Users\Siebi\Documents\Kurzes Brett.ipt
[2012.11.06 16:26:06 | 000,073,728 | ---- | C] () -- C:\Users\Siebi\Documents\Langes Brett.ipt
[2012.08.04 19:05:27 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012.08.02 23:34:47 | 001,594,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.31 20:53:27 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.07.31 20:53:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.07.31 20:53:27 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.07.31 20:53:27 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.07.31 20:36:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.31 16:49:04 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012.07.31 16:49:03 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012.07.31 16:49:03 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012.07.31 16:49:03 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012.07.31 16:49:01 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.29 20:27:55 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.29 20:27:55 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.29 20:27:55 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012.10.29 20:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012.10.29 20:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.29 20:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.07.31 20:42:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.07.31 20:42:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.07.31 20:42:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012.10.29 20:27:55 | 000,891,808 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012.10.29 20:27:55 | 000,891,808 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012.10.29 20:27:55 | 000,891,808 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012.10.29 20:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012.10.29 20:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012.10.29 20:27:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.07.31 20:42:13 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.07.31 20:42:13 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.07.31 20:42:13 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1354 bytes -> C:\Users\Siebi\AppData\Local\RzHNbJAiamaz:oxHURFMCPvRv7tisG5D5

< End of report >

--- --- ---

Teil 2:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.12.2012 23:03:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siebi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 72,92% Memory free
7,80 Gb Paging File | 6,64 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,69 Gb Free Space | 11,99% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 36,89 Gb Free Space | 12,38% Space Free | Partition Type: NTFS
Drive E: | 246,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,76 Gb Total Space | 338,20 Gb Free Space | 72,61% Space Free | Partition Type: NTFS
 
Computer Name: SIEBI-LAPPI | User Name: Siebi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-60234808-489003216-2873783-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0685EFB5-257A-49F5-9153-744388BE2877}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14B384F7-6425-4D38-AF14-28D167B11EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{208F7ACC-2317-4E59-8B8B-D7B6097DE5B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{220B4EEF-28E9-4E7A-84C3-50BD679FD0D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E638299-9942-4E45-91AA-7CD580122A16}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{31A840EF-5CD1-4527-B255-BC13EFD43A3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{37E17BFD-34B9-443F-BC70-3B10EFF8F5A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{395791BA-C076-4367-8CE4-9C4323D2FB3F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{403519EA-BB80-4C85-BB9A-5D45FFCD19F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4B753991-4CF5-4AE6-A938-B2AB876074A6}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{5B00F02C-2312-45CD-9B26-4ABC2328BD29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FB7D991-641D-4BED-A019-0FF23DF90A59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{62E7EA8C-6EDF-442B-97C0-3807105EB0C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{65AEB796-7618-4CC5-B6AC-45EEE1442935}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6722B57C-4194-4294-A3A8-036E19328E3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F186E97-BA14-4A75-8F2D-1D9A99134DEF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{715B29C0-889A-4491-A5F6-5662C822413A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7C8D196C-891C-4816-82CA-CE56A00039D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{818B9125-4F8E-43D7-B829-AE2C8F1E0D11}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{82F64DA0-B335-4C7E-B42C-9B3B234603AD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{99E88D67-5DE4-4DA5-8CD3-3D974B4FAC1E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A3483EBD-5282-49D6-91F2-1CA6024D9D51}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE20D6CA-D493-4A24-A7FD-6B9B4E4A8FA0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6F6E837-56A4-474C-938A-B1E22FAC5FF2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B7979ADD-93B0-49A0-B96C-3B46FE815A6A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BC3A91F9-058E-4745-96D4-73AC0EB221AF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BDADB5D9-8688-4B1E-9BEA-6DDADC8DD8DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1DDB275-D9C9-4E97-8CF2-18BF5287AFC1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CEBB4C14-3068-4BAE-966E-6FD901A03738}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D9658A52-4BD6-4C47-8AB8-62E6334D1ED7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D980887A-541C-4EC0-8E5A-793EF2C59BD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC64A259-8AAA-4FCF-BBDD-E8B6637797F9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E0D85A91-19C5-4E4C-A0ED-B5D8D58BB868}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E221AAA7-CE30-4BA8-8714-B91462BD9B44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E44CC5BF-7EBB-4E82-9C95-1F5EAE246FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC65DA39-4A24-4F4F-BBE0-0E854037D90E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F74280A9-D5F9-491E-820F-456760570802}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FBF2689A-F6F6-45F2-B384-90C2AE1E7356}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCC0ACEB-7184-4985-8232-8A7C9572F95F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FDB9777A-584C-4F45-BEB9-2818433C1309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0159102D-FE60-4546-9EE3-A54373901BC7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0168E29C-BE08-48AC-B340-35829CC49203}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | 
"{057BCB63-FBB9-49FE-81F8-EBBA1C6F41CA}" = protocol=6 | dir=out | app=system | 
"{058DE6D3-006E-442A-B67B-375E249D4CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12BD9C37-B09E-42DD-B686-C7DDD8E834A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E742217-4E2F-45CC-B9A8-CC22D7A0BBE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2381F224-DEC2-4193-B91B-A67DE14873D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4010C1C5-6120-47B6-B65B-824AA9D7B8DC}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | 
"{41552D19-769E-4D00-B313-95769BFE9686}" = protocol=6 | dir=in | app=d:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{455AD853-F441-4BEE-8955-1E7DC8C796D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DC64941-E69E-43B2-B9AD-A6F74CC97B6C}" = protocol=6 | dir=in | app=d:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{50271CFF-7663-47F7-A30C-9AC8FE413A56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{52878666-7383-463F-B133-31C9B71F6134}" = protocol=17 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"{52AFDBA4-9E1F-4814-99B2-B035AE1F93B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{561C71A6-9BD6-433A-B497-C9D68825F2EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{571D607A-2D88-4576-9D42-B42A91118BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{6B7E79E0-0943-4C53-B9A1-2AFBD7FE37F7}" = protocol=17 | dir=in | app=d:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{6CF68581-0792-4B4E-BB1E-152DC4A4CCDA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6FA38EEB-06A5-4469-BE9F-16FB7CB8C324}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{729748E1-984B-4DDE-81A8-C234D33550EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{740D1A93-6B89-4FE8-BD7E-C1ED93B016D6}" = protocol=17 | dir=in | app=d:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{7C01AFA2-5E8F-4AE6-898E-D2ACB32E1A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7D6EB6ED-7CCF-411D-B963-1093780B9C03}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8A6A5B46-4818-45B8-B3A6-EA5C0B3C6348}" = protocol=6 | dir=in | app=d:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{8AC6BA82-D453-4F80-8515-8E2F0A3A3B8F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{8D990135-1754-4FC7-A4F2-8D7E32EF5162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F7252B1-547C-4142-8BDC-D56FD9B57CDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{95B1DFF6-F957-47AD-BD31-238F1E377584}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9C55FDBE-028F-4953-BF16-0C0BB4B6C864}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D435145-3AF7-4A2B-B688-00F47076AF53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A3906316-A67B-4637-A131-F00B476D8F13}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{A6FC4BE5-3689-4BC6-8D3A-813AB6617EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7455575-D620-49FB-B152-162753705AF9}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{A8512FC4-B5A6-4C4B-8DF9-FF98C3781AAD}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{B2DEB9AA-C24F-4513-AC87-49FA054B614B}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{B56A82EA-15A8-430B-B9CE-F33E1F0FF465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEB92122-7D75-4158-AEA4-E0C6650C7885}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | 
"{CC34DA4D-C383-4455-AA6A-14FB6A9F58B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D01A44C3-117C-4F76-AAEC-38374995D0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{D269D2C5-65A5-47DB-9BA3-66BDBC1A4877}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2013\3dsmax.exe | 
"{D5FD933A-2C23-4CFC-8870-9B0AC071D550}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{D95C82E3-78D8-4E4E-A6FA-A5532BDAF568}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{DD2D7F70-1C70-4EC1-889F-A6F864FD2E71}" = protocol=6 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"{E647F24E-AC4B-4698-9491-34FFE54F4774}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2013\3dsmax.exe | 
"{E84A76ED-77E8-4A1D-957F-6757E0B6181D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E9F0F513-DA00-4975-B118-91A1F44DB43C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EA6CA3E7-4B8D-4C21-9577-173DD34E42B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F54EA94F-CA7D-4338-AE98-6879DD797CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{F67C5862-00EE-434C-9067-E46B7D6099CB}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | 
"{F7C27FDE-4126-4DA2-853B-28C5CADAEC51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB0D987B-7881-4147-A828-8139A36606D9}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{FED9FD0A-A7C6-4FC4-A302-90E97FEC7BD4}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{FF158508-9A18-4B75-B134-D2C88D717D3A}" = protocol=17 | dir=in | app=d:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"TCP Query User{14D61502-AABC-4FE5-929D-2B280E72075E}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1E771D33-1F46-4066-8808-2AB9699A2B16}D:\program files (x86)\iomega\discovery tool home\discovery home.exe" = protocol=6 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"TCP Query User{257CAC12-6E8F-46EE-906A-C4E436EC78F1}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"TCP Query User{458E9D0F-B5B3-4A4A-839B-B2C45EA1F3AF}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{4A11545D-14C3-4969-A451-79FF28EF0D1F}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"TCP Query User{5AD02549-854F-4B3E-908E-2AA3EE2971D3}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"TCP Query User{854BE249-2E46-46E7-B787-F085DF354549}D:\program files\autodesk\showcase 2013\bin\showcase.exe" = protocol=6 | dir=in | app=d:\program files\autodesk\showcase 2013\bin\showcase.exe | 
"TCP Query User{87291A74-0FA2-4679-BBE0-78C7750A20D2}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"TCP Query User{8FD1C42B-6759-475E-8A7C-0B657AA8C374}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9B6D5689-3B39-4E52-AA37-EE7CDD4B4B2A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C857A31A-9ACC-48B6-A627-C319B3390009}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{D85C7314-3731-4FE6-A57F-05AB29E96539}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"TCP Query User{EBF60DCB-3292-416B-AD2E-DDAC694C36CA}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{15573B22-E08A-4595-9825-E9CA00C0F1DE}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"UDP Query User{2E9D9A5D-9F46-43BE-9F63-37D6BC131A7B}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{461F6DC3-1C57-49D7-BE3F-885492711630}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"UDP Query User{47B711E5-E634-41C3-9C7F-8232649F29F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4F3F9E0F-4431-4EA5-A3E5-E831FAAACDD6}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4F4C98E8-CFA9-4A7A-819A-62339C23E260}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{8D612A24-E72C-41E3-A87F-B0E3E608425E}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{9E9034DE-130E-49E7-B0EA-0E9FA04FACF4}D:\program files (x86)\iomega\discovery tool home\discovery home.exe" = protocol=17 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"UDP Query User{A0204934-4E19-4527-832B-2B6C100C5679}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"UDP Query User{ABACD47B-0ABD-478B-AC78-E32886F60F37}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{BA7363AB-4FAA-492D-A104-8DCDB7A4178B}D:\program files\autodesk\showcase 2013\bin\showcase.exe" = protocol=17 | dir=in | app=d:\program files\autodesk\showcase 2013\bin\showcase.exe | 
"UDP Query User{C1F198A6-5D7D-450D-A0B9-10E2126269A1}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{C28961EC-78DE-42DD-860C-DE7D72575615}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{517AA17F-407C-4D2D-8A0C-56F1F989F870}" = O2Micro Flash Memory Card Windows Driver
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{C1AE48E1-5918-1BAD-0782-49FD7E643DB3}" = ATI AVIVO64 Codecs
"{C6735B9F-CD23-7083-9DA0-BBC204C627D1}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{E9FAEC29-DCA3-F797-55D6-1EB0A5A166A1}" = ATI Catalyst Install Manager
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"DWG TrueView 2013" = DWG TrueView 2013
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F4DB7F-3C64-9AF5-4003-D0207A47C0C0}" = CCC Help Greek
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{051ACBD0-2D55-5189-5AA8-E8BCE8AF6754}" = CCC Help Chinese Traditional
"{05702AF5-BA53-8E12-EE03-6C42170DCB7C}" = CCC Help Japanese
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CE2AE80-2759-0986-DA8E-DEBC3EB96C70}" = Catalyst Control Center Localization All
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{132E5B4B-1E1D-EC92-54C2-9359EDB96197}" = CCC Help Italian
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{183B008B-7A90-37C7-66A6-598D0B1E1CF9}" = Catalyst Control Center Graphics Full New
"{1ADFC547-FFD2-EEF9-ADBE-86014A8580DC}" = CCC Help English
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}" = Catalyst Control Center - Branding
"{2251188B-7A66-0F65-5AF2-664B128E2419}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{2B1E396B-036B-208A-B71A-48457D0204D3}" = CCC Help French
"{2F6CA58B-63B3-E3F0-1C5D-F2697E1AC76B}" = CCC Help German
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D53BD3-8565-3712-46DB-C3B6F9EBF65F}" = CCC Help Czech
"{39796CE0-67F7-1563-4752-CC8A4388309C}" = CCC Help Korean
"{3B16D652-425D-A278-6E5F-1C1A14527F55}" = CCC Help Danish
"{3D2EC303-579B-D414-567A-46073404D982}" = Catalyst Control Center Graphics Previews Vista
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{416228B6-4CCE-80F1-DBAC-E9231677119F}" = CCC Help Dutch
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48E8AD47-3A4F-CA5D-893F-B3A5BF898951}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5D380ADB-9F25-D91D-C530-9110566380B0}" = CCC Help Turkish
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67766DDD-8906-F54D-D43C-ED903F47226E}" = CCC Help Polish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78485BA2-9A57-863D-A8BD-047411DA6B71}" = CCC Help Portuguese
"{785DBC50-4A56-AC28-962D-C410E903BFBC}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8600BBA8-00CA-6F8E-DAD7-656DA7E8CC29}" = Catalyst Control Center InstallProxy
"{8835415D-0502-65E3-823B-E38E04D5B386}" = CCC Help Norwegian
"{929AD7C2-B82B-83D0-A212-CD6EEB7F3FD2}" = ccc-core-static
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9649286F-2787-EAEC-8A7D-743849E1F343}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E543FE-F71A-F8C3-FA1F-5E8B20DD0457}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B758D954-BAD3-C1EA-2570-3C605F17CF9F}" = CCC Help Thai
"{BB95AEB1-D017-1861-CC1F-9DDC092F7DAB}" = CCC Help Finnish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CD7AFCE6-E0F8-D256-0A10-3627EE6445A0}" = CCC Help Chinese Standard
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2EC19B8-DF0D-4EBF-C505-B6E8C5AAFAE7}" = Catalyst Control Center Core Implementation
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA48F00-3912-DD08-0510-8C437D00C022}" = CCC Help Spanish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"1489-3350-5074-6281" = JDownloader 0.9
"A309 DeviceStage" = A309 DeviceStage 1.0.0.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.64.61
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{517AA17F-407C-4D2D-8A0C-56F1F989F870}" = O2Micro Flash Memory Card Windows Driver
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"VLC media player" = VLC media player 2.0.3
"Zahlenzauber 1_is1" = Zahlenzauber 1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-60234808-489003216-2873783-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live (2)" = DC Universe Online Live (2)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.12.2012 12:45:02 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.12.2012 12:45:02 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 04.12.2012 13:55:20 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.12.2012 13:55:20 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.12.2012 13:55:20 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 04.12.2012 13:56:56 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.12.2012 13:56:56 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.12.2012 13:56:56 | Computer Name = Siebi-Lappi | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 04.12.2012 16:58:33 | Computer Name = Siebi-Lappi | Source = MsiInstaller | ID = 11310
Description = 
 
