Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Funde von Malwarebytes (5 REgistry Keys, 2 Files)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.12.2012, 23:53   #1
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Hallo!

Erster Post seid gnädig
Ich habe mir Malwarebytes geholt und einen Systemcheck gemacht. Es fand 5 Infizierungen, davon waren 2 Files und 5 Registry keys. Dies sind die wichtigen Teile des Logs:

Zitat:
Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Users\"Mein Name"\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt.
Was mache ich jetzt? Alle löschen?

Wichtig: Seltsamerweise existiert der Ordner "Temp1_1957-coladosenhalter[1].zip" nicht als ich in dem Temp Ordner suchte. Trotzdem wurde dort ein Virus gefunden.

Vielleicht wichtig: Ich habe die Datei in dem system32 Ordner (nvs2.inf) von Kaspersky Pure auf Viren untersuchen lassen. Kaspersky erkannte KEINE Bedrohung.

Ich besitzt Hijack This, weiß aber nicht genau was ich damit machen soll.
Das Komplette Log ist im Anhang.

Ich hab gesehen, dass logs normalerweise in Spoilern stehen. Wie erstellt man die?

MFG Rupertbayern

Alt 10.12.2012, 15:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Hallo und

Warum postest du das Log unvollstämdig, das macht doch keinen Sinn!
Poste die Logs immer vollständig!

Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 11.12.2012, 17:24   #3
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Ok danke hier sind die Logs:
Zuerst Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.08.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Name :: Name [Administrator]

Schutz: Deaktiviert

08.12.2012 19:57:28
mbam-log-2012-12-08 (23-11-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263865
Laufzeit: 54 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Name 2\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt.

(Ende)
         
Jetzt das Hijack-Log

HiJackthis Logfile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:45:39, on 09.12.2012
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\ModLEDKey.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\avmwlanstick\FRITZWLanMini.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Name\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MOUSE Editor\MouseEditor.exe
C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Targa VFD Display\Targa VFD Display.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
J:\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Defraggler\Defraggler.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
J:\Chrome Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MoLed] ModLEDKey.exe
O4 - HKLM\..\Run: [AuditVista]  
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "J:\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\MOUSE Editor\MouseEditor.exe" Minimum
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Xfire.lnk = C:\Users\Mein Name\Documents\Xfire\Xfire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mein Name\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mein Name\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL, C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Freemium Self Update Service (FreemiumSelfUpdateService) - Unknown owner - C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9aaf7304af78b) (gupdate1c9aaf7304af78b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - J:\HiPatchService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - J:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Self Update Service (SelfUpdateService) - Unknown owner - C:\Program Files\Freetec\SystemStore\SelfUpdate.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: System Store (SystemStore) - Unknown owner - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
O23 - Service: System Store Service (SystemStoreService) - Unknown owner - C:\Program Files\Freetec\SystemStore\SystemStore.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe

--
End of file - 14954 bytes
         
--- --- ---


Programm OTL
Das erste mit dem Namen OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.12.2012 01:29:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\"Mein Name"\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,65% Memory free
7,22 Gb Paging File | 5,27 Gb Available in Paging File | 72,96% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 8,80 Gb Free Space | 1,93% Space Free | Partition Type: NTFS
Drive D: | 5,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 732,42 Gb Total Space | 183,59 Gb Free Space | 25,07% Space Free | Partition Type: NTFS
Drive R: | 199,09 Gb Total Space | 38,56 Gb Free Space | 19,37% Space Free | Partition Type: NTFS
 
Computer Name: Name | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.09 01:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\"Mein Name"\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe
PRC - [2012.09.21 12:45:08 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.08.15 11:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- J:\HiPatchService.exe
PRC - [2012.04.24 13:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
PRC - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files\MOUSE Editor\MouseEditor.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.10.01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010.08.27 02:07:06 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.12.21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2008.12.18 14:32:52 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- J:\ATI\ATI.ACE\Core-Static\MOM.exe
PRC - [2008.12.18 13:19:44 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- J:\ATI\ATI.ACE\Core-Static\CCC.exe
PRC - [2008.06.03 11:35:22 | 000,078,696 | ---- | M] () -- C:\Program Files\MySecurityCenter\Programs\Service.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.04.22 08:34:58 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.09 16:15:06 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.08 20:57:03 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012.12.08 20:57:03 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012.12.08 20:57:02 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:02 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:02 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:02 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:02 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:02 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:02 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:02 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012.12.08 20:57:02 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012.12.08 20:57:01 | 001,036,288 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:01 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:01 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:01 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:01 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:01 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012.12.08 20:57:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:01 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:01 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:00 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:00 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:00 | 000,675,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:00 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:00 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:00 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012.12.08 20:57:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012.12.08 20:57:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012.12.08 20:57:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012.12.08 20:56:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012.12.08 20:56:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012.12.08 20:56:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012.12.08 20:56:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012.12.08 20:56:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012.12.08 20:56:58 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012.12.08 20:56:58 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012.12.08 20:56:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012.12.08 20:56:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012.12.08 20:56:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012.12.08 20:56:57 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012.12.08 20:56:57 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012.12.08 20:56:57 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012.12.08 20:56:57 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012.12.08 20:56:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012.12.08 20:56:57 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012.12.08 20:56:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012.12.08 20:56:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012.12.08 20:56:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012.12.08 20:56:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012.12.08 20:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012.12.08 20:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012.12.08 20:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012.12.08 20:56:57 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012.12.08 20:56:57 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012.12.08 20:56:57 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012.12.08 20:56:56 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012.12.08 20:56:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012.12.08 20:56:55 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012.12.08 20:56:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2012.12.08 20:56:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2012.12.08 20:56:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.12.08 20:56:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012.12.08 20:56:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files\MOUSE Editor\MouseEditor.exe
MOD - [2012.02.07 04:20:13 | 002,413,568 | ---- | M] () -- C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2011.11.12 11:56:53 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
MOD - [2011.11.12 11:56:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2011.11.12 11:56:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2011.11.12 11:56:11 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll
MOD - [2011.11.12 08:49:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2011.11.12 08:49:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2011.11.12 08:49:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2011.08.10 06:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_Wheel4D.dll
MOD - [2011.04.12 08:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2011.03.21 12:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2011.01.09 13:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_MouseDeviceManager.dll
MOD - [2010.12.12 23:06:09 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2010.12.12 22:54:29 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2010.12.02 10:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
MOD - [2010.11.01 13:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010.10.01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010.10.01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010.10.01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2010.09.20 07:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_ZoomControl.dll
MOD - [2010.09.20 07:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_ScrollbarControl.dll
MOD - [2010.08.26 22:58:50 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- J:\ATI\ATI.ACE\Branding\Branding.dll
MOD - [2009.10.30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- J:\Filezilla\FileZilla FTP Client\fzshellext.dll
MOD - [2007.01.26 10:58:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006.11.02 16:27:19 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2012.11.25 14:14:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.11.14 07:42:56 | 005,663,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService)
SRV - [2012.11.14 07:42:27 | 009,016,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- J:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService)
SRV - [2012.08.15 11:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- J:\HiPatchService.exe -- (HiPatchService)
SRV - [2012.04.24 13:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.10.01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.12.21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009.07.20 18:36:00 | 003,321,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.01.05 17:01:52 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Stopped] -- C:\Windows\System32\UAService7.exe -- (UserAccess7)
SRV - [2008.06.03 11:35:22 | 000,078,696 | ---- | M] () [Auto | Running] -- C:\Program Files\MySecurityCenter\Programs\Service.exe -- (MySecurityCenter License Service)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.04.22 08:34:57 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.30 23:46:04 | 000,299,093 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.01.30 23:46:04 | 000,127,059 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NIKOLA~1\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.08 19:55:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.30 18:11:35 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.12.04 22:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.08.15 14:51:40 | 000,054,144 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.03.25 19:06:30 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.03.25 19:06:28 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010.03.25 19:06:26 | 000,110,608 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010.03.25 19:06:26 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010.03.25 17:53:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.14 11:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009.12.14 11:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009.10.26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (KLBG)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.08.09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.02.21 13:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER)
DRV - [2007.02.07 15:57:42 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2007.01.26 10:58:50 | 002,305,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007.01.26 10:58:50 | 002,305,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.01.23 14:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2007.01.23 14:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2007.01.23 14:25:14 | 000,011,904 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2006.11.01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2006.10.30 04:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2006.04.06 00:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.02.07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=pb_kl1x2hY22OwYv0JBoD9wWflI?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 17:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.15 23:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.25 23:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012.04.30 18:15:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\"Mein Name"\Program Files\DNA [2009.08.28 14:43:16 | 000,000,000 | ---D | M]
 