Error - 04.12.2012 16:58:54 | Computer Name = Siebi-Lappi | Source = MsiInstaller | ID = 11310
Description = 
 
[ System Events ]
Error - 03.12.2012 18:17:07 | Computer Name = Siebi-Lappi | Source = ipnathlp | ID = 31004
Description = 
 
Error - 04.12.2012 08:27:37 | Computer Name = Siebi-Lappi | Source = ipnathlp | ID = 31004
Description = 
 
Error - 04.12.2012 09:41:14 | Computer Name = Siebi-Lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?12.?2012 um 14:39:50 unerwartet heruntergefahren.
 
Error - 04.12.2012 09:44:38 | Computer Name = Siebi-Lappi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?12.?2012 um 14:43:02 unerwartet heruntergefahren.
 
Error - 04.12.2012 10:27:01 | Computer Name = Siebi-Lappi | Source = Service Control Manager | ID = 7034
Description = Dienst "mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit"
 wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error - 04.12.2012 10:29:14 | Computer Name = Siebi-Lappi | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 04.12.2012 10:31:18 | Computer Name = Siebi-Lappi | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 04.12.2012 10:31:43 | Computer Name = Siebi-Lappi | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 04.12.2012 12:39:44 | Computer Name = Siebi-Lappi | Source = BugCheck | ID = 1001
Description = 
 
Error - 04.12.2012 16:17:18 | Computer Name = Siebi-Lappi | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

--- --- ---

Schritt 2:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:20 on 04/12/2012 (Siebi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

Schritt 3:

Zitat:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 23:24:16
-----------------------------
23:24:16.763 OS Version: Windows x64 6.1.7601 Service Pack 1
23:24:16.763 Number of processors: 2 586 0x170A
23:24:16.764 ComputerName: SIEBI-LAPPI UserName: Siebi
23:24:16.914 Initialize success
23:24:29.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:24:29.630 Disk 0 Vendor: Corsair_ 2.0_ Size: 57241MB BusType: 3
23:24:29.635 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:24:29.639 Disk 1 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:24:29.644 Disk 0 MBR read successfully
23:24:29.648 Disk 0 MBR scan
23:24:29.651 Disk 0 Windows 7 default MBR code
23:24:29.655 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:24:29.659 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
23:24:29.665 Disk 0 scanning C:\Windows\system32\drivers
23:24:31.240 Service scanning
23:24:34.554 Modules scanning
23:24:34.570 Disk 0 trace - called modules:
23:24:34.579 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:24:34.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f40060]
23:24:34.813 3 CLASSPNP.SYS[fffff88001bb743f] -> nt!IofCallDriver -> [0xfffffa8003cf5340]
23:24:34.823 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003e9c050]
23:24:34.835 Scan finished successfully
23:24:51.778 Disk 0 MBR has been saved successfully to "C:\Users\Siebi\Desktop\MBR.dat"
23:24:51.786 The log file has been saved successfully to "C:\Users\Siebi\Desktop\aswMBR.txt"

benkei80 · 04.12.2012, 23:34

Schritt 4:

Zitat:

23:25:43.0638 4176 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:25:43.0726 4176 ============================================================
23:25:43.0726 4176 Current date / time: 2012/12/04 23:25:43.0726
23:25:43.0726 4176 SystemInfo:
23:25:43.0726 4176
23:25:43.0726 4176 OS Version: 6.1.7601 ServicePack: 1.0
23:25:43.0726 4176 Product type: Workstation
23:25:43.0726 4176 ComputerName: SIEBI-LAPPI
23:25:43.0727 4176 UserName: Siebi
23:25:43.0727 4176 Windows directory: C:\Windows
23:25:43.0727 4176 System windows directory: C:\Windows
23:25:43.0727 4176 Running under WOW64
23:25:43.0727 4176 Processor architecture: Intel x64
23:25:43.0727 4176 Number of processors: 2
23:25:43.0727 4176 Page size: 0x1000
23:25:43.0727 4176 Boot type: Normal boot
23:25:43.0727 4176 ============================================================
23:25:43.0969 4176 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:25:44.0303 4176 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:25:44.0307 4176 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:25:44.0740 4176 ============================================================
23:25:44.0740 4176 \Device\Harddisk0\DR0:
23:25:44.0741 4176 MBR partitions:
23:25:44.0741 4176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:25:44.0741 4176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
23:25:44.0741 4176 \Device\Harddisk1\DR1:
23:25:44.0741 4176 MBR partitions:
23:25:44.0741 4176 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:25:44.0741 4176 \Device\Harddisk2\DR2:
23:25:44.0741 4176 MBR partitions:
23:25:44.0741 4176 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
23:25:44.0741 4176 ============================================================
23:25:44.0742 4176 C: <-> \Device\Harddisk0\DR0\Partition2
23:25:44.0790 4176 D: <-> \Device\Harddisk1\DR1\Partition1
23:25:44.0823 4176 H: <-> \Device\Harddisk2\DR2\Partition1
23:25:44.0823 4176 ============================================================
23:25:44.0824 4176 Initialize success
23:25:44.0824 4176 ============================================================
23:25:47.0738 3648 ============================================================
23:25:47.0738 3648 Scan started
23:25:47.0738 3648 Mode: Manual;
23:25:47.0738 3648 ============================================================
23:25:47.0860 3648 ================ Scan system memory ========================
23:25:47.0860 3648 System memory - ok
23:25:47.0860 3648 ================ Scan services =============================
23:25:47.0911 3648 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:25:47.0914 3648 1394ohci - ok
23:25:47.0923 3648 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:25:47.0927 3648 ACPI - ok
23:25:47.0932 3648 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:25:47.0933 3648 AcpiPmi - ok
23:25:47.0946 3648 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:25:47.0951 3648 adp94xx - ok
23:25:47.0960 3648 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:25:47.0964 3648 adpahci - ok
23:25:47.0972 3648 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:25:47.0974 3648 adpu320 - ok
23:25:47.0982 3648 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:25:47.0984 3648 AeLookupSvc - ok
23:25:47.0998 3648 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:25:48.0003 3648 AFD - ok
23:25:48.0009 3648 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:25:48.0010 3648 agp440 - ok
23:25:48.0016 3648 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:25:48.0018 3648 ALG - ok
23:25:48.0023 3648 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:25:48.0024 3648 aliide - ok
23:25:48.0032 3648 [ 379CE947227AD69E8929A5F8E40C408B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:25:48.0035 3648 AMD External Events Utility - ok
23:25:48.0040 3648 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:25:48.0041 3648 amdide - ok
23:25:48.0047 3648 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:25:48.0048 3648 AmdK8 - ok
23:25:48.0135 3648 [ C6149E562AA9547BD0E4F09F8580423E ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
23:25:48.0197 3648 amdkmdag - ok
23:25:48.0205 3648 [ 5A3961237CCDA1F44A0F182814CFED05 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:25:48.0207 3648 amdkmdap - ok
23:25:48.0213 3648 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:25:48.0214 3648 AmdPPM - ok
23:25:48.0221 3648 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:25:48.0222 3648 amdsata - ok
23:25:48.0231 3648 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:25:48.0232 3648 amdsbs - ok
23:25:48.0238 3648 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:25:48.0239 3648 amdxata - ok
23:25:48.0245 3648 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:25:48.0246 3648 AppID - ok
23:25:48.0253 3648 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:25:48.0254 3648 AppIDSvc - ok
23:25:48.0260 3648 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:25:48.0261 3648 Appinfo - ok
23:25:48.0269 3648 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:25:48.0271 3648 Apple Mobile Device - ok
23:25:48.0280 3648 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:25:48.0282 3648 AppMgmt - ok
23:25:48.0289 3648 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:25:48.0290 3648 arc - ok
23:25:48.0296 3648 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:25:48.0297 3648 arcsas - ok
23:25:48.0314 3648 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:25:48.0319 3648 aspnet_state - ok
23:25:48.0324 3648 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:48.0325 3648 AsyncMac - ok
23:25:48.0331 3648 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:25:48.0331 3648 atapi - ok
23:25:48.0411 3648 [ C6149E562AA9547BD0E4F09F8580423E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:25:48.0473 3648 atikmdag - ok
23:25:48.0489 3648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:25:48.0497 3648 AudioEndpointBuilder - ok
23:25:48.0509 3648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:25:48.0513 3648 AudioSrv - ok
23:25:48.0523 3648 [ 7A122973B51661F189F157002FFAA5AA ] AVerAF15 C:\Windows\system32\Drivers\AVerAF15.sys
23:25:48.0526 3648 AVerAF15 - ok
23:25:48.0532 3648 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:25:48.0535 3648 AxInstSV - ok
23:25:48.0546 3648 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:25:48.0550 3648 b06bdrv - ok
23:25:48.0560 3648 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:25:48.0562 3648 b57nd60a - ok
23:25:48.0572 3648 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:25:48.0574 3648 BDESVC - ok
23:25:48.0579 3648 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:25:48.0580 3648 Beep - ok
23:25:48.0594 3648 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:25:48.0602 3648 BFE - ok
23:25:48.0616 3648 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:25:48.0626 3648 BITS - ok
23:25:48.0632 3648 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:25:48.0633 3648 blbdrive - ok
23:25:48.0645 3648 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:25:48.0651 3648 Bonjour Service - ok
23:25:48.0658 3648 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:25:48.0659 3648 bowser - ok
23:25:48.0664 3648 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:25:48.0665 3648 BrFiltLo - ok
23:25:48.0671 3648 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:25:48.0671 3648 BrFiltUp - ok
23:25:48.0679 3648 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:25:48.0680 3648 BridgeMP - ok
23:25:48.0687 3648 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:25:48.0689 3648 Browser - ok
23:25:48.0698 3648 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:25:48.0701 3648 Brserid - ok
23:25:48.0706 3648 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:25:48.0707 3648 BrSerWdm - ok
23:25:48.0713 3648 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:25:48.0713 3648 BrUsbMdm - ok
23:25:48.0719 3648 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:25:48.0720 3648 BrUsbSer - ok
23:25:48.0726 3648 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:25:48.0727 3648 BTHMODEM - ok
23:25:48.0737 3648 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:25:48.0739 3648 bthserv - ok
23:25:48.0743 3648 catchme - ok
23:25:48.0751 3648 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:25:48.0752 3648 cdfs - ok
23:25:48.0759 3648 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:25:48.0760 3648 cdrom - ok
23:25:48.0767 3648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:25:48.0769 3648 CertPropSvc - ok
23:25:48.0775 3648 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:25:48.0775 3648 circlass - ok
23:25:48.0785 3648 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:25:48.0789 3648 CLFS - ok
23:25:48.0797 3648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:48.0799 3648 clr_optimization_v2.0.50727_32 - ok
23:25:48.0807 3648 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:25:48.0809 3648 clr_optimization_v2.0.50727_64 - ok
23:25:48.0820 3648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:48.0830 3648 clr_optimization_v4.0.30319_32 - ok
23:25:48.0836 3648 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:25:48.0842 3648 clr_optimization_v4.0.30319_64 - ok
23:25:48.0848 3648 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:25:48.0849 3648 CmBatt - ok
23:25:48.0855 3648 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:25:48.0855 3648 cmdide - ok
23:25:48.0868 3648 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:25:48.0875 3648 CNG - ok
23:25:48.0881 3648 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:25:48.0881 3648 Compbatt - ok
23:25:48.0888 3648 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:25:48.0888 3648 CompositeBus - ok
23:25:48.0894 3648 COMSysApp - ok
23:25:48.0902 3648 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:25:48.0903 3648 crcdisk - ok
23:25:48.0912 3648 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:25:48.0914 3648 CryptSvc - ok
23:25:48.0927 3648 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:25:48.0932 3648 CSC - ok
23:25:48.0945 3648 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:25:48.0953 3648 CscService - ok
23:25:48.0966 3648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:25:48.0973 3648 DcomLaunch - ok
23:25:48.0981 3648 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:25:48.0985 3648 defragsvc - ok
23:25:48.0992 3648 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:25:48.0993 3648 DfsC - ok
23:25:49.0005 3648 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:25:49.0008 3648 Dhcp - ok
23:25:49.0014 3648 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:25:49.0015 3648 discache - ok
23:25:49.0022 3648 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:25:49.0023 3648 Disk - ok
23:25:49.0030 3648 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:25:49.0033 3648 Dnscache - ok
23:25:49.0041 3648 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:25:49.0045 3648 dot3svc - ok
23:25:49.0054 3648 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:25:49.0056 3648 DPS - ok
23:25:49.0062 3648 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:25:49.0062 3648 drmkaud - ok
23:25:49.0080 3648 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:25:49.0086 3648 DXGKrnl - ok
23:25:49.0093 3648 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:25:49.0095 3648 EapHost - ok
23:25:49.0136 3648 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:25:49.0169 3648 ebdrv - ok
23:25:49.0175 3648 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:25:49.0177 3648 EFS - ok
23:25:49.0191 3648 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:25:49.0199 3648 ehRecvr - ok
23:25:49.0205 3648 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:25:49.0207 3648 ehSched - ok
23:25:49.0219 3648 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:25:49.0224 3648 elxstor - ok
23:25:49.0230 3648 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:25:49.0230 3648 ErrDev - ok
23:25:49.0249 3648 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:25:49.0254 3648 EventSystem - ok
23:25:49.0261 3648 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:25:49.0263 3648 exfat - ok
23:25:49.0271 3648 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:25:49.0273 3648 fastfat - ok
23:25:49.0286 3648 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:25:49.0294 3648 Fax - ok
23:25:49.0300 3648 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:25:49.0301 3648 fdc - ok
23:25:49.0307 3648 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:25:49.0308 3648 fdPHost - ok
23:25:49.0313 3648 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:25:49.0315 3648 FDResPub - ok
23:25:49.0321 3648 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:25:49.0322 3648 FileInfo - ok
23:25:49.0327 3648 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:25:49.0328 3648 Filetrace - ok
23:25:49.0350 3648 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:25:49.0365 3648 FLEXnet Licensing Service 64 - ok
23:25:49.0371 3648 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:49.0372 3648 flpydisk - ok
23:25:49.0381 3648 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:25:49.0384 3648 FltMgr - ok
23:25:49.0402 3648 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:25:49.0415 3648 FontCache - ok
23:25:49.0422 3648 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:25:49.0423 3648 FontCache3.0.0.0 - ok
23:25:49.0429 3648 [ 44C86363D4673688E61F3C096B511811 ] FPSensor C:\Windows\system32\Drivers\FPSensor.sys
23:25:49.0430 3648 FPSensor - ok
23:25:49.0437 3648 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:25:49.0438 3648 FsDepends - ok
23:25:49.0444 3648 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:25:49.0445 3648 Fs_Rec - ok
23:25:49.0453 3648 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:25:49.0456 3648 fvevol - ok
23:25:49.0462 3648 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:25:49.0463 3648 gagp30kx - ok
23:25:49.0471 3648 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:49.0471 3648 GEARAspiWDM - ok
23:25:49.0486 3648 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:25:49.0494 3648 gpsvc - ok
23:25:49.0504 3648 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:25:49.0505 3648 gupdate - ok
23:25:49.0510 3648 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:25:49.0512 3648 gupdatem - ok
23:25:49.0521 3648 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:25:49.0521 3648 hcw85cir - ok
23:25:49.0530 3648 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:49.0534 3648 HdAudAddService - ok
23:25:49.0541 3648 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:25:49.0543 3648 HDAudBus - ok
23:25:49.0549 3648 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:49.0549 3648 HidBatt - ok
23:25:49.0558 3648 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:25:49.0559 3648 HidBth - ok
23:25:49.0564 3648 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:25:49.0565 3648 HidIr - ok
23:25:49.0574 3648 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:25:49.0575 3648 hidserv - ok
23:25:49.0581 3648 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:25:49.0581 3648 HidUsb - ok
23:25:49.0589 3648 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:25:49.0591 3648 hkmsvc - ok
23:25:49.0599 3648 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:25:49.0603 3648 HomeGroupListener - ok
23:25:49.0610 3648 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:25:49.0614 3648 HomeGroupProvider - ok
23:25:49.0621 3648 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:25:49.0622 3648 HpSAMD - ok
23:25:49.0636 3648 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:25:49.0643 3648 HTTP - ok
23:25:49.0650 3648 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:25:49.0650 3648 hwpolicy - ok
23:25:49.0657 3648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:25:49.0658 3648 i8042prt - ok