[2008.06.21 21:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Extensions
[2012.07.23 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions
[2010.02.02 18:25:45 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.04.30 13:36:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.09.30 20:11:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.09.25 11:46:06 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.30 13:35:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.05.28 18:42:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.10 20:29:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.15 19:18:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.15 19:18:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.30 13:40:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.07 17:12:01 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2010.07.01 20:55:24 | 000,000,000 | ---D | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\fbdislike@doweb.fr
[2010.01.05 15:50:33 | 000,000,000 | ---D | M] (Ubiquity) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\ubiquity@labs.mozilla.com
[2010.04.30 19:50:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\YoutubeDownloader@PeterOlayev.com
[2012.07.23 16:39:10 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-1.xml
[2009.08.16 18:58:14 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-2.xml
[2009.08.16 20:18:24 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-3.xml
[2009.09.14 07:09:13 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-4.xml
[2011.05.28 18:42:47 | 000,000,168 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin.gif
[2011.05.28 18:42:47 | 000,000,618 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin.xml
[2012.04.30 18:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.06.16 17:50:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.21 15:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.30 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 19:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 22:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.22 19:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.03.12 16:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.30 18:18:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.03.05 17:42:38 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.05.21 21:03:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.05.21 21:03:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.05.21 21:03:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.05.21 21:03:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.05.21 21:03:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.icq.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://start.icq.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: LoL Stream Browser = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp\1.1.6.4_0\
CHR - Extension: AdBlock = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.49_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Google Mail = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.09.19 20:38:29 | 000,000,733 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: localhost
O1 - Hosts: 127.0.0.1
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AuditVista]   File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [MoLed] ModLEDKey.exe File not found
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [StartCCC] J:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe ()
O4 - Startup: C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Users\"Mein Name"\Documents\Xfire\Xfire.exe (Xfire Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab (IPSUploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58A9C5FC-1915-4D77-B2E2-566E50F1BDA9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04583408-b94c-11e1-995b-001a926c2bd3}\Shell\AutoRun\command - "" = P:\Menu.exe
O33 - MountPoints2\{0cf12b6b-f143-11de-bce0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cf12b6b-f143-11de-bce0-806e6f6e6963}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{47243f02-2e25-11e2-b2e5-001a926c2bd3}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{5ad2bbfd-a733-11e0-bd60-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ad2bbfd-a733-11e0-bd60-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{65546bb1-3985-11df-a8a6-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{65546bb1-3985-11df-a8a6-00038a000015}\Shell\AutoRun\command - "" = F:\Launcher.exe
O33 - MountPoints2\{f1d9adf8-f147-11de-802b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f1d9adf8-f147-11de-802b-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell\AutoRun\command - "" = Setup.exe
O33 - MountPoints2\H\Shell\Install\command - "" = Setup.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 01:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\"Mein Name"\Desktop\OTL.exe
[2012.12.08 20:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.12.08 20:53:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.08 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.12.08 19:55:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.30 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Malwarebytes
[2012.11.30 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.30 23:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.30 23:27:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.30 23:06:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.11.30 18:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.27 21:24:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.11.23 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\info 2012
[2012.11.19 09:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software
[2012.11.19 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\MOUSE Editor
[2012.11.17 20:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.11.17 20:33:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\OpenCandy
[2012.11.12 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\Senstic
[2012.11.12 19:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic
[2012.11.12 19:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Senstic
[2011.01.28 22:54:25 | 000,367,081 | ---- | C] (UTDM & NoBS                                                 ) -- C:\Users\"Mein Name"\Punkbuster.Got.Busted.v1.5-NoBS-UTDM.exe
[2010.08.26 20:54:36 | 096,962,344 | ---- | C] (Apple Inc.) -- C:\Users\"Mein Name"\iTunesSetup try.exe
[2010.08.26 19:02:09 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx40_Full_setup.exe
[2010.08.26 18:57:38 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx35setup.exe
[2009.12.06 21:42:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.sys
[5 C:\Users\"Mein Name"\Documents\*.tmp files -> C:\Users\"Mein Name"\Documents\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.09 01:35:11 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job
[2012.12.09 01:35:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job
[2012.12.09 01:35:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job
[2012.12.09 01:32:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job
[2012.12.09 01:26:18 | 000,007,808 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat
[2012.12.09 01:25:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job
[2012.12.09 01:20:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 01:20:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 01:19:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.09 01:13:38 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 01:03:09 | 000,000,020 | ---- | M] () -- C:\Users\"Mein Name"\defogger_reenable
[2012.12.09 01:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\"Mein Name"\Desktop\OTL.exe
[2012.12.09 00:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.09 00:28:13 | 000,211,968 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.08 20:09:07 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.12.08 19:55:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.12.08 19:19:09 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.08 18:09:19 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.12.07 10:30:02 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.12.02 14:53:19 | 000,219,266 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG
[2012.12.02 14:09:06 | 000,191,691 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG
[2012.12.02 14:08:52 | 000,190,784 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG
[2012.12.02 11:32:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job
[2012.12.02 10:17:50 | 000,102,169 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG
[2012.12.02 10:17:28 | 000,194,171 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG
[2012.11.30 23:36:34 | 000,000,576 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 20:42:49 | 000,002,087 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Google Chrome.lnk
[2012.11.30 18:45:33 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.30 15:32:09 | 000,187,830 | ---- | M] () -- C:\Users\"Mein Name"y\Desktop\lol bug.JPG
[2012.11.27 21:25:00 | 000,000,506 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk
[2012.11.23 16:26:41 | 000,139,832 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.23 16:26:15 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.11.19 09:51:47 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Editor.lnk
[2012.11.18 12:10:18 | 000,000,724 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk
[2012.11.17 22:51:05 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.11.17 20:34:29 | 000,000,992 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\DVDVideoSoft Free Studio.lnk
[2012.11.17 20:34:28 | 000,000,696 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Free YouTube Download.lnk
[2012.11.17 20:16:38 | 000,712,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.17 20:16:38 | 000,142,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.17 20:16:37 | 000,764,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.17 20:16:37 | 000,166,684 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.13 21:36:14 | 000,002,591 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Microsoft Office Word 2007.lnk
[2012.11.13 07:33:07 | 000,107,285 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\zauber.jpg
[2012.11.12 18:01:26 | 000,150,962 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\zauberflööte.JPG
[5 C:\Users\"Mein Name"\Documents\*.tmp files -> C:\Users\"Mein Name"\Documents\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.09 01:02:47 | 000,000,020 | ---- | C] () -- C:\Users\"Mein Name"\defogger_reenable
[2012.12.08 20:09:07 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.12.08 19:19:09 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.06 12:21:41 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.02 14:53:16 | 000,219,266 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG
[2012.12.02 14:09:03 | 000,191,691 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG
[2012.12.02 14:08:44 | 000,190,784 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG
[2012.12.02 10:17:47 | 000,102,169 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG
[2012.12.02 10:17:25 | 000,194,171 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG
[2012.11.30 23:27:53 | 000,000,576 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 18:45:33 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.30 15:31:59 | 000,187,830 | ---- | C] () -- C:\Users\"Mein Name"y\Desktop\lol bug.JPG
[2012.11.27 21:25:00 | 000,000,506 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk
[2012.11.19 09:51:47 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Editor.lnk
[2012.11.18 12:10:22 | 000,000,724 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk
[2012.11.17 20:34:28 | 000,000,696 | ---- | C] () -- C:\Users\"Mein Name"y\Desktop\Free YouTube Download.lnk
[2012.11.16 20:19:09 | 000,001,658 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012.11.13 07:33:07 | 000,107,285 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\zauber.jpg
[2012.11.12 18:01:23 | 000,150,962 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\zauberflööte.JPG
[2012.10.24 05:27:50 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.06.05 00:27:31 | 000,000,053 | ---- | C] () -- C:\Users\"Mein Name"\jagex_cl_runescape_LIVE.dat
[2012.06.05 00:27:31 | 000,000,001 | ---- | C] () -- C:\Users\"Mein Name"\random.dat
[2012.04.30 18:18:23 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.04.30 18:18:23 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.01.15 19:25:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.11 18:01:33 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.01.02 23:34:23 | 000,000,600 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\winscp.rnd
[2011.12.26 17:53:00 | 000,000,000 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\{194E177D-9D30-4CF7-B8D9-C1E24D923C40}
[2011.07.05 19:28:11 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.06.19 09:07:37 | 000,000,102 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\fusioncache.dat
[2011.05.31 13:28:58 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011.04.27 10:36:05 | 117,342,208 | ---- | C] () -- C:\Users\"Mein Name"\kavkis.msi
[2011.02.08 20:06:45 | 000,006,274 | ---- | C] () -- C:\Users\"Mein Name"\.recently-used.xbel
[2011.02.05 15:17:39 | 000,281,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.23 17:52:05 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2010.10.23 19:49:20 | 000,000,458 | ---- | C] () -- C:\Users\"Mein Name"\NWT.lnk
[2010.04.04 17:04:03 | 000,021,504 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\WebpageIcons.db
[2009.12.26 15:11:24 | 000,138,904 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\PnkBstrK.sys
[2009.12.06 21:47:45 | 000,001,041 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\vso_ts_preview.xml
[2009.12.06 21:42:04 | 000,087,608 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\inst.exe
[2009.12.06 21:42:04 | 000,007,887 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.cat
[2009.12.06 21:42:04 | 000,001,144 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.inf
[2009.01.21 16:13:35 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat
[2009.01.21 16:13:13 | 000,002,413 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos_navps.dat
[2009.01.21 16:13:12 | 000,021,971 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos_nav.dat
[2009.01.21 16:13:12 | 000,003,326 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos.dat
[2008.07.13 14:03:28 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\ismxydep.bat
[2007.08.30 21:08:32 | 000,211,968 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.30 15:55:13 | 000,000,552 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d8caps.dat
[2007.04.21 09:51:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.16 11:38:11 | 000,007,808 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat
[2007.04.14 19:37:42 | 000,005,526 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\wklnhst.dat
[2007.04.14 18:46:40 | 000,001,346 | RHS- | C] () -- C:\Users\"Mein Name"\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.09.17 19:01:38 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.08.27 01:18:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.04.26 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Canneverbe Limited
[2010.05.30 13:10:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Chilirec
[2012.12.08 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DAEMON Tools Lite
[2010.12.07 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Dev-Cpp
[2011.12.18 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DiskAid
[2010.04.06 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Disney Interactive Studios
[2009.08.28 14:35:28 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DNA
[2012.01.07 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DocumentsToGoDesktop
[2011.12.16 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Dropbox
[2012.01.14 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDFab
[2012.11.17 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoft
[2012.11.17 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.16 22:51:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FileZilla
[2010.01.05 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FreeFLVConverter
[2012.05.15 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Freemium
[2009.11.03 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FreeVideoConverter
[2010.01.05 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\fretsonfire
[2010.12.26 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\GARMIN
[2011.02.08 20:06:45 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\gtk-2.0
[2010.01.08 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\IcoFX
[2011.06.02 16:45:34 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\ICQ
[2008.11.14 19:28:41 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\InterTrust
[2010.12.12 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\iTSfv
[2011.08.05 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Jens Lorek
[2010.05.16 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Leadertech
[2010.05.10 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Leawo
[2011.10.18 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\LolClient
[2012.05.24 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\LolClient2
[2011.12.24 15:26:54 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\MAGIX
[2010.05.10 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\MPEG Streamclip
[2011.04.04 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Notepad++
[2009.10.07 16:20:06 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\OCS
[2012.11.17 20:33:59 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\OpenCandy
[2009.12.01 12:52:49 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Opera
[2012.08.09 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Origin
[2012.09.19 20:25:14 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\redsn0w
[2009.01.29 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Serif
[2010.10.01 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\SharePod
[2010.04.04 17:16:41 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Similarity
[2011.12.16 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\smc
[2010.01.15 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Soldat
[2009.12.20 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\streamripper
[2011.09.18 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\TCXConverter
[2009.04.26 15:57:12 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Template
[2009.09.10 07:28:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\TubeBox
[2011.05.10 15:55:04 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Uploader.6A755FBD4A9495E76557F9D696C5965FE7FBEA15.1
[2012.12.08 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Vso
[2012.06.16 18:22:30 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\wargaming.net
[2010.01.05 13:40:57 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Wormux
[2012.05.17 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---


Das zweite Log mit dem Namen Extras hat nicht reingepasst (>120000 Zeichen)
Es ist aber mit den anderen Logs (Malware, Hijack, 2 OTL) im Anhang gezippt.


Ich hoffe das hilft
MFG rupertbayern
__________________

Alt 11.12.2012, 21:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Sind das alle Logs von Malwarebytes?
Was ist mit Logs von anderen Scannern, gab es da Funde?

Code:
ATTFilter
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
         
Warum fehlen hier sämtliche Updates?!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.12.2012, 11:06   #5
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Tatsächlich habe ich Windows Vista ohne SP1 oder SP2. Ich habe bereits versucht SP1 zu installieren, was ja notwendig ist um SP2 zu installieren, jedoch bekomme ich immer einen Error. Das, von Microsoft bereitgetellte Tool um diesen Error zu beseitigen spuckt ebenfalls einen Error aus. Dannach gab ich auf.
Den Internet Explorer benutze ich nicht, deswegen habe ich diesen auch nie manuell geupgedated.

Ich habe noch zwei weitere Malwarebytes Logs.
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.30.10

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Mein Name :: Mein Name [Administrator]

Schutz: Aktiviert

30.11.2012 23:39:38
mbam-log-2012-12-01 (01-06-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267949
Laufzeit: 1 Stunde(n), 4 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Anderer Name\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Users\Anderer Name\AppData\Local\Temp\TEMP1_~1.ZIP\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Users\Mein Name\Downloads\CheatEngine54.exe (Riskware.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\Mein Name\Downloads\SoftonicDownloader_for_ea-download-manager.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Windows\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Keine Aktion durchgeführt.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt.

(Ende)
         
Und
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.08.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Mein Name :: Mein Name [Administrator]

Schutz: Deaktiviert

08.12.2012 19:57:28
mbam-log-2012-12-08 (23-11-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263865
Laufzeit: 54 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Anderer Name\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt.

(Ende)
         
Das Log Programm gmner hat bei mir über 2 Stunden gebraucht und ich musste abbrechen da ich den PC ausgemacht habe weil ich schlafen wollte.


Alt 13.12.2012, 14:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Code:
ATTFilter
C:\Users\Anderer Name\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Users\Anderer Name\AppData\Local\Temp\TEMP1_~1.ZIP\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Users\Mein Name\Downloads\CheatEngine54.exe (Riskware.Tool.CK) -> Keine Aktion durchgeführt.
         
Wenn man die Finger von solchen nutzlosen gefährlichen Spielereien nicht lassen kann, wundern Probleme wie zB dass das SP1 nicht installiert werden kann auch nicht mehr.....


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Funde von Malwarebytes (5 REgistry Keys, 2 Files)

Alt 14.12.2012, 12:59   #7
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



aswMBR Log:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-14 07:33:56
-----------------------------
07:33:56.005    OS Version: Windows 6.0.6000 
07:33:56.006    Number of processors: 2 586 0x6B01
07:33:56.017    ComputerName: "Mein Name"  UserName: 
07:34:06.496    Initialize success
07:34:36.277    AVAST engine defs: 12121301
07:34:44.154    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
07:34:44.158    Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 6
07:34:44.161    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000071
07:34:44.165    Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 6
07:34:44.283    Disk 0 MBR read successfully
07:34:44.288    Disk 0 MBR scan
07:34:44.295    Disk 0 unknown MBR code
07:34:44.308    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       466936 MB offset 63
07:34:44.365    Disk 0 Partition 2 00     27 Hidden NTFS WinRE MSDOS5.0    10001 MB offset 956285190
07:34:44.380    Disk 0 scanning sectors +976768065
07:34:44.485    Disk 0 scanning C:\Windows\system32\drivers
07:35:39.605    Service scanning
07:38:16.630    Modules scanning
07:38:56.288    Disk 0 trace - called modules:
07:38:56.376    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
07:38:56.381    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x99430538]
07:38:56.387    3 ntkrnlpa.exe[958b07e2] -> nt!IofCallDriver -> [0x9818cb88]
07:38:56.393    5 acpi.sys[8063232a] -> nt!IofCallDriver -> \Device\00000070[0x98b3ec50]
07:39:08.554    AVAST engine scan C:\Windows
07:40:28.070    AVAST engine scan C:\Windows\system32
07:50:12.986    AVAST engine scan C:\Windows\system32\drivers
07:51:19.981    AVAST engine scan C:\Users\"Mein Name"
10:46:47.921    AVAST engine scan C:\ProgramData
11:10:48.570    Scan finished successfully
13:14:49.342    Disk 0 MBR has been saved successfully to "C:\Users\"Mein Name"\Desktop\MBR.dat"
13:14:49.353    The log file has been saved successfully to "C:\Users\"Mein Name"\Desktop\aswMBR.txt"
         