23:25:49.0668 3648 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:25:49.0671 3648 IAANTMON - ok
23:25:49.0682 3648 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:25:49.0685 3648 iaStor - ok
23:25:49.0695 3648 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:25:49.0699 3648 iaStorV - ok
23:25:49.0714 3648 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:25:49.0723 3648 idsvc - ok
23:25:49.0813 3648 [ AC4B14E985B2BB19386CC8203FE49BCD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:25:49.0886 3648 igfx - ok
23:25:49.0894 3648 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:25:49.0895 3648 iirsp - ok
23:25:49.0911 3648 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:25:49.0920 3648 IKEEXT - ok
23:25:49.0929 3648 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:25:49.0929 3648 intelide - ok
23:25:50.0016 3648 [ AC4B14E985B2BB19386CC8203FE49BCD ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
23:25:50.0099 3648 intelkmd - ok
23:25:50.0108 3648 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:25:50.0109 3648 intelppm - ok
23:25:50.0117 3648 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:25:50.0119 3648 IPBusEnum - ok
23:25:50.0125 3648 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:50.0126 3648 IpFilterDriver - ok
23:25:50.0137 3648 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:25:50.0144 3648 iphlpsvc - ok
23:25:50.0150 3648 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:25:50.0151 3648 IPMIDRV - ok
23:25:50.0158 3648 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:25:50.0159 3648 IPNAT - ok
23:25:50.0175 3648 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:25:50.0185 3648 iPod Service - ok
23:25:50.0190 3648 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:25:50.0191 3648 IRENUM - ok
23:25:50.0197 3648 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:25:50.0197 3648 isapnp - ok
23:25:50.0207 3648 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:25:50.0210 3648 iScsiPrt - ok
23:25:50.0220 3648 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:25:50.0222 3648 k57nd60a - ok
23:25:50.0228 3648 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:25:50.0229 3648 kbdclass - ok
23:25:50.0236 3648 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:25:50.0237 3648 kbdhid - ok
23:25:50.0243 3648 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:25:50.0244 3648 KeyIso - ok
23:25:50.0252 3648 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:25:50.0253 3648 KSecDD - ok
23:25:50.0262 3648 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:25:50.0264 3648 KSecPkg - ok
23:25:50.0271 3648 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:25:50.0272 3648 ksthunk - ok
23:25:50.0281 3648 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:25:50.0286 3648 KtmRm - ok
23:25:50.0294 3648 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:25:50.0298 3648 LanmanServer - ok
23:25:50.0305 3648 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:50.0309 3648 LanmanWorkstation - ok
23:25:50.0317 3648 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:25:50.0317 3648 lltdio - ok
23:25:50.0327 3648 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:25:50.0332 3648 lltdsvc - ok
23:25:50.0338 3648 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:25:50.0339 3648 lmhosts - ok
23:25:50.0349 3648 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:50.0350 3648 LSI_FC - ok
23:25:50.0357 3648 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:50.0358 3648 LSI_SAS - ok
23:25:50.0364 3648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:50.0365 3648 LSI_SAS2 - ok
23:25:50.0372 3648 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:50.0373 3648 LSI_SCSI - ok
23:25:50.0380 3648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:25:50.0381 3648 luafv - ok
23:25:50.0388 3648 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:25:50.0390 3648 Mcx2Svc - ok
23:25:50.0396 3648 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:25:50.0396 3648 megasas - ok
23:25:50.0406 3648 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:50.0409 3648 MegaSR - ok
23:25:50.0622 3648 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2013_64 D:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
23:25:50.0623 3648 mi-raysat_3dsmax2013_64 - ok
23:25:50.0770 3648 [ 551A5E070F5DF69A64463852E93009DD ] mitsijm2013 D:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
23:25:50.0776 3648 mitsijm2013 - ok
23:25:50.0784 3648 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:25:50.0787 3648 MMCSS - ok
23:25:50.0794 3648 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:25:50.0795 3648 Modem - ok
23:25:50.0802 3648 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:25:50.0803 3648 monitor - ok
23:25:50.0809 3648 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:25:50.0809 3648 mouclass - ok
23:25:50.0815 3648 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:25:50.0816 3648 mouhid - ok
23:25:50.0824 3648 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:25:50.0825 3648 mountmgr - ok
23:25:50.0832 3648 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:25:50.0834 3648 mpio - ok
23:25:50.0840 3648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:25:50.0841 3648 mpsdrv - ok
23:25:50.0856 3648 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:25:50.0866 3648 MpsSvc - ok
23:25:50.0873 3648 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:25:50.0875 3648 MRxDAV - ok
23:25:50.0882 3648 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:50.0883 3648 mrxsmb - ok
23:25:50.0892 3648 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:50.0895 3648 mrxsmb10 - ok
23:25:50.0903 3648 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:50.0904 3648 mrxsmb20 - ok
23:25:50.0910 3648 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:25:50.0910 3648 msahci - ok
23:25:50.0917 3648 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:25:50.0919 3648 msdsm - ok
23:25:50.0926 3648 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:25:50.0929 3648 MSDTC - ok
23:25:50.0940 3648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:25:50.0941 3648 Msfs - ok
23:25:50.0946 3648 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:25:50.0947 3648 mshidkmdf - ok
23:25:50.0954 3648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:25:50.0954 3648 msisadrv - ok
23:25:50.0962 3648 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:25:50.0964 3648 MSiSCSI - ok
23:25:50.0970 3648 msiserver - ok
23:25:50.0976 3648 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:25:50.0977 3648 MSKSSRV - ok
23:25:50.0984 3648 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:50.0984 3648 MSPCLOCK - ok
23:25:50.0990 3648 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:25:50.0991 3648 MSPQM - ok
23:25:51.0002 3648 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:25:51.0006 3648 MsRPC - ok
23:25:51.0015 3648 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:25:51.0016 3648 mssmbios - ok
23:25:51.0022 3648 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:25:51.0022 3648 MSTEE - ok
23:25:51.0029 3648 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:51.0029 3648 MTConfig - ok
23:25:51.0036 3648 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:25:51.0037 3648 Mup - ok
23:25:51.0048 3648 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:25:51.0055 3648 napagent - ok
23:25:51.0065 3648 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:25:51.0068 3648 NativeWifiP - ok
23:25:51.0085 3648 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:25:51.0094 3648 NDIS - ok
23:25:51.0101 3648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:51.0102 3648 NdisCap - ok
23:25:51.0107 3648 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:51.0108 3648 NdisTapi - ok
23:25:51.0114 3648 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:51.0115 3648 Ndisuio - ok
23:25:51.0123 3648 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:51.0125 3648 NdisWan - ok
23:25:51.0131 3648 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:25:51.0132 3648 NDProxy - ok
23:25:51.0139 3648 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:25:51.0140 3648 NetBIOS - ok
23:25:51.0148 3648 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:25:51.0151 3648 NetBT - ok
23:25:51.0156 3648 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:25:51.0158 3648 Netlogon - ok
23:25:51.0167 3648 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:25:51.0172 3648 Netman - ok
23:25:51.0178 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:51.0182 3648 NetMsmqActivator - ok
23:25:51.0187 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:51.0188 3648 NetPipeActivator - ok
23:25:51.0199 3648 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:25:51.0205 3648 netprofm - ok
23:25:51.0210 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:51.0212 3648 NetTcpActivator - ok
23:25:51.0217 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:51.0219 3648 NetTcpPortSharing - ok
23:25:51.0306 3648 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
23:25:51.0390 3648 NETw5s64 - ok
23:25:51.0462 3648 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:25:51.0516 3648 netw5v64 - ok
23:25:51.0524 3648 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:51.0524 3648 nfrd960 - ok
23:25:51.0533 3648 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:25:51.0537 3648 NlaSvc - ok
23:25:51.0543 3648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:25:51.0544 3648 Npfs - ok
23:25:51.0549 3648 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:25:51.0551 3648 nsi - ok
23:25:51.0557 3648 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:25:51.0558 3648 nsiproxy - ok
23:25:51.0586 3648 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:25:51.0603 3648 Ntfs - ok
23:25:51.0609 3648 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:25:51.0609 3648 Null - ok
23:25:51.0617 3648 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:25:51.0618 3648 nvraid - ok
23:25:51.0625 3648 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:25:51.0627 3648 nvstor - ok
23:25:51.0633 3648 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:25:51.0635 3648 nv_agp - ok
23:25:51.0641 3648 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
23:25:51.0642 3648 O2FLASH - ok
23:25:51.0648 3648 [ BA0C14C48BB54AC292245BD8D30AA6F5 ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
23:25:51.0649 3648 O2MDGRDR - ok
23:25:51.0655 3648 [ 4C9C52D9F4EA5579FF70123004B9FD06 ] O2SDGRDR C:\Windows\system32\DRIVERS\o2sdgx64.sys
23:25:51.0656 3648 O2SDGRDR - ok
23:25:51.0662 3648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:25:51.0663 3648 ohci1394 - ok
23:25:51.0673 3648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:25:51.0677 3648 p2pimsvc - ok
23:25:51.0688 3648 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:25:51.0694 3648 p2psvc - ok
23:25:51.0700 3648 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:25:51.0701 3648 Parport - ok
23:25:51.0707 3648 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:25:51.0709 3648 partmgr - ok
23:25:51.0717 3648 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:25:51.0720 3648 PcaSvc - ok
23:25:51.0728 3648 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:25:51.0730 3648 pci - ok
23:25:51.0737 3648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:25:51.0738 3648 pciide - ok
23:25:51.0746 3648 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:51.0748 3648 pcmcia - ok
23:25:51.0754 3648 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:25:51.0755 3648 pcw - ok
23:25:51.0767 3648 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:25:51.0774 3648 PEAUTH - ok
23:25:51.0795 3648 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:25:51.0809 3648 PeerDistSvc - ok
23:25:51.0837 3648 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:25:51.0838 3648 PerfHost - ok
23:25:51.0868 3648 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:25:51.0883 3648 pla - ok
23:25:51.0894 3648 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:25:51.0900 3648 PlugPlay - ok
23:25:51.0905 3648 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:25:51.0908 3648 PNRPAutoReg - ok
23:25:51.0917 3648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:25:51.0920 3648 PNRPsvc - ok
23:25:51.0932 3648 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:25:51.0938 3648 PolicyAgent - ok
23:25:51.0947 3648 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:25:51.0951 3648 Power - ok
23:25:51.0957 3648 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:25:51.0958 3648 PptpMiniport - ok
23:25:51.0964 3648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:25:51.0965 3648 Processor - ok
23:25:51.0973 3648 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:25:51.0977 3648 ProfSvc - ok
23:25:51.0982 3648 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:51.0984 3648 ProtectedStorage - ok
23:25:51.0991 3648 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:25:51.0993 3648 Psched - ok
23:25:51.0999 3648 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:25:52.0000 3648 PxHlpa64 - ok
23:25:52.0024 3648 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:25:52.0040 3648 ql2300 - ok
23:25:52.0047 3648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:52.0048 3648 ql40xx - ok
23:25:52.0056 3648 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:25:52.0060 3648 QWAVE - ok
23:25:52.0066 3648 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:25:52.0067 3648 QWAVEdrv - ok
23:25:52.0073 3648 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:25:52.0073 3648 RasAcd - ok
23:25:52.0080 3648 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:52.0081 3648 RasAgileVpn - ok
23:25:52.0088 3648 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:25:52.0090 3648 RasAuto - ok
23:25:52.0097 3648 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:52.0098 3648 Rasl2tp - ok
23:25:52.0108 3648 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:25:52.0113 3648 RasMan - ok
23:25:52.0120 3648 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:52.0121 3648 RasPppoe - ok
23:25:52.0127 3648 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:25:52.0129 3648 RasSstp - ok
23:25:52.0138 3648 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:25:52.0141 3648 rdbss - ok
23:25:52.0147 3648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:52.0147 3648 rdpbus - ok
23:25:52.0154 3648 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:52.0155 3648 RDPCDD - ok
23:25:52.0165 3648 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:25:52.0167 3648 RDPDR - ok
23:25:52.0172 3648 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:25:52.0173 3648 RDPENCDD - ok
23:25:52.0181 3648 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:25:52.0182 3648 RDPREFMP - ok
23:25:52.0192 3648 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:25:52.0194 3648 RDPWD - ok
23:25:52.0203 3648 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:25:52.0205 3648 rdyboost - ok
23:25:52.0211 3648 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:25:52.0214 3648 RemoteAccess - ok
23:25:52.0221 3648 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:25:52.0225 3648 RemoteRegistry - ok
23:25:52.0231 3648 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:25:52.0234 3648 RpcEptMapper - ok
23:25:52.0239 3648 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:25:52.0241 3648 RpcLocator - ok
23:25:52.0251 3648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:25:52.0255 3648 RpcSs - ok
23:25:52.0261 3648 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:25:52.0262 3648 rspndr - ok
23:25:52.0270 3648 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:25:52.0271 3648 s3cap - ok
23:25:52.0276 3648 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:25:52.0278 3648 SamSs - ok
23:25:52.0285 3648 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:25:52.0286 3648 sbp2port - ok