TDSSKiller Log
Code:
ATTFilter
13:23:49.0941 2796  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:23:50.0167 2796  ============================================================
13:23:50.0168 2796  Current date / time: 2012/12/14 13:23:50.0167
13:23:50.0168 2796  SystemInfo:
13:23:50.0168 2796  
13:23:50.0168 2796  OS Version: 6.0.6000 ServicePack: 0.0
13:23:50.0168 2796  Product type: Workstation
13:23:50.0168 2796  ComputerName: "Mein Name"
13:23:50.0168 2796  UserName: "Mein Name"
13:23:50.0168 2796  Windows directory: C:\Windows
13:23:50.0168 2796  System windows directory: C:\Windows
13:23:50.0168 2796  Processor architecture: Intel x86
13:23:50.0168 2796  Number of processors: 2
13:23:50.0168 2796  Page size: 0x1000
13:23:50.0168 2796  Boot type: Normal boot
13:23:50.0168 2796  ============================================================
13:23:51.0196 2796  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:23:51.0211 2796  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:23:51.0319 2796  ============================================================
13:23:51.0319 2796  \Device\Harddisk0\DR0:
13:23:51.0325 2796  MBR partitions:
13:23:51.0325 2796  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38FFC0C7
13:23:51.0325 2796  \Device\Harddisk1\DR1:
13:23:51.0325 2796  MBR partitions:
13:23:51.0325 2796  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5B8D8000
13:23:51.0325 2796  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5B8D8800, BlocksNum 0x18E2D800
13:23:51.0325 2796  ============================================================
13:23:51.0499 2796  C: <-> \Device\Harddisk0\DR0\Partition1
13:23:51.0586 2796  J: <-> \Device\Harddisk1\DR1\Partition1
13:23:51.0713 2796  R: <-> \Device\Harddisk1\DR1\Partition2
13:23:51.0714 2796  ============================================================
13:23:51.0714 2796  Initialize success
13:23:51.0714 2796  ============================================================
13:24:31.0103 5240  ============================================================
13:24:31.0103 5240  Scan started
13:24:31.0103 5240  Mode: Manual; SigCheck; TDLFS; 
13:24:31.0103 5240  ============================================================
13:24:31.0893 5240  ================ Scan system memory ========================
13:24:31.0893 5240  System memory - ok
13:24:31.0893 5240  ================ Scan services =============================
13:24:35.0199 5240  [ 192BDBD1540645C4A2AA69F24CCE197F ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:24:35.0637 5240  ACPI - ok
13:24:35.0693 5240  [ 81A61C3FE6F0F8C084C9A80B584CCE21 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:24:35.0750 5240  ADIHdAudAddService - ok
13:24:35.0913 5240  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:24:35.0970 5240  adp94xx - ok
13:24:35.0999 5240  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:24:36.0016 5240  adpahci - ok
13:24:36.0049 5240  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:24:36.0061 5240  adpu160m - ok
13:24:36.0113 5240  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:24:36.0142 5240  adpu320 - ok
13:24:36.0214 5240  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:24:36.0278 5240  AeLookupSvc - ok
13:24:36.0371 5240  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD             C:\Windows\system32\drivers\afd.sys
13:24:36.0434 5240  AFD - ok
13:24:36.0514 5240  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:24:36.0565 5240  agp440 - ok
13:24:36.0600 5240  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:24:36.0613 5240  aic78xx - ok
13:24:36.0633 5240  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG             C:\Windows\System32\alg.exe
13:24:36.0711 5240  ALG - ok
13:24:36.0733 5240  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:24:36.0762 5240  aliide - ok
13:24:36.0794 5240  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:24:36.0819 5240  amdagp - ok
13:24:36.0839 5240  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
13:24:36.0851 5240  amdide - ok
13:24:36.0889 5240  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:24:36.0980 5240  AmdK7 - ok
13:24:37.0015 5240  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:24:37.0098 5240  AmdK8 - ok
13:24:37.0149 5240  [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD          C:\Windows\system32\DRIVERS\AmdLLD.sys
13:24:37.0175 5240  AmdLLD - ok
13:24:37.0235 5240  [ 486CF73F183E7ADC5575FCD47F9FB1AF ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
13:24:37.0289 5240  AnyDVD - ok
13:24:37.0802 5240  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:24:37.0838 5240  AOL ACS - ok
13:24:37.0875 5240  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo         C:\Windows\System32\appinfo.dll
13:24:38.0004 5240  Appinfo - ok
13:24:38.0380 5240  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:24:38.0402 5240  Apple Mobile Device - ok
13:24:38.0479 5240  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
13:24:38.0511 5240  arc - ok
13:24:38.0537 5240  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:24:38.0562 5240  arcsas - ok
13:24:38.0936 5240  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:24:38.0967 5240  aspnet_state - ok
13:24:38.0999 5240  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:39.0089 5240  AsyncMac - ok
13:24:39.0128 5240  [ B35CFCEF838382AB6490B321C87EDF17 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:24:39.0143 5240  atapi - ok
13:24:39.0177 5240  [ 2A5E4F4C40E1394F213DB1027507D5FE ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:24:39.0291 5240  Ati External Event Utility - ok
13:24:39.0423 5240  [ DFCEC4A3A3D49BB15932460F3D4F6C55 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:24:39.0699 5240  atikmdag - ok
13:24:39.0759 5240  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:24:39.0922 5240  AudioEndpointBuilder - ok
13:24:39.0947 5240  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:24:40.0001 5240  Audiosrv - ok
13:24:40.0182 5240  [ A2B790F9A751F24F17967F9A5574186D ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
13:24:40.0260 5240  AVP - ok
13:24:40.0319 5240  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:24:40.0406 5240  Beep - ok
13:24:40.0581 5240  [ 98EBDFFB824A7C265337D68DD480E45C ] BFE             C:\Windows\System32\bfe.dll
13:24:40.0661 5240  BFE - ok
13:24:40.0926 5240  [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS            C:\Windows\System32\qmgr.dll
13:24:41.0044 5240  BITS - ok
13:24:41.0050 5240  blbdrive - ok
13:24:41.0132 5240  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:24:41.0163 5240  Bonjour Service - ok
13:24:41.0215 5240  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:24:41.0299 5240  bowser - ok
13:24:41.0322 5240  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:24:41.0378 5240  BrFiltLo - ok
13:24:41.0439 5240  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:24:41.0527 5240  BrFiltUp - ok
13:24:41.0592 5240  [ BEB6470532B7461D7BB426E3FACB424F ] Browser         C:\Windows\System32\browser.dll
13:24:41.0702 5240  Browser - ok
13:24:41.0759 5240  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:24:41.0910 5240  Brserid - ok
13:24:41.0976 5240  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:24:42.0108 5240  BrSerWdm - ok
13:24:42.0135 5240  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:24:42.0210 5240  BrUsbMdm - ok
13:24:42.0260 5240  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:24:42.0354 5240  BrUsbSer - ok
13:24:42.0386 5240  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:24:42.0517 5240  BTHMODEM - ok
13:24:42.0538 5240  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:24:42.0611 5240  cdfs - ok
13:24:42.0645 5240  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:24:42.0703 5240  cdrom - ok
13:24:42.0730 5240  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:24:42.0799 5240  CertPropSvc - ok
13:24:42.0825 5240  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:24:42.0895 5240  circlass - ok
13:24:42.0945 5240  [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS            C:\Windows\system32\CLFS.sys
13:24:42.0981 5240  CLFS - ok
13:24:43.0036 5240  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:43.0050 5240  clr_optimization_v2.0.50727_32 - ok
13:24:43.0089 5240  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:24:43.0135 5240  clr_optimization_v4.0.30319_32 - ok
13:24:43.0168 5240  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:24:43.0179 5240  cmdide - ok
13:24:43.0197 5240  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:24:43.0209 5240  Compbatt - ok
13:24:43.0216 5240  COMSysApp - ok
13:24:43.0231 5240  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:24:43.0243 5240  crcdisk - ok
13:24:43.0258 5240  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:24:43.0328 5240  Crusoe - ok
13:24:43.0399 5240  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:24:43.0484 5240  CryptSvc - ok
13:24:43.0553 5240  [ 5CBF20674BE8364FEBB6A13451A42F0A ] CSCrySec        C:\Windows\system32\DRIVERS\CSCrySec.sys
13:24:43.0589 5240  CSCrySec - ok
13:24:43.0677 5240  [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv    C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
13:24:43.0746 5240  CSObjectsSrv - ok
13:24:43.0811 5240  [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
13:24:43.0823 5240  CSVirtualDiskDrv - ok
13:24:44.0048 5240  [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:24:44.0189 5240  DcomLaunch - ok
13:24:44.0226 5240  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:24:44.0357 5240  DfsC - ok
13:24:44.0869 5240  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
13:24:45.0060 5240  DFSR - ok
13:24:45.0130 5240  [ 17210D8064EC116A3FC6B5E45E577D43 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:24:45.0246 5240  Dhcp - ok
13:24:45.0284 5240  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
13:24:45.0297 5240  disk - ok
13:24:45.0355 5240  [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:24:45.0408 5240  Dnscache - ok
13:24:45.0448 5240  [ 1F795D214820E496BF1124434A6DB546 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:24:45.0533 5240  dot3svc - ok
13:24:45.0571 5240  [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS             C:\Windows\system32\dps.dll
13:24:45.0642 5240  DPS - ok
13:24:45.0682 5240  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:24:45.0753 5240  drmkaud - ok
13:24:45.0811 5240  [ 12986452237021FD48B08F8E23F6A7AB ] dvdfab          C:\Windows\system32\drivers\dvdfab.sys
13:24:45.0824 5240  dvdfab - ok
13:24:46.0034 5240  [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:24:46.0222 5240  DXGKrnl - ok
13:24:46.0310 5240  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:24:46.0445 5240  E1G60 - ok
13:24:46.0481 5240  [ 90A0A875642E18618010645311B4E89E ] EapHost         C:\Windows\System32\eapsvc.dll
13:24:46.0531 5240  EapHost - ok
13:24:46.0570 5240  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:24:46.0596 5240  Ecache - ok
13:24:46.0671 5240  [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:24:46.0723 5240  ehRecvr - ok
13:24:46.0749 5240  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
13:24:46.0764 5240  ehSched - ok
13:24:46.0776 5240  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
13:24:46.0808 5240  ehstart - ok
13:24:46.0853 5240  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
13:24:46.0863 5240  ElbyCDIO - ok
13:24:46.0890 5240  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:24:46.0908 5240  elxstor - ok
13:24:47.0125 5240  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:24:47.0261 5240  EMDMgmt - ok
13:24:47.0369 5240  [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem     C:\Windows\system32\es.dll
13:24:47.0432 5240  EventSystem - ok
13:24:47.0494 5240  Fabs - ok
13:24:47.0592 5240  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:24:47.0676 5240  fastfat - ok
13:24:47.0703 5240  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:24:47.0772 5240  fdc - ok
13:24:47.0807 5240  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:24:47.0876 5240  fdPHost - ok
13:24:47.0899 5240  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:24:47.0969 5240  FDResPub - ok
13:24:48.0012 5240  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:24:48.0033 5240  FileInfo - ok
13:24:48.0054 5240  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:24:48.0111 5240  Filetrace - ok
13:24:48.0925 5240  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:24:49.0189 5240  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
13:24:49.0189 5240  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
13:24:49.0232 5240  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:49.0377 5240  flpydisk - ok
13:24:49.0409 5240  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:24:49.0439 5240  FltMgr - ok
13:24:49.0448 5240  FolderSize - ok
13:24:49.0517 5240  [ 7EF57375636991F794BF40B522A8E7EF ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:49.0566 5240  FontCache3.0.0.0 - ok
13:24:50.0249 5240  [ 701C9023D8B5B18C9E08C27D4D1B5617 ] FreemiumSelfUpdateService C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe
13:24:50.0537 5240  FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
13:24:50.0537 5240  FreemiumSelfUpdateService - detected UnsignedFile.Multi.Generic (1)
13:24:50.0604 5240  [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:24:50.0642 5240  Fs_Rec - ok
13:24:50.0688 5240  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
13:24:50.0749 5240  FWLANUSB - ok
13:24:50.0793 5240  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:24:50.0815 5240  gagp30kx - ok
13:24:50.0874 5240  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:24:50.0921 5240  GEARAspiWDM - ok
13:24:51.0555 5240  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:24:51.0586 5240  GoogleDesktopManager-051210-111108 - ok
13:24:51.0697 5240  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:24:51.0795 5240  gpsvc - ok
13:24:51.0867 5240  [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
13:24:51.0977 5240  grmnusb - ok
13:24:52.0033 5240  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9aaf7304af78b C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:52.0055 5240  gupdate1c9aaf7304af78b - ok
13:24:52.0121 5240  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:52.0143 5240  gupdatem - ok
13:24:52.0235 5240  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:52.0278 5240  gusvc - ok
13:24:52.0323 5240  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
13:24:52.0343 5240  hamachi - ok
13:24:52.0382 5240  [ B40C06B5438716366F2CA6239A741F39 ] HCW88AUD        C:\Windows\system32\drivers\hcw88aud.sys
13:24:52.0430 5240  HCW88AUD - ok
13:24:52.0458 5240  [ 6C85512C2B958B2D0E82814915390050 ] HCW88BDA        C:\Windows\system32\drivers\hcw88bda.sys
13:24:52.0512 5240  HCW88BDA - ok
13:24:52.0557 5240  [ D1B38599F3678F536EB61406F4F0DA6D ] HCW88TSE        C:\Windows\system32\drivers\hcw88tse.sys
13:24:52.0610 5240  HCW88TSE - ok
13:24:52.0674 5240  [ 36BAA5ACE16BB31E2B0BFAF551AC9786 ] HCW88TUNE       C:\Windows\system32\drivers\hcw88tun.sys
13:24:52.0721 5240  HCW88TUNE - ok
13:24:52.0786 5240  [ 2688CD88B87E0F5996ED4330E42D344A ] hcw88vid        C:\Windows\system32\drivers\hcw88vid.sys
13:24:52.0853 5240  hcw88vid - ok
13:24:52.0924 5240  [ 462F10C8B88CDDEB2FDAA47FA34793BB ] HCW88XBAR       C:\Windows\system32\drivers\HCW88BAR.sys
13:24:52.0996 5240  HCW88XBAR - ok
13:24:53.0125 5240  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:24:53.0295 5240  HdAudAddService - ok
13:24:53.0336 5240  [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:24:53.0393 5240  HDAudBus - ok
13:24:53.0407 5240  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:24:53.0463 5240  HidBth - ok
13:24:53.0495 5240  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:24:53.0566 5240  HidIr - ok
13:24:53.0622 5240  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
13:24:53.0720 5240  hidserv - ok
13:24:53.0757 5240  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:24:53.0828 5240  HidUsb - ok
13:24:53.0865 5240  [ 5350AEF38CA2D8885F47D4455E7EF4EE ] HiPatchService  J:\HiPatchService.exe
13:24:53.0882 5240  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
13:24:53.0882 5240  HiPatchService - detected UnsignedFile.Multi.Generic (1)
13:24:53.0910 5240  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:24:53.0987 5240  hkmsvc - ok
13:24:54.0025 5240  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:24:54.0066 5240  HpCISSs - ok
13:24:54.0358 5240  [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:24:54.0396 5240  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0396 5240  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:24:54.0441 5240  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:24:54.0482 5240  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0482 5240  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:24:54.0516 5240  [ 6F9CB6539A1B2508BD1C53D29334431A ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:24:54.0589 5240  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0589 5240  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:24:54.0636 5240  [ EA24FE637D974A8A31BC650F478E3533 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:24:54.0703 5240  HTTP - ok
13:24:54.0755 5240  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:24:54.0768 5240  i2omp - ok
13:24:54.0801 5240  [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:24:54.0875 5240  i8042prt - ok
13:24:54.0944 5240  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:24:54.0997 5240  iaStorV - ok
13:24:55.0088 5240  [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service     C:\Program Files\ICQ6Toolbar\ICQ Service.exe
13:24:55.0115 5240  ICQ Service - ok
13:24:55.0441 5240  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:24:55.0493 5240  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:24:55.0494 5240  IDriverT - detected UnsignedFile.Multi.Generic (1)
13:24:55.0627 5240  [ 6D1D3CAB85BA0C63CB83296A8A1825F9 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:55.0708 5240  idsvc - ok
13:24:55.0782 5240  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:24:55.0821 5240  iirsp - ok
13:24:55.0966 5240  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:24:56.0137 5240  IKEEXT - ok
13:24:56.0175 5240  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:24:56.0198 5240  intelide - ok
13:24:56.0238 5240  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:24:56.0301 5240  intelppm - ok
13:24:56.0340 5240  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:24:56.0401 5240  IPBusEnum - ok
13:24:56.0421 5240  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:56.0481 5240  IpFilterDriver - ok
13:24:56.0613 5240  [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:24:56.0712 5240  iphlpsvc - ok
13:24:56.0718 5240  IpInIp - ok
13:24:56.0780 5240  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:24:56.0849 5240  IPMIDRV - ok
13:24:56.0892 5240  [ 10077C35845101548037DF04FD1A420B ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:24:56.0969 5240  IPNAT - ok
13:24:57.0068 5240  [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:24:57.0122 5240  iPod Service - ok
13:24:57.0159 5240  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:24:57.0237 5240  IRENUM - ok
13:24:57.0331 5240  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:24:57.0384 5240  isapnp - ok
13:24:57.0419 5240  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:24:57.0436 5240  iScsiPrt - ok
13:24:57.0459 5240  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:24:57.0478 5240  iteatapi - ok
13:24:57.0501 5240  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:24:57.0514 5240  iteraid - ok
13:24:57.0546 5240  [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi         C:\Windows\system32\drivers\iviaspi.sys
13:24:57.0569 5240  Iviaspi ( UnsignedFile.Multi.Generic ) - warning
13:24:57.0569 5240  Iviaspi - detected UnsignedFile.Multi.Generic (1)
13:24:57.0603 5240  [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO           C:\Windows\system32\DRIVERS\JGOGO.sys
13:24:57.0651 5240  JGOGO - ok
13:24:57.0682 5240  [ F4A31E66A61C0783F51157519B03280B ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
13:24:57.0741 5240  JRAID - ok
13:24:57.0786 5240  [ B076B2AB806B3F696DAB21375389101C ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:57.0809 5240  kbdclass - ok
13:24:57.0835 5240  [ ED61DBC6603F612B7338283EDBACBC4B ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:24:57.0889 5240  kbdhid - ok
13:24:57.0930 5240  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso          C:\Windows\system32\lsass.exe
13:24:57.0994 5240  KeyIso - ok
13:24:58.0038 5240  [ CE3958F58547454884E97BDA78CD7040 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
13:24:58.0062 5240  kl1 - ok
13:24:58.0098 5240  [ 53EEDAB3F0511321AC3AE8BC968B158C ] KLBG            C:\Windows\system32\DRIVERS\klbg.sys
13:24:58.0117 5240  KLBG - ok
13:24:58.0164 5240  [ 723F185C945C0A6D2E21C2BB26A46FE7 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
13:24:58.0203 5240  KLIF - ok
13:24:58.0238 5240  [ 892CC162DC88AB084C86485879526C59 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
13:24:58.0258 5240  KLIM6 - ok
13:24:58.0270 5240  [ AA63A815876A76987B5DBCE6AF7478E9 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
13:24:58.0299 5240  klmouflt - ok
13:24:58.0363 5240  [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:24:58.0389 5240  KSecDD - ok
13:24:58.0539 5240  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:24:58.0692 5240  KtmRm - ok
13:24:58.0739 5240  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:24:58.0922 5240  LanmanServer - ok
13:24:58.0980 5240  [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:24:59.0071 5240  LanmanWorkstation - ok
13:24:59.0158 5240  [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:24:59.0170 5240  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:24:59.0170 5240  LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:24:59.0261 5240  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:24:59.0367 5240  lltdio - ok
13:24:59.0463 5240  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:24:59.0590 5240  lltdsvc - ok
13:24:59.0617 5240  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:24:59.0694 5240  lmhosts - ok
13:24:59.0760 5240  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:24:59.0804 5240  LSI_FC - ok
13:24:59.0829 5240  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:24:59.0839 5240  LSI_SAS - ok
13:24:59.0853 5240  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:24:59.0864 5240  LSI_SCSI - ok
13:24:59.0885 5240  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:24:59.0931 5240  luafv - ok
13:25:00.0020 5240  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:25:00.0056 5240  MBAMProtector - ok
13:25:00.0120 5240  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:25:00.0139 5240  MBAMScheduler - ok
13:25:00.0156 5240  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     J:\Malwarebytes' Anti-Malware\mbamservice.exe
13:25:00.0184 5240  MBAMService - ok
13:25:00.0226 5240  [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:25:00.0253 5240  Mcx2Svc - ok
13:25:00.0317 5240  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
13:25:00.0335 5240  megasas - ok
13:25:00.0358 5240  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS           C:\Windows\system32\mmcss.dll
13:25:00.0428 5240  MMCSS - ok
13:25:00.0465 5240  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem           C:\Windows\system32\drivers\modem.sys
13:25:00.0517 5240  Modem - ok
13:25:00.0552 5240  [ 7E222A1BAAA42C8559DB2CE8A12AD828 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
13:25:00.0618 5240  MODEMCSA - ok
13:25:00.0648 5240  [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:25:00.0709 5240  monitor - ok
13:25:00.0775 5240  [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:25:00.0807 5240  mouclass - ok
13:25:00.0837 5240  [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:25:00.0869 5240  mouhid - ok
13:25:00.0899 5240  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:25:00.0921 5240  MountMgr - ok
13:25:00.0948 5240  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:25:00.0962 5240  mpio - ok
13:25:01.0035 5240  [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:25:01.0113 5240  mpsdrv - ok
13:25:01.0254 5240  [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:25:01.0312 5240  MpsSvc - ok
13:25:01.0348 5240  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:25:01.0365 5240  Mraid35x - ok
13:25:01.0411 5240  [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:25:01.0457 5240  MRxDAV - ok
13:25:01.0488 5240  [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:25:01.0538 5240  mrxsmb - ok
13:25:01.0557 5240  [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:25:01.0578 5240  mrxsmb10 - ok
13:25:01.0589 5240  [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:25:01.0622 5240  mrxsmb20 - ok
13:25:01.0647 5240  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:25:01.0660 5240  msahci - ok
13:25:01.0675 5240  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:25:01.0689 5240  msdsm - ok
13:25:01.0717 5240  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC           C:\Windows\System32\msdtc.exe
13:25:01.0737 5240  MSDTC - ok
13:25:01.0785 5240  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:25:01.0857 5240  Msfs - ok
13:25:01.0905 5240  [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:25:01.0919 5240  msisadrv - ok
13:25:01.0957 5240  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:25:02.0096 5240  MSiSCSI - ok
13:25:02.0107 5240  msiserver - ok
13:25:02.0139 5240  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:25:02.0262 5240  MSKSSRV - ok
13:25:02.0322 5240  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:25:02.0416 5240  MSPCLOCK - ok
13:25:02.0455 5240  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:25:02.0512 5240  MSPQM - ok
13:25:02.0615 5240  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:25:02.0663 5240  MsRPC - ok
13:25:02.0722 5240  [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:25:02.0743 5240  mssmbios - ok
13:25:02.0923 5240  MSSQL$MSSMLBIZ - ok
13:25:02.0983 5240  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:25:03.0022 5240  MSSQLServerADHelper - ok
13:25:03.0046 5240  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:25:03.0145 5240  MSTEE - ok
13:25:03.0175 5240  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:25:03.0204 5240  Mup - ok
13:25:03.0251 5240  [ 76A1CBD7D8932B7AFF5B4C7DB72EEBBD ] MySecurityCenter License Service C:\Program Files\MySecurityCenter\Programs\service.exe
13:25:03.0262 5240  MySecurityCenter License Service - ok
13:25:03.0373 5240  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
13:25:03.0475 5240  napagent - ok
13:25:03.0517 5240  [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:25:03.0563 5240  NativeWifiP - ok
13:25:03.0876 5240  [ 9576CC8E84F7CEDA9189CDDA1CFD4BC1 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:25:03.0974 5240  NBService ( UnsignedFile.Multi.Generic ) - warning
13:25:03.0974 5240  NBService - detected UnsignedFile.Multi.Generic (1)
13:25:04.0046 5240  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:25:04.0113 5240  NDIS - ok
13:25:04.0170 5240  [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:25:04.0210 5240  NdisTapi - ok
13:25:04.0246 5240  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:25:04.0299 5240  Ndisuio - ok
13:25:04.0333 5240  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:25:04.0407 5240  NdisWan - ok
13:25:04.0464 5240  [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:25:04.0504 5240  NDProxy - ok
13:25:04.0537 5240  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:25:04.0544 5240  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:25:04.0544 5240  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:25:04.0565 5240  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:25:04.0637 5240  NetBIOS - ok
13:25:04.0672 5240  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:25:04.0734 5240  netbt - ok
13:25:04.0752 5240  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon        C:\Windows\system32\lsass.exe
13:25:04.0770 5240  Netlogon - ok
13:25:04.0887 5240  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
13:25:04.0977 5240  Netman - ok
13:25:05.0031 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0083 5240  NetMsmqActivator - ok
13:25:05.0106 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0119 5240  NetPipeActivator - ok
13:25:05.0212 5240  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
13:25:05.0335 5240  netprofm - ok
13:25:05.0364 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0374 5240  NetTcpActivator - ok
13:25:05.0400 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0411 5240  NetTcpPortSharing - ok
13:25:05.0498 5240  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:25:05.0526 5240  nfrd960 - ok
13:25:05.0558 5240  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:25:05.0606 5240  NlaSvc - ok
13:25:05.0666 5240  [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
13:25:05.0714 5240  NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
13:25:05.0714 5240  NMIndexingService - detected UnsignedFile.Multi.Generic (1)
13:25:05.0764 5240  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Program Files\CDBurnerXP\NMSAccessU.exe
13:25:05.0773 5240  NMSAccess - ok
13:25:05.0791 5240  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:25:05.0864 5240  Npfs - ok
13:25:05.0908 5240  [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo      C:\Windows\system32\drivers\npf_devolo.sys
13:25:05.0945 5240  NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
13:25:05.0945 5240  NPF_devolo - detected UnsignedFile.Multi.Generic (1)
13:25:05.0951 5240  npggsvc - ok
13:25:05.0991 5240  [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2         C:\Windows\system32\npptNT2.sys
13:25:06.0006 5240  NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
13:25:06.0006 5240  NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
13:25:06.0040 5240  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi             C:\Windows\system32\nsisvc.dll
13:25:06.0085 5240  nsi - ok
13:25:06.0150 5240  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:25:06.0203 5240  nsiproxy - ok
13:25:06.0417 5240  [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:25:06.0487 5240  Ntfs - ok
13:25:06.0557 5240  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:25:06.0630 5240  ntrigdigi - ok
13:25:06.0654 5240  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
13:25:06.0754 5240  Null - ok
13:25:07.0074 5240  [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:25:07.0147 5240  NVENETFD - ok
13:25:07.0240 5240  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:25:07.0279 5240  nvraid - ok
13:25:07.0303 5240  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:25:07.0361 5240  nvstor - ok
13:25:07.0386 5240  [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
13:25:07.0398 5240  nvstor32 - ok
13:25:07.0472 5240  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:25:07.0509 5240  nv_agp - ok
13:25:07.0516 5240  NwlnkFlt - ok
13:25:07.0525 5240  NwlnkFwd - ok
13:25:07.0881 5240  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:25:07.0944 5240  odserv - ok
13:25:08.0000 5240  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:25:08.0124 5240  ohci1394 - ok
13:25:08.0239 5240  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:25:08.0272 5240  ose - ok
13:25:08.0516 5240  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:25:08.0647 5240  p2pimsvc - ok
13:25:08.0876 5240  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
13:25:08.0942 5240  p2psvc - ok
13:25:08.0997 5240  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:25:09.0111 5240  Parport - ok
13:25:09.0145 5240  [ 555A5B2C8022983BC7467BC925B222EE ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:25:09.0186 5240  partmgr - ok
13:25:09.0216 5240  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:25:09.0295 5240  Parvdm - ok
13:25:09.0392 5240  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:25:09.0423 5240  PcaSvc - ok
13:25:09.0454 5240  [ 1085D75657807E0E8B32F9E19A1647C3 ] pci             C:\Windows\system32\drivers\pci.sys
13:25:09.0466 5240  pci - ok
13:25:09.0495 5240  [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:25:09.0521 5240  pciide - ok
13:25:09.0541 5240  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:25:09.0555 5240  pcmcia - ok
13:25:09.0576 5240  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
13:25:09.0601 5240  pcouffin - ok
13:25:09.0735 5240  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:25:09.0877 5240  PEAUTH - ok
13:25:10.0081 5240  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla             C:\Windows\system32\pla.dll
13:25:10.0235 5240  pla - ok
13:25:10.0336 5240  [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:25:10.0384 5240  PlugPlay - ok
13:25:10.0437 5240  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:25:10.0474 5240  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:25:10.0474 5240  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:25:10.0499 5240  [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
13:25:10.0515 5240  PnkBstrA - ok
13:25:10.0702 5240  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:25:10.0732 5240  PNRPAutoReg - ok
13:25:10.0813 5240  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:25:10.0847 5240  PNRPsvc - ok
13:25:11.0008 5240  [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:25:11.0126 5240  PolicyAgent - ok
13:25:11.0192 5240  [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:25:11.0315 5240  PptpMiniport - ok
13:25:11.0343 5240  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
13:25:11.0427 5240  Processor - ok
13:25:11.0461 5240  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:25:11.0536 5240  ProfSvc - ok
13:25:11.0558 5240  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:25:11.0576 5240  ProtectedStorage - ok
13:25:11.0634 5240  [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:25:11.0712 5240  PSched - ok
13:25:11.0773 5240  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
13:25:11.0818 5240  PxHelp20 - ok
13:25:12.0113 5240  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:25:12.0206 5240  ql2300 - ok
13:25:12.0276 5240  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:25:12.0315 5240  ql40xx - ok
13:25:12.0360 5240  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE           C:\Windows\system32\qwave.dll
13:25:12.0395 5240  QWAVE - ok
13:25:12.0425 5240  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:25:12.0478 5240  QWAVEdrv - ok
13:25:12.0830 5240  [ DFCEC4A3A3D49BB15932460F3D4F6C55 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
13:25:12.0927 5240  R300 - ok
13:25:12.0977 5240  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:25:13.0064 5240  RasAcd - ok
13:25:13.0110 5240  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto         C:\Windows\System32\rasauto.dll
13:25:13.0183 5240  RasAuto - ok
13:25:13.0224 5240  [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:25:13.0315 5240  Rasl2tp - ok
13:25:13.0413 5240  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
13:25:13.0510 5240  RasMan - ok
13:25:13.0542 5240  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:25:13.0637 5240  RasPppoe - ok
13:25:13.0673 5240  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:25:13.0752 5240  rdbss - ok
13:25:13.0779 5240  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:25:13.0852 5240  RDPCDD - ok
13:25:14.0014 5240  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:25:14.0159 5240  rdpdr - ok
13:25:14.0181 5240  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:25:14.0239 5240  RDPENCDD - ok
13:25:14.0272 5240  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:25:14.0334 5240  RDPWD - ok
13:25:14.0367 5240  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:25:14.0413 5240  RemoteAccess - ok
13:25:14.0474 5240  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:25:14.0545 5240  RemoteRegistry - ok
13:25:14.0755 5240  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:25:14.0768 5240  RichVideo - ok
13:25:14.0830 5240  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:25:14.0865 5240  RpcLocator - ok
13:25:14.0895 5240  [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs           C:\Windows\system32\rpcss.dll
13:25:14.0920 5240  RpcSs - ok
13:25:14.0981 5240  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:25:15.0044 5240  rspndr - ok
13:25:15.0056 5240  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs           C:\Windows\system32\lsass.exe
13:25:15.0072 5240  SamSs - ok
13:25:15.0126 5240  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:25:15.0139 5240  sbp2port - ok
13:25:15.0178 5240  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:25:15.0253 5240  SCardSvr - ok
13:25:15.0291 5240  [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:25:15.0374 5240  Schedule - ok
13:25:15.0408 5240  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:25:15.0466 5240  SCPolicySvc - ok
13:25:15.0558 5240  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:25:15.0626 5240  SDRSVC - ok
13:25:15.0698 5240  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:25:15.0756 5240  secdrv - ok
13:25:15.0827 5240  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
13:25:15.0917 5240  seclogon - ok
13:25:17.0256 5240  [ 69500F5EAFDE80040F8465CD6E72037E ] SelfUpdateService C:\Program Files\Freetec\SystemStore\SelfUpdate.exe
13:25:17.0585 5240  SelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
13:25:17.0585 5240  SelfUpdateService - detected UnsignedFile.Multi.Generic (1)
13:25:17.0668 5240  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
13:25:17.0767 5240  SENS - ok
13:25:17.0863 5240  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:25:17.0981 5240  Serenum - ok
13:25:18.0017 5240  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:25:18.0162 5240  Serial - ok
13:25:18.0234 5240  [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:25:18.0286 5240  sermouse - ok
13:25:18.0354 5240  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:25:18.0446 5240  SessionEnv - ok