23:25:52.0293 3648 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:25:52.0297 3648 SCardSvr - ok
23:25:52.0304 3648 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:25:52.0305 3648 scfilter - ok
23:25:52.0321 3648 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:25:52.0334 3648 Schedule - ok
23:25:52.0340 3648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:25:52.0341 3648 SCPolicySvc - ok
23:25:52.0347 3648 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:25:52.0349 3648 sdbus - ok
23:25:52.0356 3648 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:25:52.0359 3648 SDRSVC - ok
23:25:52.0366 3648 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:25:52.0366 3648 secdrv - ok
23:25:52.0372 3648 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:25:52.0375 3648 seclogon - ok
23:25:52.0380 3648 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:25:52.0383 3648 SENS - ok
23:25:52.0388 3648 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:25:52.0390 3648 SensrSvc - ok
23:25:52.0396 3648 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:25:52.0396 3648 Serenum - ok
23:25:52.0403 3648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:25:52.0404 3648 Serial - ok
23:25:52.0410 3648 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:25:52.0411 3648 sermouse - ok
23:25:52.0426 3648 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:25:52.0429 3648 SessionEnv - ok
23:25:52.0434 3648 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:25:52.0435 3648 sffdisk - ok
23:25:52.0440 3648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:25:52.0441 3648 sffp_mmc - ok
23:25:52.0447 3648 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:25:52.0448 3648 sffp_sd - ok
23:25:52.0455 3648 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:52.0455 3648 sfloppy - ok
23:25:52.0465 3648 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:25:52.0470 3648 SharedAccess - ok
23:25:52.0479 3648 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:52.0484 3648 ShellHWDetection - ok
23:25:52.0490 3648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:52.0491 3648 SiSRaid2 - ok
23:25:52.0497 3648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:52.0498 3648 SiSRaid4 - ok
23:25:52.0504 3648 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:25:52.0505 3648 Smb - ok
23:25:52.0516 3648 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:25:52.0518 3648 SNMPTRAP - ok
23:25:52.0524 3648 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:25:52.0524 3648 spldr - ok
23:25:52.0536 3648 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:25:52.0543 3648 Spooler - ok
23:25:52.0598 3648 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:25:52.0642 3648 sppsvc - ok
23:25:52.0649 3648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:25:52.0651 3648 sppuinotify - ok
23:25:52.0667 3648 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
23:25:52.0676 3648 sptd - ok
23:25:52.0687 3648 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:25:52.0692 3648 srv - ok
23:25:52.0703 3648 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:25:52.0707 3648 srv2 - ok
23:25:52.0714 3648 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:25:52.0716 3648 srvnet - ok
23:25:52.0724 3648 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:25:52.0727 3648 SSDPSRV - ok
23:25:52.0734 3648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:25:52.0736 3648 SstpSvc - ok
23:25:52.0741 3648 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:25:52.0742 3648 stexstor - ok
23:25:52.0755 3648 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:25:52.0762 3648 stisvc - ok
23:25:52.0769 3648 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:25:52.0770 3648 storflt - ok
23:25:52.0775 3648 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:25:52.0778 3648 StorSvc - ok
23:25:52.0784 3648 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:25:52.0785 3648 storvsc - ok
23:25:52.0791 3648 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:25:52.0792 3648 swenum - ok
23:25:52.0805 3648 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:25:52.0811 3648 SwitchBoard - ok
23:25:52.0823 3648 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:25:52.0829 3648 swprv - ok
23:25:52.0858 3648 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:25:52.0877 3648 SysMain - ok
23:25:52.0884 3648 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:52.0887 3648 TabletInputService - ok
23:25:52.0895 3648 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:25:52.0900 3648 TapiSrv - ok
23:25:52.0906 3648 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:25:52.0908 3648 TBS - ok
23:25:52.0935 3648 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:25:52.0955 3648 Tcpip - ok
23:25:52.0982 3648 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:25:52.0993 3648 TCPIP6 - ok
23:25:53.0003 3648 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:25:53.0004 3648 tcpipreg - ok
23:25:53.0011 3648 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:25:53.0012 3648 TDPIPE - ok
23:25:53.0019 3648 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:25:53.0020 3648 TDTCP - ok
23:25:53.0027 3648 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:25:53.0028 3648 tdx - ok
23:25:53.0034 3648 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:25:53.0035 3648 TermDD - ok
23:25:53.0048 3648 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:25:53.0057 3648 TermService - ok
23:25:53.0062 3648 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:25:53.0065 3648 Themes - ok
23:25:53.0071 3648 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:25:53.0072 3648 THREADORDER - ok
23:25:53.0078 3648 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:25:53.0081 3648 TrkWks - ok
23:25:53.0088 3648 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:53.0090 3648 TrustedInstaller - ok
23:25:53.0099 3648 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:53.0100 3648 tssecsrv - ok
23:25:53.0107 3648 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:25:53.0108 3648 TsUsbFlt - ok
23:25:53.0115 3648 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:25:53.0117 3648 tunnel - ok
23:25:53.0123 3648 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:25:53.0124 3648 uagp35 - ok
23:25:53.0134 3648 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:25:53.0138 3648 udfs - ok
23:25:53.0150 3648 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:25:53.0153 3648 UI0Detect - ok
23:25:53.0158 3648 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:25:53.0159 3648 uliagpkx - ok
23:25:53.0165 3648 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:25:53.0166 3648 umbus - ok
23:25:53.0172 3648 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:25:53.0173 3648 UmPass - ok
23:25:53.0181 3648 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:25:53.0185 3648 UmRdpService - ok
23:25:53.0194 3648 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:25:53.0199 3648 upnphost - ok
23:25:53.0205 3648 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:25:53.0206 3648 USBAAPL64 - ok
23:25:53.0213 3648 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:53.0214 3648 usbccgp - ok
23:25:53.0221 3648 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:25:53.0222 3648 usbcir - ok
23:25:53.0228 3648 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:25:53.0228 3648 usbehci - ok
23:25:53.0241 3648 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:25:53.0244 3648 usbhub - ok
23:25:53.0250 3648 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:25:53.0251 3648 usbohci - ok
23:25:53.0257 3648 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:25:53.0258 3648 usbprint - ok
23:25:53.0264 3648 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:53.0266 3648 USBSTOR - ok
23:25:53.0271 3648 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:25:53.0272 3648 usbuhci - ok
23:25:53.0280 3648 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:25:53.0282 3648 usbvideo - ok
23:25:53.0288 3648 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:25:53.0290 3648 UxSms - ok
23:25:53.0295 3648 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:25:53.0297 3648 VaultSvc - ok
23:25:53.0302 3648 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:25:53.0303 3648 vdrvroot - ok
23:25:53.0315 3648 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:25:53.0322 3648 vds - ok
23:25:53.0327 3648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:53.0328 3648 vga - ok
23:25:53.0334 3648 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:25:53.0335 3648 VgaSave - ok
23:25:53.0344 3648 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:25:53.0346 3648 vhdmp - ok
23:25:53.0352 3648 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:25:53.0353 3648 viaide - ok
23:25:53.0361 3648 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:25:53.0363 3648 vmbus - ok
23:25:53.0369 3648 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:25:53.0370 3648 VMBusHID - ok
23:25:53.0376 3648 [ 07D7AF037BBA0E85A6D1138CE5D584A6 ] vNICdrv C:\Windows\system32\DRIVERS\vNICdrv.sys
23:25:53.0377 3648 vNICdrv - ok
23:25:53.0384 3648 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:25:53.0385 3648 volmgr - ok
23:25:53.0394 3648 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:25:53.0398 3648 volmgrx - ok
23:25:53.0407 3648 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:25:53.0410 3648 volsnap - ok
23:25:53.0418 3648 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
23:25:53.0420 3648 vpcbus - ok
23:25:53.0426 3648 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:25:53.0427 3648 vpcnfltr - ok
23:25:53.0434 3648 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
23:25:53.0435 3648 vpcusb - ok
23:25:53.0440 3648 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
23:25:53.0441 3648 vpcuxd - ok
23:25:53.0451 3648 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
23:25:53.0454 3648 vpcvmm - ok
23:25:53.0461 3648 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:53.0463 3648 vsmraid - ok
23:25:53.0487 3648 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:25:53.0505 3648 VSS - ok
23:25:53.0510 3648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:25:53.0511 3648 vwifibus - ok
23:25:53.0517 3648 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:53.0519 3648 vwififlt - ok
23:25:53.0524 3648 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:25:53.0525 3648 vwifimp - ok
23:25:53.0536 3648 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:25:53.0541 3648 W32Time - ok
23:25:53.0550 3648 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:25:53.0551 3648 WacomPen - ok
23:25:53.0557 3648 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:25:53.0559 3648 WANARP - ok
23:25:53.0563 3648 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:25:53.0564 3648 Wanarpv6 - ok
23:25:53.0588 3648 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:25:53.0605 3648 wbengine - ok
23:25:53.0613 3648 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:25:53.0617 3648 WbioSrvc - ok
23:25:53.0626 3648 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:25:53.0632 3648 wcncsvc - ok
23:25:53.0638 3648 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:53.0640 3648 WcsPlugInService - ok
23:25:53.0646 3648 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:25:53.0647 3648 Wd - ok
23:25:53.0662 3648 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:25:53.0670 3648 Wdf01000 - ok
23:25:53.0676 3648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:25:53.0679 3648 WdiServiceHost - ok
23:25:53.0691 3648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:25:53.0693 3648 WdiSystemHost - ok
23:25:53.0702 3648 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:25:53.0706 3648 WebClient - ok
23:25:53.0714 3648 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:25:53.0718 3648 Wecsvc - ok
23:25:53.0724 3648 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:25:53.0727 3648 wercplsupport - ok
23:25:53.0733 3648 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:25:53.0736 3648 WerSvc - ok
23:25:53.0741 3648 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:53.0742 3648 WfpLwf - ok
23:25:53.0749 3648 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:25:53.0750 3648 WIMMount - ok
23:25:53.0756 3648 [ 54D68B92DC59FBBA95919C804A7C3E07 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
23:25:53.0757 3648 winbondcir - ok
23:25:53.0761 3648 WinDefend - ok
23:25:53.0772 3648 WinHttpAutoProxySvc - ok
23:25:53.0785 3648 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:25:53.0788 3648 Winmgmt - ok
23:25:53.0817 3648 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:25:53.0839 3648 WinRM - ok
23:25:53.0852 3648 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:53.0852 3648 WinUsb - ok
23:25:53.0868 3648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:25:53.0879 3648 Wlansvc - ok
23:25:53.0885 3648 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:25:53.0886 3648 WmiAcpi - ok
23:25:53.0896 3648 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:25:53.0899 3648 wmiApSrv - ok
23:25:53.0903 3648 WMPNetworkSvc - ok
23:25:53.0911 3648 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:25:53.0913 3648 WPCSvc - ok
23:25:53.0920 3648 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:25:53.0923 3648 WPDBusEnum - ok
23:25:53.0929 3648 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:25:53.0929 3648 ws2ifsl - ok
23:25:53.0936 3648 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:25:53.0939 3648 wscsvc - ok
23:25:53.0944 3648 WSearch - ok
23:25:53.0982 3648 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:25:54.0008 3648 wuauserv - ok
23:25:54.0015 3648 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:25:54.0016 3648 WudfPf - ok
23:25:54.0024 3648 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:54.0025 3648 WUDFRd - ok
23:25:54.0033 3648 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:25:54.0035 3648 wudfsvc - ok
23:25:54.0043 3648 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:25:54.0048 3648 WwanSvc - ok
23:25:54.0059 3648 ================ Scan global ===============================
23:25:54.0064 3648 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:25:54.0071 3648 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:25:54.0081 3648 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:25:54.0087 3648 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:25:54.0095 3648 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:25:54.0101 3648 [Global] - ok
23:25:54.0101 3648 ================ Scan MBR ==================================
23:25:54.0104 3648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:54.0209 3648 \Device\Harddisk0\DR0 - ok
23:25:54.0238 3648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:25:54.0241 3648 \Device\Harddisk1\DR1 - ok
23:25:54.0246 3648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:25:54.0251 3648 \Device\Harddisk2\DR2 - ok
23:25:54.0252 3648 ================ Scan VBR ==================================
23:25:54.0255 3648 [ 2C1890EC9FBE528D06A78C784AA35547 ] \Device\Harddisk0\DR0\Partition1
23:25:54.0256 3648 \Device\Harddisk0\DR0\Partition1 - ok
23:25:54.0260 3648 [ 70A146670D4B957128F1D96393038712 ] \Device\Harddisk0\DR0\Partition2
23:25:54.0261 3648 \Device\Harddisk0\DR0\Partition2 - ok
23:25:54.0271 3648 [ 15E6E10F55353997AC8231444ED3F6C8 ] \Device\Harddisk1\DR1\Partition1
23:25:54.0273 3648 \Device\Harddisk1\DR1\Partition1 - ok
23:25:54.0276 3648 [ 071CC4652C6C54529E8F2E7951097B65 ] \Device\Harddisk2\DR2\Partition1
23:25:54.0279 3648 \Device\Harddisk2\DR2\Partition1 - ok
23:25:54.0279 3648 ============================================================
23:25:54.0279 3648 Scan finished
23:25:54.0279 3648 ============================================================
23:25:54.0293 1576 Detected object count: 0
23:25:54.0293 1576 Actual detected object count: 0