13:25:18.0493 5240  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:25:18.0581 5240  sffdisk - ok
13:25:18.0629 5240  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:25:18.0733 5240  sffp_mmc - ok
13:25:18.0772 5240  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:25:18.0851 5240  sffp_sd - ok
13:25:18.0930 5240  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:25:19.0062 5240  sfloppy - ok
13:25:19.0162 5240  [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:25:19.0192 5240  SharedAccess - ok
13:25:19.0261 5240  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:25:19.0297 5240  ShellHWDetection - ok
13:25:19.0321 5240  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:25:19.0347 5240  sisagp - ok
13:25:19.0387 5240  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:25:19.0410 5240  SiSRaid2 - ok
13:25:19.0431 5240  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:25:19.0443 5240  SiSRaid4 - ok
13:25:19.0481 5240  [ 40C0E715E1EBB2D1990C7D79CC0D79E3 ] SLEE_15_DRIVER  C:\Windows\system32\drivers\Sleen15.sys
13:25:19.0504 5240  SLEE_15_DRIVER - ok
13:25:19.0580 5240  [ A1DCD30534835CB67733AD00175125A6 ] slsvc           C:\Windows\system32\SLsvc.exe
13:25:19.0751 5240  slsvc - ok
13:25:19.0832 5240  [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:25:19.0863 5240  SLUINotify - ok
13:25:19.0909 5240  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:25:19.0978 5240  Smb - ok
13:25:20.0170 5240  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
13:25:20.0273 5240  smserial - ok
13:25:20.0376 5240  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:25:20.0414 5240  SNMPTRAP - ok
13:25:20.0773 5240  sony_ssm.sys - ok
13:25:20.0819 5240  [ 426F9B029AA9162CECCF65369457D046 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:25:20.0857 5240  spldr - ok
13:25:20.0898 5240  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler         C:\Windows\System32\spoolsv.exe
13:25:20.0914 5240  Spooler - ok
13:25:20.0984 5240  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\System32\Drivers\sptd.sys
13:25:21.0042 5240  sptd - ok
13:25:21.0085 5240  [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:25:21.0115 5240  SQLBrowser - ok
13:25:21.0142 5240  [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:25:21.0152 5240  SQLWriter - ok
13:25:21.0193 5240  [ 038579C35F7CAD4A4BBF735DBF83277D ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:25:21.0226 5240  srv - ok
13:25:21.0252 5240  [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:25:21.0279 5240  srv2 - ok
13:25:21.0321 5240  [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:25:21.0336 5240  srvnet - ok
13:25:21.0386 5240  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:25:21.0449 5240  SSDPSRV - ok
13:25:21.0502 5240  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:25:21.0525 5240  ssmdrv - ok
13:25:21.0531 5240  StarOpen - ok
13:25:21.0627 5240  [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:25:21.0654 5240  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:25:21.0654 5240  StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:25:21.0676 5240  Steam Client Service - ok
13:25:21.0700 5240  [ 7A95B5DEB594616F1693486B8161411E ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:25:21.0747 5240  StillCam - ok
13:25:21.0835 5240  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
13:25:21.0942 5240  stisvc - ok
13:25:21.0988 5240  [ 1379BDB336F8158C176A465E30759F57 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:25:22.0013 5240  swenum - ok
13:25:22.0050 5240  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv           C:\Windows\System32\swprv.dll
13:25:22.0115 5240  swprv - ok
13:25:22.0144 5240  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:25:22.0176 5240  Symc8xx - ok
13:25:22.0200 5240  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:25:22.0213 5240  Sym_hi - ok
13:25:22.0228 5240  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:25:22.0240 5240  Sym_u3 - ok
13:25:22.0273 5240  [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain         C:\Windows\system32\sysmain.dll
13:25:22.0381 5240  SysMain - ok
13:25:22.0451 5240  [ 1A78D70D7A02C920A18843426682899B ] SystemStore     C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
13:25:22.0460 5240  SystemStore ( UnsignedFile.Multi.Generic ) - warning
13:25:22.0461 5240  SystemStore - detected UnsignedFile.Multi.Generic (1)
13:25:23.0197 5240  [ C00E46D1C09654206E58C8B6953D7D88 ] SystemStoreService C:\Program Files\Freetec\SystemStore\SystemStore.exe
13:25:23.0467 5240  SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
13:25:23.0467 5240  SystemStoreService - detected UnsignedFile.Multi.Generic (1)
13:25:23.0534 5240  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:25:23.0594 5240  TabletInputService - ok
13:25:23.0642 5240  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:25:23.0716 5240  TapiSrv - ok
13:25:23.0737 5240  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS             C:\Windows\System32\tbssvc.dll
13:25:23.0789 5240  TBS - ok
13:25:23.0938 5240  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:25:24.0053 5240  Tcpip - ok
13:25:24.0188 5240  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:25:24.0214 5240  Tcpip6 - ok
13:25:24.0259 5240  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:25:24.0304 5240  tcpipreg - ok
13:25:24.0323 5240  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:25:24.0393 5240  TDPIPE - ok
13:25:24.0440 5240  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:25:24.0492 5240  TDTCP - ok
13:25:24.0509 5240  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:25:24.0570 5240  tdx - ok
13:25:24.0596 5240  [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:25:24.0618 5240  TermDD - ok
13:25:24.0654 5240  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService     C:\Windows\System32\termsrv.dll
13:25:24.0748 5240  TermService - ok
13:25:24.0776 5240  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
13:25:24.0795 5240  Themes - ok
13:25:24.0856 5240  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER     C:\Windows\system32\mmcss.dll
13:25:24.0901 5240  THREADORDER - ok
13:25:24.0973 5240  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
13:25:25.0055 5240  TrkWks - ok
13:25:25.0161 5240  [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:25:25.0191 5240  TrustedInstaller - ok
13:25:25.0213 5240  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:25.0261 5240  tssecsrv - ok
13:25:25.0326 5240  [ 65E953BC0084D44498B51F59784D2A82 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:25:25.0371 5240  tunmp - ok
13:25:25.0386 5240  [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:25:25.0402 5240  tunnel - ok
13:25:25.0778 5240  [ 2AAC9A65E6EED26B089171C9EA7058D1 ] TVECapSvc       C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
13:25:25.0803 5240  TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
13:25:25.0803 5240  TVECapSvc - detected UnsignedFile.Multi.Generic (1)
13:25:25.0827 5240  [ EF98452617CF044F32AEF5370320A55F ] TVESched        C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
13:25:25.0835 5240  TVESched ( UnsignedFile.Multi.Generic ) - warning
13:25:25.0836 5240  TVESched - detected UnsignedFile.Multi.Generic (1)
13:25:25.0909 5240  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:25:25.0943 5240  uagp35 - ok
13:25:25.0988 5240  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:25:26.0090 5240  udfs - ok
13:25:26.0151 5240  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:25:26.0183 5240  UI0Detect - ok
13:25:26.0225 5240  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:25:26.0258 5240  uliagpkx - ok
13:25:26.0296 5240  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:25:26.0315 5240  uliahci - ok
13:25:26.0345 5240  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:25:26.0360 5240  UlSata - ok
13:25:26.0388 5240  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:25:26.0403 5240  ulsata2 - ok
13:25:26.0429 5240  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:25:26.0503 5240  umbus - ok
13:25:26.0602 5240  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
13:25:26.0721 5240  upnphost - ok
13:25:26.0813 5240  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
13:25:26.0868 5240  USBAAPL - ok
13:25:26.0920 5240  [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:26.0976 5240  usbccgp - ok
13:25:26.0998 5240  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:25:27.0062 5240  usbcir - ok
13:25:27.0096 5240  [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:25:27.0109 5240  usbehci - ok
13:25:27.0138 5240  [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:25:27.0156 5240  usbhub - ok
13:25:27.0195 5240  [ 9333E482A173938788CBDE8F81EC52FB ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:25:27.0226 5240  usbohci - ok
13:25:27.0257 5240  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:25:27.0302 5240  usbprint - ok
13:25:27.0333 5240  [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:27.0359 5240  USBSTOR - ok
13:25:27.0380 5240  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:27.0429 5240  usbuhci - ok
13:25:27.0463 5240  [ 7764D99877E27436E95E4734624C9B45 ] UserAccess7     C:\Windows\system32\UAService7.exe
13:25:27.0499 5240  UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
13:25:27.0499 5240  UserAccess7 - detected UnsignedFile.Multi.Generic (1)
13:25:27.0534 5240  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms           C:\Windows\System32\uxsms.dll
13:25:27.0595 5240  UxSms - ok
13:25:27.0618 5240  [ 12525F65E8C561B66E0BCE2DE2018C0C ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:25:27.0630 5240  VBoxDrv - ok
13:25:27.0649 5240  [ B9D3C274E937A15FD2CEF8AA1E4C3477 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:25:27.0662 5240  VBoxNetAdp - ok
13:25:27.0683 5240  [ 601FE4801743B00B446EF8E21E753ED5 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:25:27.0695 5240  VBoxNetFlt - ok
13:25:27.0714 5240  [ 4AC4D33350CDD927CD575934CF983E68 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:25:27.0724 5240  VBoxUSBMon - ok
13:25:27.0757 5240  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds             C:\Windows\System32\vds.exe
13:25:27.0792 5240  vds - ok
13:25:27.0842 5240  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:27.0912 5240  vga - ok
13:25:27.0932 5240  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:25:27.0983 5240  VgaSave - ok
13:25:28.0050 5240  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:25:28.0080 5240  viaagp - ok
13:25:28.0102 5240  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:25:28.0161 5240  ViaC7 - ok
13:25:28.0192 5240  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
13:25:28.0204 5240  viaide - ok
13:25:28.0238 5240  [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:25:28.0251 5240  volmgr - ok
13:25:28.0266 5240  [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:25:28.0288 5240  volmgrx - ok
13:25:28.0319 5240  [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:25:28.0338 5240  volsnap - ok
13:25:28.0369 5240  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:25:28.0404 5240  vsmraid - ok
13:25:28.0708 5240  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS             C:\Windows\system32\vssvc.exe
13:25:28.0813 5240  VSS - ok
13:25:28.0872 5240  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time         C:\Windows\system32\w32time.dll
13:25:29.0021 5240  W32Time - ok
13:25:29.0132 5240  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:25:29.0203 5240  WacomPen - ok
13:25:29.0227 5240  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:25:29.0279 5240  Wanarp - ok
13:25:29.0285 5240  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:25:29.0300 5240  Wanarpv6 - ok
13:25:29.0364 5240  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\Windows\system32\DRIVERS\wanatw4.sys
13:25:29.0407 5240  wanatw - ok
13:25:29.0465 5240  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:25:29.0514 5240  wcncsvc - ok
13:25:29.0559 5240  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:25:29.0626 5240  WcsPlugInService - ok
13:25:29.0704 5240  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:25:29.0732 5240  Wd - ok
13:25:29.0766 5240  [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:25:29.0823 5240  Wdf01000 - ok
13:25:29.0857 5240  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:25:29.0886 5240  WdiServiceHost - ok
13:25:29.0891 5240  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:25:29.0909 5240  WdiSystemHost - ok
13:25:30.0016 5240  [ 01E41C264EEDCB827820A1909162579F ] WebClient       C:\Windows\System32\webclnt.dll
13:25:30.0047 5240  WebClient - ok
13:25:30.0085 5240  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:25:30.0151 5240  Wecsvc - ok
13:25:30.0171 5240  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:25:30.0242 5240  wercplsupport - ok
13:25:30.0265 5240  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:25:30.0329 5240  WerSvc - ok
13:25:30.0466 5240  [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:25:30.0487 5240  WinDefend - ok
13:25:30.0501 5240  WinHttpAutoProxySvc - ok
13:25:30.0564 5240  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:25:30.0641 5240  Winmgmt - ok
13:25:30.0767 5240  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:25:30.0943 5240  WinRM - ok
13:25:31.0022 5240  [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:25:31.0131 5240  Wlansvc - ok
13:25:31.0164 5240  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:25:31.0231 5240  WmiAcpi - ok
13:25:31.0276 5240  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:25:31.0316 5240  wmiApSrv - ok
13:25:31.0417 5240  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:25:31.0541 5240  WMPNetworkSvc - ok
13:25:31.0617 5240  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:25:31.0671 5240  WPCSvc - ok
13:25:31.0698 5240  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:25:31.0729 5240  WPDBusEnum - ok
13:25:31.0795 5240  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:25:31.0865 5240  WpdUsb - ok
13:25:32.0231 5240  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:25:32.0288 5240  WPFFontCache_v0400 - ok
13:25:32.0385 5240  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:25:32.0491 5240  ws2ifsl - ok
13:25:32.0521 5240  [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:25:32.0544 5240  wscsvc - ok
13:25:32.0550 5240  WSearch - ok
13:25:33.0070 5240  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:25:33.0264 5240  wuauserv - ok
13:25:33.0325 5240  [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:33.0418 5240  WUDFRd - ok
13:25:33.0444 5240  [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:25:33.0505 5240  wudfsvc - ok
13:25:33.0540 5240  XDva370 - ok
13:25:33.0556 5240  ================ Scan global ===============================
13:25:33.0660 5240  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
13:25:33.0727 5240  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
13:25:33.0868 5240  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
13:25:34.0034 5240  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
13:25:34.0039 5240  [Global] - ok
13:25:34.0039 5240  ================ Scan MBR ==================================
13:25:34.0079 5240  [ 38C8A4456C821E53324ADF51D68E3905 ] \Device\Harddisk0\DR0
13:25:34.0850 5240  \Device\Harddisk0\DR0 - ok
13:25:34.0855 5240  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
13:25:34.0917 5240  \Device\Harddisk1\DR1 - ok
13:25:34.0918 5240  ================ Scan VBR ==================================
13:25:34.0945 5240  [ 87795A4C81C844FA7B9FF8F9C687074F ] \Device\Harddisk0\DR0\Partition1
13:25:34.0959 5240  \Device\Harddisk0\DR0\Partition1 - ok
13:25:34.0963 5240  [ 2E2A6C7FCEAFC12244A3E288E4C9B4BA ] \Device\Harddisk1\DR1\Partition1
13:25:34.0982 5240  \Device\Harddisk1\DR1\Partition1 - ok
13:25:34.0986 5240  [ 2D83CFF692429C22881D42C51E321434 ] \Device\Harddisk1\DR1\Partition2
13:25:34.0988 5240  \Device\Harddisk1\DR1\Partition2 - ok
13:25:34.0990 5240  ============================================================
13:25:34.0990 5240  Scan finished
13:25:34.0990 5240  ============================================================
13:25:35.0007 5892  Detected object count: 22
13:25:35.0007 5892  Actual detected object count: 22
13:49:56.0999 5892  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0018 5892  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0019 5892  FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0019 5892  FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0024 5892  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0024 5892  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0029 5892  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0029 5892  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0035 5892  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0035 5892  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0041 5892  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0041 5892  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0048 5892  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0048 5892  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0052 5892  Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0052 5892  Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0057 5892  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0058 5892  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0063 5892  NBService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0063 5892  NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0066 5892  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0066 5892  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0069 5892  NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0069 5892  NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0072 5892  NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0073 5892  NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0076 5892  NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0076 5892  NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0079 5892  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0079 5892  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0082 5892  SelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0082 5892  SelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0087 5892  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0087 5892  StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0089 5892  SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0089 5892  SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0092 5892  SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0092 5892  SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0095 5892  TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0096 5892  TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0099 5892  TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0099 5892  TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:49:57.0102 5892  UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0102 5892  UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:52:05.0481 3080  Deinitialize success
         
Ist es normal, dass das aswMBR log so kurz ist?

PS.: Ist es in diesem Forum möglich Doppelposts zu erstellen oder soll ich warten bis alle log programme durch sind und dann alle logs auf einmal posten?

Alt 14.12.2012, 14:04   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.12.2012, 19:22   #9
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Hier is das Log von ComboFix
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-14.01 - "Mein Name" 14.12.2012  19:36:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3070.1888 [GMT 1:00]
ausgeführt von:: c:\users\"Mein Name"\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\"Mein Name"\AppData\Local\wgkoaos.dat
c:\users\"Mein Name"\AppData\Local\wgkoaos_nav.dat
c:\users\"Mein Name"\AppData\Local\wgkoaos_navps.dat
c:\users\"Mein Name"\Documents\~WRL0003.tmp
c:\users\"Mein Name"\Documents\~WRL0852.tmp
c:\users\"Mein Name"\Documents\~WRL1314.tmp
c:\users\"Mein Name"\Documents\~WRL2525.tmp
c:\users\"Mein Name"\Documents\~WRL3015.tmp
c:\users\"Name3"\AppData\Local\woiek.dat
c:\users\"Name3"\AppData\Local\woiek_nav.dat
c:\users\"Name3"\AppData\Local\woiek_navps.dat
c:\users\"Name3"\Documents\~WRL1344.tmp
c:\users\"Name3"\setup_Meine_Penny_Fotowelt.exe
c:\windows\IsUn0407.exe
c:\windows\system32\SET5EFA.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-14 bis 2012-12-14  ))))))))))))))))))))))))))))))
.
.
2012-12-14 18:58 . 2012-12-14 18:58	--------	d-----w-	c:\users\"Name3"\AppData\Local\temp
2012-12-14 18:58 . 2012-12-14 18:58	--------	d-----w-	c:\users\"Name2"\AppData\Local\temp
2012-12-14 18:58 . 2012-12-14 18:59	--------	d-----w-	c:\users\"Mein Name"\AppData\Local\temp
2012-12-14 06:42 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E2DD665-F1F8-41E4-8EEB-FC404FFB9A4B}\mpengine.dll
2012-12-13 13:11 . 2012-12-13 13:11	--------	d-----w-	c:\users\"Mein Name"\AppData\Local\4A Games
2012-12-13 11:17 . 2012-12-13 11:17	--------	d-----w-	c:\program files\ESET
2012-12-13 07:09 . 2012-12-13 07:09	--------	d-----w-	c:\users\"Mein Name"\AppData\Roaming\.minecraft
2012-12-12 17:09 . 2012-12-12 17:09	100864	----a-w-	C:\pwldikog.sys
2012-12-08 19:57 . 2012-12-08 19:57	--------	d-----w-	c:\programdata\ATI
2012-12-08 19:09 . 2012-12-08 19:09	--------	d-----w-	c:\program files\Defraggler
2012-12-07 20:40 . 2012-12-07 20:40	42440	----a-w-	c:\windows\system32\xfcodec.dll
2012-11-30 22:30 . 2012-11-30 22:30	--------	d-----w-	c:\users\"Mein Name"\AppData\Roaming\Malwarebytes
2012-11-30 22:27 . 2012-11-30 22:27	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-30 22:27 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-30 22:06 . 2012-11-30 22:06	--------	d-----w-	c:\windows\CheckSur
2012-11-30 17:44 . 2012-08-21 12:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-30 17:43 . 2012-11-30 17:44	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-19 08:45 . 2012-11-19 09:41	--------	d-----w-	c:\program files\MOUSE Editor
2012-11-17 19:34 . 2012-11-17 19:34	--------	d-----w-	c:\programdata\DivX
2012-11-17 19:33 . 2012-11-17 19:33	--------	d-----w-	c:\users\"Mein Name"\AppData\Roaming\OpenCandy
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 15:26 . 2009-11-17 09:34	139832	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-11-23 15:26 . 2011-02-05 14:17	281768	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-11-23 15:26 . 2010-06-01 15:59	281768	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-11-17 21:51 . 2011-02-05 14:17	281768	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-09-28 09:32 . 2012-09-28 09:32	5989776	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-09-28 09:32 . 2012-09-28 09:32	44544	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-10-14 20:42 . 2010-10-14 20:42	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-02-22 11:05	2353176	----a-w-	c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\"Mein Name"\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\"Mein Name"\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\"Mein Name"\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05	129624	----a-w-	c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"OscarEditor"="c:\program files\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoLed"="ModLEDKey.exe" [2006-11-09 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="j:\ati\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"setc"="c:\program files\MySecurityCenter\Programs\setc.exe" [2008-06-03 389992]
.
c:\users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\users\"Mein Name"\Documents\Xfire\Xfire.exe [2012-12-7 3558856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
backup=c:\windows\pss\HD Writer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Targa VFD Display.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Targa VFD Display.lnk
backup=c:\windows\pss\Targa VFD Display.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
backup=c:\windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45	63712	----a-w-	c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-16 09:36	205256	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2011-11-11 17:25	59240	----a-w-	c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-06-23 09:24	343552	----a-w-	c:\program files\avmwlanstick\FRITZWLanMini.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35	125440	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-14 20:42	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-29 11:41	136176	----atw-	c:\users\"Mein Name"\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2011-09-17 14:37	161336	----a-w-	c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-11-14 13:47	50736	----a-w-	c:\program files\Common Files\aol\1170091329\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2011-11-11 17:18	59240	----a-w-	c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-28 23:49	151952	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME HotKeys]
2007-03-21 16:59	25088	----a-w-	c:\program files\Steganos Safe Home\SteganosHotKeyService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setc]
2008-06-03 10:35	389992	----a-w-	c:\program files\MySecurityCenter\Programs\setc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 12:46	1458176	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-06 08:14	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-01-30 22:45	155648	------w-	c:\program files\CyberLink\TV Enhance\TVEService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voobly]
2012-09-08 19:28	135168	----a-w-	j:\voobly\voobly.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2965953352-1890760225-2496969144-1005]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52386062
*NewlyCreated* - 65787697
*Deregistered* - 52386062
*Deregistered* - 65787697
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-05 08:32]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 14:04]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 14:04]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job
- c:\users\"Mein Name"\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 11:41]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job
- c:\users\"Mein Name"\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 11:41]
.
2009-03-16 c:\windows\Tasks\Norton Security Scan for "Mein Name".job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=hxxp://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=hxxp://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-AuditVista - (no file)
MSConfigStartUp-DVDFab Passkey - c:\program files\DVDFab Passkey\DVDFabPasskey.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-wgkoaos - c:\users\"Mein Name"\appdata\local\wgkoaos.exe
AddRemove-12345_is1 - c:\program files\WeGame\unins000.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Avro Converter_is1 - c:\program files\Avro Converter\unins000.exe
AddRemove-BlockBall Evolution_is1 - c:\program files\BlockBall Evolution\unins000.exe
AddRemove-Call of Duty Black Ops_is1 - j:\call of duty black ops\unins000.exe
AddRemove-Cheat Engine 5.4_is1 - c:\users\"Mein Name"\Downloads\Cheat Engine\unins000.exe
AddRemove-Chilirec_0 - c:\program files\Chilirec\Uninstall.exe
AddRemove-Cross Fire_is1 - c:\users\"Mein Name"\Saved Games\CrossFire\unins000.exe
AddRemove-DataStar-Engine - c:\windows\unin0407.exe
AddRemove-DVDFab Passkey 8_is1 - c:\program files\DVDFab Passkey\unins000.exe
AddRemove-Evil Player - c:\program files\Evil Player\Uninstall.exe
AddRemove-EvilLyrics - c:\users\"Mein Name"\Downloads\evillyrics19\EvilLyrics\uninst.exe
AddRemove-Free FLV Converter_is1 - c:\program files\Free FLV Converter\unins000.exe
AddRemove-Free M4a to MP3 Converter_is1 - c:\program files\Free M4a to MP3 Converter\unins000.exe
AddRemove-Free Mp3 Wma Converter_is1 - c:\program files\Free Audio Pack\unins000.exe
AddRemove-Free WMA to MP3 Converter_is1 - c:\program files\Free WMA to MP3 Converter\unins000.exe
AddRemove-Game Maker 7.0 - c:\program files\Game_Maker7\Uninstal.exe
AddRemove-HyperCam 2 - c:\program files\HyCam2\UnHyCam2.exe
AddRemove-IcoFX_is1 - c:\users\"Mein Name"\Downloads\IcoFX 1.6\unins000.exe
AddRemove-IpodConverter_is1 - c:\users\"Mein Name"\Downloads\IpodConverter\unins000.exe
AddRemove-Jack Keane - c:\program files\10TACLE STUDIOS\Jack Keane\uninstall.exe
AddRemove-LIDL Fotoservice_is1 - c:\program files\LIDL Fotoservice\unins000.exe
AddRemove-Meine Penny Fotowelt - c:\program files\REWE\Meine Penny Fotowelt\uninstall.exe
AddRemove-Need For Speed II SE - c:\windows\unin0407.exe
AddRemove-Soldat_is1 - c:\users\"Mein Name"\Downloads\lol\lol\lolog\unins000.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-Vista Icon Pack ST_is1 - c:\users\"Mein Name"\Downloads\Vista Icon Pack ST\unins000.exe
AddRemove-Wolfenstein - Enemy Territory - c:\users\"Mein Name"\Downloads\Enemy Territory\uninst.exe
AddRemove-Wormux - c:\program files\Wormux\uninstall.exe
AddRemove-{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1 - j:\manic digger\Manic Digger\unins000.exe
AddRemove-{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1 - c:\users\"Mein Name"\Downloads\Counter-Strike 2D\unins000.exe
AddRemove-BitTorrent DNA - c:\users\"Mein Name"\Program Files\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-14 19:59
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6000 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\00000071 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\SystemStoreService]
"ImagePath"="\"c:\program files\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\SecuROM\License information*]
"datasecu"=hex:9f,64,01,40,02,52,73,06,54,f7,97,de,c2,da,42,77,a7,20,3b,55,2b,
   79,66,de,01,d6,c6,8a,c6,da,72,9a,6f,9f,18,da,78,bf,9a,af,b5,67,10,63,4a,05,\
"rkeysecu"=hex:61,ec,bb,a9,ba,27,71,96,0b,2a,c7,b5,89,62,47,fc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-12-14  20:13:02
ComboFix-quarantined-files.txt  2012-12-14 19:12
.
Vor Suchlauf: 4.934.201.344 Bytes frei
Nach Suchlauf: 8.848.769.024 Bytes frei
.
- - End Of File - - C6D9CC27A581D32F9874B3FBD6CFC06C
         
--- --- ---

Alt 16.12.2012, 13:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2012, 14:14   #11
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 16/12/2012 um 15:10:22 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzer : "Mein Name" - "Mein Name"
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\"Mein Name"\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : ICQ Service

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files\Common Files\Plasmoo
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Viewpoint
Ordner Gefunden : C:\Program Files\XfireXO
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Viewpoint
Ordner Gefunden : C:\Users\"Mein Name"\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\"Mein Name"\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\"Mein Name"\AppData\LocalLow\XfireXO
Ordner Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gefunden : C:\Users\"Mein Name"\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\"Name 2"\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\"Name 2"\AppData\LocalLow\XfireXO

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\XfireXO
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gefunden : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Schlüssel Gefunden : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\XfireXO Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34A1D323-EB8D-4E60-B254-4C0ADFA4C11F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E564C2EB-7CD6-430A-9400-E0A72C481697}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\MetaStream
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E564C2EB-7CD6-430A-9400-E0A72C481697}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XfireXO Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gefunden : HKLM\Software\Viewpoint
Schlüssel Gefunden : HKLM\Software\XfireXO
Schlüssel Gefunden : HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.16982

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v3.6.3 (de)

Profilname : default 
Datei : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");

Profilname : default 
Datei : C:\Users\"Name 3"\AppData\Roaming\Mozilla\Firefox\Profiles\5sd2qwib.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\prefs.js

Gefunden : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.13] : homepage = "hxxp://start.icq.com/",
Gefunden [l.1791] : homepage = "hxxp://start.icq.com/",

-\\ Chromium v {
      show_on_all_tabs: true
   }

Datei : C:\Users\"Mein Name"\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v10.10.1893.0

Datei : C:\Users\"Name 2"\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\"Mein Name"\AppData\Roaming\Opera\Opera\operaprefs.ini

Gefunden : application/x-winampx-1.0.0.1=6,,C:\Program Files\Mozilla Firefox\plugins\npwachk.dll,Winamp Applica[...]
Gefunden : application/x-mtx=6,,C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll,Meta[...]
Gefunden : application/x-winampx-1.0.0.1=,0
Gefunden : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[R1].txt - [9414 octets] - [16/12/2012 15:10:22]

########## EOF - C:\AdwCleaner[R1].txt - [9474 octets] ##########
         

Alt 17.12.2012, 16:37   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2012, 18:02   #13
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Ok ADW:
Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 17/12/2012 um 18:08:08 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzer : "Mein Name" - "Mein Name"-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : ICQ Service

***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\"Mein Name"\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\"Mein Name"\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\"Name1"\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.16982