M-K-D-B · 05.12.2012, 18:18

Servus,

Bevor wir weitermachen, habe ich noch ein paar Fragen:

Wieso führst du ComboFix ohne Anweisung aus? Und wenn du es schon ausführst, dann poste bitte auch gleich die Logdatei mit, ansonsten hat das keinen Sinn.

Zitat:

Hat wahrscheinlich nicht direkt was mit dem Systemcrash zu tun, aber du solltest Daten von den Laufwerken C: und D: auf externe Datenträger auslagern, da deine Festplatte(n) fast voll sind.

15% sollten auf jeden Fall Frei sein.

Wieso ist kein Anti-Viren-Programm auf dem Rechner installiert?

benkei80 · 05.12.2012, 21:29

Ich habe ComboFix ausgeführt, weil ich das hier im Forum gelesen hatte und da noch nicht vor hatte einen eigenen Thread zu öffnen.

Auf C: sind wirklich nur Programme installiert, soll ich welche davon deinstallieren?

Welches Virenprogramm sollte ich denn installieren?
ComboFix
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-02.01 - Siebi 04.12.2012  15:27:03.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3997.2651 [GMT 1:00]
ausgeführt von:: c:\users\Siebi\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Siebi\Documents\~Langes Brett.dwg.3424.tmp
c:\users\Siebi\Documents\~Langes Brett.dwg.4728.tmp
c:\users\Siebi\Documents\~Puppenwagen V4.dwg.4164.tmp
c:\users\Siebi\Documents\~Puppenwagen V4.dwg.4728.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-04 bis 2012-12-04  ))))))))))))))))))))))))))))))
.
.
2012-12-04 14:31 . 2012-12-04 14:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-04 13:57 . 2012-12-04 13:57	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{17C202BC-11E9-4050-9333-54E7FEFBCCF2}\offreg.dll
2012-11-30 15:19 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{17C202BC-11E9-4050-9333-54E7FEFBCCF2}\mpengine.dll
2012-11-25 22:26 . 2012-11-25 22:26	--------	d-----w-	c:\program files (x86)\Google
2012-11-25 22:26 . 2012-11-25 22:26	--------	d-----w-	c:\users\Siebi\AppData\Local\Google
2012-11-14 07:50 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-14 07:50 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 07:50 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 07:50 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 07:44 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 07:44 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 07:44 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-14 07:44 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 07:44 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 07:44 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 07:44 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 07:45 . 2012-07-31 19:36	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-06 09:13 . 2012-07-31 19:37	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-06 09:13 . 2012-07-31 19:37	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 07:54 . 2012-10-22 07:54	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 07:41	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:41	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:41	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-09-04 12:54	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19 . 2012-10-13 19:22	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-13 19:22	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Akamai NetSession Interface"="c:\users\Siebi\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-16 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Twonky Tray Control.lnk - c:\program files (x86)\TwonkyMedia\twonkymediaserverconfig.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;d:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-07 1432400]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys [2012-05-11 20048]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-08-02 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-16 202752]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2012-07-31 29184]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;d:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]
S3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys [2009-05-22 311424]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2009-07-16 7342432]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-07 69152]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-05-07 48800]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 22:26]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 22:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-16 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-16 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-16 365592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 80.69.100.102 80.69.103.78 192.168.1.1
FF - ProfilePath - c:\users\Siebi\AppData\Roaming\Mozilla\Firefox\Profiles\f3f3o73t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files (x86)\AVerMedia\AVerMedia A309 (MiniCard
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-04  15:33:59
ComboFix-quarantined-files.txt  2012-12-04 14:33
.
Vor Suchlauf: 6.770.012.160 Bytes frei
Nach Suchlauf: 7.154.966.528 Bytes frei
.
- - End Of File - - E30029BDBB99B08ACB272BE9B68F8C8E

--- --- ---

M-K-D-B · 06.12.2012, 19:04

Servus,

zu den Programmen und dem AV-Tool kommen wir später.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen. Drücke eine beliebige Taste, um den Suchlauf zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die beiden Logdateien von OTL.

benkei80 · 09.12.2012, 07:46

adwcleaner:

Zitat:

# AdwCleaner v2.011 - Datei am 09/12/2012 um 07:43:50 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Siebi - SIEBI-LAPPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Siebi\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Users\Siebi\AppData\LocalLow\facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.facemoods.com/?a=ddrnw --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Siebi\AppData\Roaming\Mozilla\Firefox\Profiles\f3f3o73t.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2379 octets] - [09/12/2012 07:42:57]
AdwCleaner[S1].txt - [2234 octets] - [09/12/2012 07:43:50]

########## EOF - C:\AdwCleaner[S1].txt - [2294 octets] ##########

JRT:

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.0.0 (12.08.2012:4)
OS: Windows 7 Professional x64
Ran by Siebi on 09.12.2012 at 7:46:51,78
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Siebi\AppData\Roaming\software4u"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.12.2012 at 7:53:58,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL:
OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 09.12.2012 07:55:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siebi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 64,43% Memory free
7,80 Gb Paging File | 6,27 Gb Available in Paging File | 80,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,31 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 15,52 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 338,20 Gb Free Space | 72,61% Space Free | Partition Type: NTFS
Drive G: | 31,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: FAT
Drive H: | 14,73 Gb Total Space | 14,73 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: SIEBI-LAPPI | User Name: Siebi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.12.04 23:01:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siebi\Downloads\OTL.exe
PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.11.25 23:26:16 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
PRC - [2012.11.05 09:50:12 | 000,377,800 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2012.10.16 10:14:43 | 002,465,232 | ---- | M] (VTech) -- D:\Program Files (x86)\VTech\DownloadManager\System\DownloadManager.exe
PRC - [2012.08.10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.23 16:32:20 | 001,632,216 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
PRC - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () -- D:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
PRC - [2010.10.25 14:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012.11.06 10:13:47 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.11.05 09:50:12 | 000,377,800 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2012.08.06 10:54:24 | 009,843,640 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.19 04:27:05 | 000,094,120 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\Applications\Storio_DE_ger\VTechDiskAccessLib_unicode.dll
MOD - [2010.11.11 10:24:31 | 000,028,160 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010.10.25 14:15:46 | 000,019,968 | ---- | M] () -- D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2010.07.29 04:56:12 | 000,120,216 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\VTech2010USBDllU.dll
MOD - [2010.07.13 14:07:23 | 007,826,432 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010.07.05 10:19:39 | 000,116,736 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010.06.24 02:16:19 | 002,150,400 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010.06.02 06:05:40 | 000,119,808 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010.06.02 03:56:04 | 000,232,960 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010.06.02 03:54:24 | 002,530,816 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010.06.02 03:43:00 | 000,097,280 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtTest4.dll
MOD - [2010.06.02 03:29:22 | 000,934,912 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010.06.02 03:28:00 | 000,335,360 | ---- | M] () -- D:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.16 14:59:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.12 15:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012.09.07 22:21:32 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.01.31 02:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- D:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- D:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.02 10:41:27 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.07.31 20:50:49 | 000,029,184 | ---- | M] (Egistec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2012.05.11 06:20:10 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.16 15:32:38 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.16 15:32:38 | 006,096,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.16 14:10:08 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.07.16 13:54:52 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009.07.16 13:54:52 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 07:32:52 | 000,311,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAF15.sys -- (AVerAF15)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.07 16:57:00 | 000,069,152 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009.05.07 16:47:00 | 000,048,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2007.03.28 06:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 28 FC 1F 50 6F CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {aab35b56-0206-4472-9993-9cb5c09bb722}:1.5.5
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.22 10:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.08.22 10:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 20:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.06 12:19:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 20:27:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.31 20:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebi\AppData\Roaming\mozilla\Extensions
[2012.10.24 07:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebi\AppData\Roaming\mozilla\Firefox\Profiles\f3f3o73t.default\extensions
[2012.08.29 07:56:19 | 000,000,000 | ---D | M] (Snip It! Button for eBay) -- C:\Users\Siebi\AppData\Roaming\mozilla\Firefox\Profiles\f3f3o73t.default\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}
[2012.09.11 09:49:19 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Siebi\AppData\Roaming\mozilla\firefox\profiles\f3f3o73t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Drive = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Siebi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.12.04 15:31:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [AgentMonitor] D:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Siebi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.102 80.69.103.78 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD48AFDF-8940-43FB-B2D1-27730181C252}: DhcpNameServer = 80.69.100.102 80.69.103.78 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E93320C2-FACB-4948-8064-F15375C4C6DF}: DhcpNameServer = 80.69.100.182 80.69.100.174 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.07 22:22:59 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012.09.08 06:39:06 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 07:46:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.09 07:46:47 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.09 07:46:23 | 000,447,011 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Siebi\Desktop\JRT.exe
[2012.12.09 07:41:44 | 000,000,000 | ---D | C] -- C:\Users\Siebi\AppData\Local\cache
[2012.12.09 07:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTech
[2012.12.09 07:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\VTech
[2012.12.04 16:54:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.04 15:34:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.04 15:26:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.04 15:26:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.04 15:26:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.04 15:25:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.04 15:25:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.25 23:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.25 23:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.25 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\Siebi\AppData\Local\Google
[2012.11.14 08:50:36 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 08:50:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 08:46:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 08:46:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 08:46:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 08:46:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 08:46:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 08:46:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 08:46:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 08:46:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 08:46:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 08:46:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 08:46:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 08:46:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 08:46:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 08:46:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 08:46:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 08:44:57 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 08:44:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 08:44:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 08:44:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 08:36:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 08:36:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 08:36:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 08:36:15 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 08:36:15 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 08:36:15 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 08:36:15 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 08:36:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 08:36:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 08:36:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 08:36:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.09 07:54:50 | 000,000,580 | ---- | M] () -- C:\Users\Siebi\AppData\Local\cookies.ini
[2012.12.09 07:52:49 | 001,800,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.09 07:52:49 | 000,984,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.09 07:52:49 | 000,504,528 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.09 07:52:49 | 000,440,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.09 07:52:49 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.09 07:52:07 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 07:52:07 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 07:46:35 | 000,447,011 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Siebi\Desktop\JRT.exe
[2012.12.09 07:45:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.09 07:45:05 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.12.09 07:44:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.09 07:44:47 | 3143,258,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 07:41:32 | 000,540,743 | ---- | M] () -- C:\Users\Siebi\Desktop\adwcleaner.exe
[2012.12.09 07:37:40 | 000,000,862 | ---- | M] () -- C:\Users\Siebi\Desktop\VTech Download Manager.lnk
[2012.12.09 07:31:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.05 23:36:01 | 000,043,138 | ---- | M] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.ods
[2012.12.05 09:28:48 | 000,045,921 | ---- | M] () -- C:\Users\Siebi\Desktop\Wegzeitrechner - CT.ods
[2012.12.04 23:24:51 | 000,000,512 | ---- | M] () -- C:\Users\Siebi\Desktop\MBR.dat
[2012.12.04 23:20:54 | 000,000,188 | ---- | M] () -- C:\Users\Siebi\defogger_reenable
[2012.12.04 15:31:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.02 20:32:26 | 000,015,501 | ---- | M] () -- C:\Users\Siebi\Desktop\Liste.ods
[2012.12.01 16:49:28 | 000,027,270 | ---- | M] () -- C:\Users\Siebi\Desktop\Brückenbau.ods
[2012.12.01 11:01:23 | 000,001,013 | ---- | M] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.csv
[2012.11.30 22:55:06 | 000,527,417 | ---- | M] () -- C:\Users\Siebi\Desktop\Vorlage_Kuendigung_Autoversicherung.pdf
[2012.11.27 23:48:19 | 001,278,203 | ---- | M] () -- C:\Users\Siebi\Desktop\Siebol.de_sign LOGO.ai
[2012.11.27 21:37:52 | 001,461,714 | ---- | M] () -- C:\Users\Siebi\Desktop\SIEBOLD DESIGN.ai
[2012.11.25 23:26:56 | 000,002,273 | ---- | M] () -- C:\Users\Siebi\Desktop\Google Chrome.lnk
[2012.11.15 11:44:14 | 004,963,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.09 07:41:46 | 000,000,580 | ---- | C] () -- C:\Users\Siebi\AppData\Local\cookies.ini
[2012.12.09 07:41:27 | 000,540,743 | ---- | C] () -- C:\Users\Siebi\Desktop\adwcleaner.exe
[2012.12.09 07:37:40 | 000,000,862 | ---- | C] () -- C:\Users\Siebi\Desktop\VTech Download Manager.lnk
[2012.12.04 23:24:51 | 000,000,512 | ---- | C] () -- C:\Users\Siebi\Desktop\MBR.dat
[2012.12.04 23:20:54 | 000,000,188 | ---- | C] () -- C:\Users\Siebi\defogger_reenable
[2012.12.04 16:55:00 | 000,045,921 | ---- | C] () -- C:\Users\Siebi\Desktop\Wegzeitrechner - CT.ods
[2012.12.04 15:26:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.04 15:26:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.04 15:26:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.04 15:26:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.04 15:26:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.01 11:03:18 | 000,027,270 | ---- | C] () -- C:\Users\Siebi\Desktop\Brückenbau.ods
[2012.12.01 11:00:57 | 000,001,013 | ---- | C] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.csv
[2012.11.30 22:49:39 | 000,527,417 | ---- | C] () -- C:\Users\Siebi\Desktop\Vorlage_Kuendigung_Autoversicherung.pdf
[2012.11.27 21:55:48 | 001,278,203 | ---- | C] () -- C:\Users\Siebi\Desktop\Siebol.de_sign LOGO.ai
[2012.11.27 21:37:51 | 001,461,714 | ---- | C] () -- C:\Users\Siebi\Desktop\SIEBOLD DESIGN.ai
[2012.11.25 23:26:56 | 000,002,273 | ---- | C] () -- C:\Users\Siebi\Desktop\Google Chrome.lnk
[2012.11.25 23:26:16 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.25 23:26:16 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 10:31:05 | 000,043,138 | ---- | C] () -- C:\Users\Siebi\Desktop\Wegzeitrechner.ods
[2012.11.14 08:50:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 08:44:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.08.04 19:05:27 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012.08.02 23:34:47 | 001,594,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.31 20:53:27 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.07.31 20:53:27 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.07.31 20:53:27 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.07.31 20:53:27 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.07.31 20:36:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.31 16:49:04 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012.07.31 16:49:03 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012.07.31 16:49:03 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012.07.31 16:49:03 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012.07.31 16:49:01 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1354 bytes -> C:\Users\Siebi\AppData\Local\RzHNbJAiamaz:oxHURFMCPvRv7tisG5D5

< End of report >

--- --- ---

--- --- ---
Extras.txt:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.12.2012 07:55:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siebi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 64,43% Memory free
7,80 Gb Paging File | 6,27 Gb Available in Paging File | 80,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,31 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 15,52 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 338,20 Gb Free Space | 72,61% Space Free | Partition Type: NTFS
Drive G: | 31,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: FAT
Drive H: | 14,73 Gb Total Space | 14,73 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: SIEBI-LAPPI | User Name: Siebi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0685EFB5-257A-49F5-9153-744388BE2877}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14B384F7-6425-4D38-AF14-28D167B11EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{208F7ACC-2317-4E59-8B8B-D7B6097DE5B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{220B4EEF-28E9-4E7A-84C3-50BD679FD0D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E638299-9942-4E45-91AA-7CD580122A16}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{31A840EF-5CD1-4527-B255-BC13EFD43A3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{37E17BFD-34B9-443F-BC70-3B10EFF8F5A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{395791BA-C076-4367-8CE4-9C4323D2FB3F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{403519EA-BB80-4C85-BB9A-5D45FFCD19F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4B753991-4CF5-4AE6-A938-B2AB876074A6}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 | 
"{5B00F02C-2312-45CD-9B26-4ABC2328BD29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FB7D991-641D-4BED-A019-0FF23DF90A59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{62E7EA8C-6EDF-442B-97C0-3807105EB0C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{65AEB796-7618-4CC5-B6AC-45EEE1442935}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6722B57C-4194-4294-A3A8-036E19328E3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F186E97-BA14-4A75-8F2D-1D9A99134DEF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{715B29C0-889A-4491-A5F6-5662C822413A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7C8D196C-891C-4816-82CA-CE56A00039D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{818B9125-4F8E-43D7-B829-AE2C8F1E0D11}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{82F64DA0-B335-4C7E-B42C-9B3B234603AD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{99E88D67-5DE4-4DA5-8CD3-3D974B4FAC1E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A3483EBD-5282-49D6-91F2-1CA6024D9D51}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE20D6CA-D493-4A24-A7FD-6B9B4E4A8FA0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6F6E837-56A4-474C-938A-B1E22FAC5FF2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B7979ADD-93B0-49A0-B96C-3B46FE815A6A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BC3A91F9-058E-4745-96D4-73AC0EB221AF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BDADB5D9-8688-4B1E-9BEA-6DDADC8DD8DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C1DDB275-D9C9-4E97-8CF2-18BF5287AFC1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CEBB4C14-3068-4BAE-966E-6FD901A03738}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D9658A52-4BD6-4C47-8AB8-62E6334D1ED7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D980887A-541C-4EC0-8E5A-793EF2C59BD6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC64A259-8AAA-4FCF-BBDD-E8B6637797F9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E0D85A91-19C5-4E4C-A0ED-B5D8D58BB868}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E221AAA7-CE30-4BA8-8714-B91462BD9B44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E44CC5BF-7EBB-4E82-9C95-1F5EAE246FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC65DA39-4A24-4F4F-BBE0-0E854037D90E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F74280A9-D5F9-491E-820F-456760570802}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FBF2689A-F6F6-45F2-B384-90C2AE1E7356}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCC0ACEB-7184-4985-8232-8A7C9572F95F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FDB9777A-584C-4F45-BEB9-2818433C1309}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0159102D-FE60-4546-9EE3-A54373901BC7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0168E29C-BE08-48AC-B340-35829CC49203}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | 
"{057BCB63-FBB9-49FE-81F8-EBBA1C6F41CA}" = protocol=6 | dir=out | app=system | 
"{058DE6D3-006E-442A-B67B-375E249D4CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{12BD9C37-B09E-42DD-B686-C7DDD8E834A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E742217-4E2F-45CC-B9A8-CC22D7A0BBE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2381F224-DEC2-4193-B91B-A67DE14873D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4010C1C5-6120-47B6-B65B-824AA9D7B8DC}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | 
"{41552D19-769E-4D00-B313-95769BFE9686}" = protocol=6 | dir=in | app=d:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{455AD853-F441-4BEE-8955-1E7DC8C796D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DC64941-E69E-43B2-B9AD-A6F74CC97B6C}" = protocol=6 | dir=in | app=d:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{50271CFF-7663-47F7-A30C-9AC8FE413A56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{52878666-7383-463F-B133-31C9B71F6134}" = protocol=17 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"{52AFDBA4-9E1F-4814-99B2-B035AE1F93B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{561C71A6-9BD6-433A-B497-C9D68825F2EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{571D607A-2D88-4576-9D42-B42A91118BC6}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{6B7E79E0-0943-4C53-B9A1-2AFBD7FE37F7}" = protocol=17 | dir=in | app=d:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe | 
"{6CF68581-0792-4B4E-BB1E-152DC4A4CCDA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6FA38EEB-06A5-4469-BE9F-16FB7CB8C324}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{729748E1-984B-4DDE-81A8-C234D33550EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{740D1A93-6B89-4FE8-BD7E-C1ED93B016D6}" = protocol=17 | dir=in | app=d:\program files\software4u\idevice manager\software4u.idevicemanager.exe | 
"{7C01AFA2-5E8F-4AE6-898E-D2ACB32E1A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7D6EB6ED-7CCF-411D-B963-1093780B9C03}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8A6A5B46-4818-45B8-B3A6-EA5C0B3C6348}" = protocol=6 | dir=in | app=d:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"{8AC6BA82-D453-4F80-8515-8E2F0A3A3B8F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{8D990135-1754-4FC7-A4F2-8D7E32EF5162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F7252B1-547C-4142-8BDC-D56FD9B57CDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{95B1DFF6-F957-47AD-BD31-238F1E377584}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9C55FDBE-028F-4953-BF16-0C0BB4B6C864}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D435145-3AF7-4A2B-B688-00F47076AF53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A3906316-A67B-4637-A131-F00B476D8F13}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{A6FC4BE5-3689-4BC6-8D3A-813AB6617EC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7455575-D620-49FB-B152-162753705AF9}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{A8512FC4-B5A6-4C4B-8DF9-FF98C3781AAD}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{B2DEB9AA-C24F-4513-AC87-49FA054B614B}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | 
"{B56A82EA-15A8-430B-B9CE-F33E1F0FF465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEB92122-7D75-4158-AEA4-E0C6650C7885}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | 
"{CC34DA4D-C383-4455-AA6A-14FB6A9F58B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D01A44C3-117C-4F76-AAEC-38374995D0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{D269D2C5-65A5-47DB-9BA3-66BDBC1A4877}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2013\3dsmax.exe | 
"{D5FD933A-2C23-4CFC-8870-9B0AC071D550}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{D95C82E3-78D8-4E4E-A6FA-A5532BDAF568}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{DD2D7F70-1C70-4EC1-889F-A6F864FD2E71}" = protocol=6 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"{E647F24E-AC4B-4698-9491-34FFE54F4774}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2013\3dsmax.exe | 
"{E84A76ED-77E8-4A1D-957F-6757E0B6181D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E9F0F513-DA00-4975-B118-91A1F44DB43C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EA6CA3E7-4B8D-4C21-9577-173DD34E42B2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F54EA94F-CA7D-4338-AE98-6879DD797CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{F67C5862-00EE-434C-9067-E46B7D6099CB}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | 
"{F7C27FDE-4126-4DA2-853B-28C5CADAEC51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB0D987B-7881-4147-A828-8139A36606D9}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{FED9FD0A-A7C6-4FC4-A302-90E97FEC7BD4}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{FF158508-9A18-4B75-B134-D2C88D717D3A}" = protocol=17 | dir=in | app=d:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | 
"TCP Query User{14D61502-AABC-4FE5-929D-2B280E72075E}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1E771D33-1F46-4066-8808-2AB9699A2B16}D:\program files (x86)\iomega\discovery tool home\discovery home.exe" = protocol=6 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"TCP Query User{257CAC12-6E8F-46EE-906A-C4E436EC78F1}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"TCP Query User{458E9D0F-B5B3-4A4A-839B-B2C45EA1F3AF}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{4A11545D-14C3-4969-A451-79FF28EF0D1F}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"TCP Query User{5AD02549-854F-4B3E-908E-2AA3EE2971D3}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"TCP Query User{854BE249-2E46-46E7-B787-F085DF354549}D:\program files\autodesk\showcase 2013\bin\showcase.exe" = protocol=6 | dir=in | app=d:\program files\autodesk\showcase 2013\bin\showcase.exe | 
"TCP Query User{87291A74-0FA2-4679-BBE0-78C7750A20D2}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"TCP Query User{8FD1C42B-6759-475E-8A7C-0B657AA8C374}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9B6D5689-3B39-4E52-AA37-EE7CDD4B4B2A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{C857A31A-9ACC-48B6-A627-C319B3390009}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{D85C7314-3731-4FE6-A57F-05AB29E96539}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"TCP Query User{EBF60DCB-3292-416B-AD2E-DDAC694C36CA}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{15573B22-E08A-4595-9825-E9CA00C0F1DE}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"UDP Query User{2E9D9A5D-9F46-43BE-9F63-37D6BC131A7B}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{461F6DC3-1C57-49D7-BE3F-885492711630}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"UDP Query User{47B711E5-E634-41C3-9C7F-8232649F29F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4F3F9E0F-4431-4EA5-A3E5-E831FAAACDD6}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{4F4C98E8-CFA9-4A7A-819A-62339C23E260}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{8D612A24-E72C-41E3-A87F-B0E3E608425E}C:\users\siebi\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\siebi\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{9E9034DE-130E-49E7-B0EA-0E9FA04FACF4}D:\program files (x86)\iomega\discovery tool home\discovery home.exe" = protocol=17 | dir=in | app=d:\program files (x86)\iomega\discovery tool home\discovery home.exe | 
"UDP Query User{A0204934-4E19-4527-832B-2B6C100C5679}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"UDP Query User{ABACD47B-0ABD-478B-AC78-E32886F60F37}D:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=d:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | 
"UDP Query User{BA7363AB-4FAA-492D-A104-8DCDB7A4178B}D:\program files\autodesk\showcase 2013\bin\showcase.exe" = protocol=17 | dir=in | app=d:\program files\autodesk\showcase 2013\bin\showcase.exe | 
"UDP Query User{C1F198A6-5D7D-450D-A0B9-10E2126269A1}D:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{C28961EC-78DE-42DD-860C-DE7D72575615}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{517AA17F-407C-4D2D-8A0C-56F1F989F870}" = O2Micro Flash Memory Card Windows Driver
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{C1AE48E1-5918-1BAD-0782-49FD7E643DB3}" = ATI AVIVO64 Codecs
"{C6735B9F-CD23-7083-9DA0-BBC204C627D1}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{E9FAEC29-DCA3-F797-55D6-1EB0A5A166A1}" = ATI Catalyst Install Manager
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"DWG TrueView 2013" = DWG TrueView 2013
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F4DB7F-3C64-9AF5-4003-D0207A47C0C0}" = CCC Help Greek
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{051ACBD0-2D55-5189-5AA8-E8BCE8AF6754}" = CCC Help Chinese Traditional
"{05702AF5-BA53-8E12-EE03-6C42170DCB7C}" = CCC Help Japanese
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CE2AE80-2759-0986-DA8E-DEBC3EB96C70}" = Catalyst Control Center Localization All
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{132E5B4B-1E1D-EC92-54C2-9359EDB96197}" = CCC Help Italian
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{183B008B-7A90-37C7-66A6-598D0B1E1CF9}" = Catalyst Control Center Graphics Full New
"{1ADFC547-FFD2-EEF9-ADBE-86014A8580DC}" = CCC Help English
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA83AF5-C201-4E45-BBBD-79E8ABADE53E}" = Catalyst Control Center - Branding
"{2251188B-7A66-0F65-5AF2-664B128E2419}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{2B1E396B-036B-208A-B71A-48457D0204D3}" = CCC Help French
"{2F6CA58B-63B3-E3F0-1C5D-F2697E1AC76B}" = CCC Help German
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D53BD3-8565-3712-46DB-C3B6F9EBF65F}" = CCC Help Czech
"{39796CE0-67F7-1563-4752-CC8A4388309C}" = CCC Help Korean
"{3B16D652-425D-A278-6E5F-1C1A14527F55}" = CCC Help Danish
"{3D2EC303-579B-D414-567A-46073404D982}" = Catalyst Control Center Graphics Previews Vista
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{416228B6-4CCE-80F1-DBAC-E9231677119F}" = CCC Help Dutch
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48E8AD47-3A4F-CA5D-893F-B3A5BF898951}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5D380ADB-9F25-D91D-C530-9110566380B0}" = CCC Help Turkish
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67766DDD-8906-F54D-D43C-ED903F47226E}" = CCC Help Polish
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78485BA2-9A57-863D-A8BD-047411DA6B71}" = CCC Help Portuguese
"{785DBC50-4A56-AC28-962D-C410E903BFBC}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8600BBA8-00CA-6F8E-DAD7-656DA7E8CC29}" = Catalyst Control Center InstallProxy
"{8835415D-0502-65E3-823B-E38E04D5B386}" = CCC Help Norwegian
"{929AD7C2-B82B-83D0-A212-CD6EEB7F3FD2}" = ccc-core-static
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9649286F-2787-EAEC-8A7D-743849E1F343}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E543FE-F71A-F8C3-FA1F-5E8B20DD0457}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B758D954-BAD3-C1EA-2570-3C605F17CF9F}" = CCC Help Thai
"{BB95AEB1-D017-1861-CC1F-9DDC092F7DAB}" = CCC Help Finnish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CD7AFCE6-E0F8-D256-0A10-3627EE6445A0}" = CCC Help Chinese Standard
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2EC19B8-DF0D-4EBF-C505-B6E8C5AAFAE7}" = Catalyst Control Center Core Implementation
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA48F00-3912-DD08-0510-8C437D00C022}" = CCC Help Spanish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6E36639-10C8-4FAD-AF1F-E84D5B6653D1}" = FontLab Studio 5
"1489-3350-5074-6281" = JDownloader 0.9
"A309 DeviceStage" = A309 DeviceStage 1.0.0.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.64.61
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{517AA17F-407C-4D2D-8A0C-56F1F989F870}" = O2Micro Flash Memory Card Windows Driver
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"VLC media player" = VLC media player 2.0.3
"VTechDownloadManager" = VTech Download Manager
"Zahlenzauber 1_is1" = Zahlenzauber 1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live (2)" = DC Universe Online Live (2)
 
< End of report >

--- --- ---

M-K-D-B · 09.12.2012, 21:48

Servus,

hast du noch Probleme mit Popups? Wenn ja, in welchem Browser?

benkei80 · 11.12.2012, 12:38

Ja, in google chrome.

Auf der Seite Comunio.de klickte ich auf einen Popup Link, der aber in Ordnung sein sollte, da er zum spiel gehört.
Danach ging der Laptop wieder aus, bzw der Bildschirm wurde wieder erst schwarz, dann rot, blau, grün, gelb und das ganze in Dauerschleife.

Evtl. doch ein Hardwarefehler?

M-K-D-B · 11.12.2012, 20:33

Servus,

Öffne Google Chrome.
Gib in die Adresszeile chrome://extensions ein und drücke Enter
Liste mir bitte alle Erweiterungen auf (Name und Version), die du dort siehst.

benkei80 · 12.12.2012, 21:00

Hallo,

ich habe keine Erweiterungen bei google Chrome.

Ich hatte auch vermutet, das ich bei FF inkompatible Addons installiert hatte, deswegen bin ich auf Chrome umgestiegen.

Meinst du es könnte dennoch an FF liegen?
Vlt FF deinstallieren?

M-K-D-B · 13.12.2012, 17:54

Servus,

du erwähntest, dass du nur noch in Google Chrome Probleme mit Popups hast. Daher schlage ich vor, du erstellst dort ein neues Benutzerprofil:
Erstellen eines neuen Browser-Nutzerprofils

Bekommst du im neuen Profil immer noch Popups?

M-K-D-B · 16.12.2012, 12:27

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

09.12.2012, 21:48	#9
M-K-D-B /// TB-Ausbilder	Sythemcrash nach Popups Servus, hast du noch Probleme mit Popups? Wenn ja, in welchem Browser?

11.12.2012, 20:33	#11
M-K-D-B /// TB-Ausbilder	Sythemcrash nach Popups Servus, Öffne Google Chrome. Gib in die Adresszeile chrome://extensions ein und drücke Enter Liste mir bitte alle Erweiterungen auf (Name und Version), die du dort siehst.

13.12.2012, 17:54	#13
M-K-D-B /// TB-Ausbilder	Sythemcrash nach Popups Servus, du erwähntest, dass du nur noch in Google Chrome Probleme mit Popups hast. Daher schlage ich vor, du erstellst dort ein neues Benutzerprofil: Erstellen eines neuen Browser-Nutzerprofils Bekommst du im neuen Profil immer noch Popups?

16.12.2012, 12:27	#14
M-K-D-B /// TB-Ausbilder	Sythemcrash nach Popups Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Sythemcrash nach Popups

Plagegeister aller Art und deren Bekämpfung: Sythemcrash nach Popups