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.13] : homepage = "hxxp://start.icq.com/",
Gelöscht [l.1791] : homepage = "hxxp://start.icq.com/",

-\\ Chromium v {
      show_on_all_tabs: true
   }

Datei : C:\Users\"Mein Name"\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v10.10.1893.0

Datei : C:\Users\"Name1"\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\"Mein Name"\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files\Mozilla Firefox\plugins\npwachk.dll,Winamp Applica[...]
Gelöscht : application/x-mtx=6,,C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll,Meta[...]
Gelöscht : application/x-winampx-1.0.0.1=,0
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[R1].txt - [9445 octets] - [16/12/2012 15:10:22]
AdwCleaner[R2].txt - [9603 octets] - [16/12/2012 15:10:54]
AdwCleaner[S1].txt - [5364 octets] - [17/12/2012 18:08:08]

########## EOF - C:\AdwCleaner[S1].txt - [5424 octets] ##########
         
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.12.2012 18:28:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\"Mein Name"\Desktop\Logs
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 55,01% Memory free
10,65 Gb Paging File | 9,29 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 5,40 Gb Free Space | 1,18% Space Free | Partition Type: NTFS
Drive D: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 732,42 Gb Total Space | 178,35 Gb Free Space | 24,35% Space Free | Partition Type: NTFS
Drive R: | 199,09 Gb Total Space | 30,09 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
 
Computer Name: "Mein Name"-PC | User Name: "Mein Name" | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\"Mein Name"\Desktop\Logs\OTL.exe (OldTimer Tools)
PRC - J:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe ()
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - J:\HiPatchService.exe (Hi-Rez Studios)
PRC - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
PRC - C:\Program Files\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.)
PRC - J:\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - J:\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\MySecurityCenter\Programs\Service.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Windows\ModLEDKey.exe (Chicony)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\MOUSE Editor\MouseEditor.exe ()
MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()
MOD - C:\Program Files\MOUSE Editor\dll\DLL_Wheel4D.dll ()
MOD - C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll ()
MOD - C:\Program Files\MOUSE Editor\dll\DLL_MouseDeviceManager.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()
MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files\MOUSE Editor\dll\DLL_ZoomControl.dll ()
MOD - C:\Program Files\MOUSE Editor\dll\DLL_ScrollbarControl.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - J:\ATI\ATI.ACE\Branding\Branding.dll ()
MOD - J:\Filezilla\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SelfUpdateService) -- C:\Program Files\Freetec\SystemStore\SelfUpdate.exe ()
SRV - (MBAMService) -- J:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (FreemiumSelfUpdateService) -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe ()
SRV - (HiPatchService) -- J:\HiPatchService.exe (Hi-Rez Studios)
SRV - (SystemStore) -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe ()
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (UserAccess7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.)
SRV - (MySecurityCenter License Service) -- C:\Program Files\MySecurityCenter\Programs\Service.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (StarOpen) --  File not found
DRV - (sony_ssm.sys) -- C:\Users\NIKOLA~1\AppData\Local\Temp\sony_ssm.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\NIKOLA~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (dvdfab) -- C:\Windows\System32\drivers\dvdfab.sys (Fengtao Software Inc.)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (KLBG) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron )
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_de
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 17:42:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012.04.30 18:15:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\"Mein Name"\Program Files\DNA [2009.08.28 14:43:16 | 000,000,000 | ---D | M]
 
[2012.12.16 18:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.06.16 17:50:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.21 15:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.30 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.15 19:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 22:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.22 19:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.03.12 16:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.30 18:18:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
 
O1 HOSTS File: ([2012.12.14 19:59:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony)
O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [StartCCC] J:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe ()
O4 - Startup: C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Users\"Mein Name"\Documents\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab (IPSUploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58A9C5FC-1915-4D77-B2E2-566E50F1BDA9}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.15 13:29:19 | 000,000,000 | ---D | C] -- C:\e74359119baa189018d3c0110d143279
[2012.12.14 20:13:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.14 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\temp
[2012.12.14 19:31:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.14 19:31:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.14 19:31:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012.12.14 19:31:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.14 19:31:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.14 19:30:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.14 19:28:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.14 19:23:05 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\"Mein Name"\Desktop\ComboFix.exe
[2012.12.14 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\Logs
[2012.12.14 07:28:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\"Mein Name"\Desktop\aswMBR.exe
[2012.12.13 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Documents\4A Games
[2012.12.13 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\4A Games
[2012.12.13 12:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.13 08:09:25 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\.minecraft
[2012.12.12 18:09:19 | 000,100,864 | ---- | C] (GMER) -- C:\pwldikog.sys
[2012.12.08 20:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.12.08 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.11.30 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Malwarebytes
[2012.11.30 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.30 23:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.30 23:27:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.30 23:06:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.11.30 18:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.27 21:24:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012.11.23 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\info 2012
[2012.11.19 09:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software
[2012.11.19 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\MOUSE Editor
[2012.11.17 20:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.01.28 22:54:25 | 000,367,081 | ---- | C] (UTDM & NoBS                                                 ) -- C:\Users\"Mein Name"\Punkbuster.Got.Busted.v1.5-NoBS-UTDM.exe
[2010.08.26 20:54:36 | 096,962,344 | ---- | C] (Apple Inc.) -- C:\Users\"Mein Name"\iTunesSetup try.exe
[2010.08.26 19:02:09 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx40_Full_setup.exe
[2010.08.26 18:57:38 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx35setup.exe
[2009.12.06 21:42:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 18:32:02 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job
[2012.12.17 18:30:09 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job
[2012.12.17 18:30:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job
[2012.12.17 18:30:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job
[2012.12.17 18:18:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job
[2012.12.17 18:18:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 18:18:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 18:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 18:12:43 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 18:07:32 | 000,547,175 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe
[2012.12.17 17:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.17 13:35:10 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.12.16 18:52:38 | 000,764,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.16 18:52:38 | 000,712,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.16 18:52:38 | 000,166,684 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.16 18:52:38 | 000,142,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.15 13:32:30 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.12.14 19:59:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.14 19:27:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job
[2012.12.14 15:14:12 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\"Mein Name"\Desktop\ComboFix.exe
[2012.12.14 10:30:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.12.13 23:40:20 | 000,000,512 | ---- | M] () -- C:\Users\"Mein Name"\Documents\MBR.dat
[2012.12.13 22:31:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\"Mein Name"\Desktop\aswMBR.exe
[2012.12.13 12:13:11 | 000,002,087 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Google Chrome.lnk
[2012.12.12 18:09:19 | 000,100,864 | ---- | M] (GMER) -- C:\pwldikog.sys
[2012.12.12 18:04:28 | 000,302,592 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\3ti9jgqo.exe
[2012.12.12 17:54:29 | 000,000,234 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Metro 2033.url
[2012.12.12 14:47:36 | 000,848,794 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\SCAN0102.JPG
[2012.12.11 18:23:55 | 000,053,131 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Logfiles.zip
[2012.12.09 14:02:12 | 000,211,968 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.09 01:26:18 | 000,007,808 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat
[2012.12.09 01:03:09 | 000,000,020 | ---- | M] () -- C:\Users\"Mein Name"\defogger_reenable
[2012.12.08 20:09:07 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.12.08 19:19:09 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.07 21:40:40 | 000,042,440 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2012.12.02 14:53:19 | 000,219,266 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG
[2012.12.02 14:09:06 | 000,191,691 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG
[2012.12.02 14:08:52 | 000,190,784 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG
[2012.12.02 10:17:50 | 000,102,169 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG
[2012.12.02 10:17:28 | 000,194,171 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG
[2012.11.30 23:36:34 | 000,000,576 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 18:45:33 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.30 15:32:09 | 000,187,830 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol bug.JPG
[2012.11.27 21:25:00 | 000,000,506 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk
[2012.11.23 16:26:15 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.11.19 09:51:47 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Editor.lnk
[2012.11.18 12:10:18 | 000,000,724 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk
[2012.11.17 22:51:05 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.11.17 20:34:29 | 000,000,992 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\DVDVideoSoft Free Studio.lnk
[2012.11.17 20:34:28 | 000,000,696 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Free YouTube Download.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.17 18:07:47 | 000,547,175 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe
[2012.12.14 19:31:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.14 19:31:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.14 19:31:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.14 19:31:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.14 19:31:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.13 23:40:20 | 000,000,512 | ---- | C] () -- C:\Users\"Mein Name"\Documents\MBR.dat
[2012.12.12 18:11:44 | 000,302,592 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\3ti9jgqo.exe
[2012.12.12 17:54:28 | 000,000,234 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Metro 2033.url
[2012.12.12 17:40:32 | 000,848,794 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\SCAN0102.JPG
[2012.12.11 18:23:54 | 000,053,131 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Logfiles.zip
[2012.12.09 13:59:31 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl
[2012.12.09 01:02:47 | 000,000,020 | ---- | C] () -- C:\Users\"Mein Name"\defogger_reenable
[2012.12.08 20:09:07 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012.12.08 19:19:09 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.07 21:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.12.06 12:21:41 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.02 14:53:16 | 000,219,266 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG
[2012.12.02 14:09:03 | 000,191,691 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG
[2012.12.02 14:08:44 | 000,190,784 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG
[2012.12.02 10:17:47 | 000,102,169 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG
[2012.12.02 10:17:25 | 000,194,171 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG
[2012.11.30 23:27:53 | 000,000,576 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 18:45:33 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.30 15:31:59 | 000,187,830 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol bug.JPG
[2012.11.27 21:25:00 | 000,000,506 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk
[2012.11.19 09:51:47 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Editor.lnk
[2012.11.18 12:10:22 | 000,000,724 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk
[2012.11.17 20:34:28 | 000,000,696 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Free YouTube Download.lnk
[2012.06.05 00:27:31 | 000,000,053 | ---- | C] () -- C:\Users\"Mein Name"\jagex_cl_runescape_LIVE.dat
[2012.06.05 00:27:31 | 000,000,001 | ---- | C] () -- C:\Users\"Mein Name"\random.dat
[2012.04.30 18:18:23 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.04.30 18:18:23 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.01.15 19:25:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.11 18:01:33 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.01.02 23:34:23 | 000,000,600 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\winscp.rnd
[2011.12.26 17:53:00 | 000,000,000 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\{194E177D-9D30-4CF7-B8D9-C1E24D923C40}
[2011.07.05 19:28:11 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.06.19 09:07:37 | 000,000,102 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\fusioncache.dat
[2011.05.31 13:28:58 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011.04.27 10:36:05 | 117,342,208 | ---- | C] () -- C:\Users\"Mein Name"\kavkis.msi
[2011.02.08 20:06:45 | 000,006,274 | ---- | C] () -- C:\Users\"Mein Name"\.recently-used.xbel
[2011.01.23 17:52:05 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe
[2010.10.23 19:49:20 | 000,000,458 | ---- | C] () -- C:\Users\"Mein Name"\NWT.lnk
[2010.04.04 17:04:03 | 000,021,504 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\WebpageIcons.db
[2009.12.26 15:11:24 | 000,138,904 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\PnkBstrK.sys
[2009.12.06 21:47:45 | 000,001,041 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\vso_ts_preview.xml
[2009.12.06 21:42:04 | 000,087,608 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\inst.exe
[2009.12.06 21:42:04 | 000,007,887 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.cat
[2009.12.06 21:42:04 | 000,001,144 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.inf
[2009.01.21 16:13:35 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat
[2008.07.13 14:03:28 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\ismxydep.bat
[2007.08.30 21:08:32 | 000,211,968 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.30 15:55:13 | 000,000,552 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d8caps.dat
[2007.04.21 09:51:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.16 11:38:11 | 000,007,808 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat
[2007.04.14 19:37:42 | 000,005,526 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\wklnhst.dat
[2007.04.14 18:46:40 | 000,001,346 | RHS- | C] () -- C:\Users\"Mein Name"\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.09.17 19:01:38 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.08.27 01:18:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---

Alt 17.12.2012, 18:03   #14
rupertbayern
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Extras
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.12.2012 18:28:38 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\"Mein Name"\Desktop\Logs
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 55,01% Memory free
10,65 Gb Paging File | 9,29 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 5,40 Gb Free Space | 1,18% Space Free | Partition Type: NTFS
Drive D: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 732,42 Gb Total Space | 178,35 Gb Free Space | 24,35% Space Free | Partition Type: NTFS
Drive R: | 199,09 Gb Total Space | 30,09 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
 
Computer Name: "Mein Name"-PC | User Name: "Mein Name" | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine Penny Fotowelt.exe] -- "C:\Program Files\REWE\Meine Penny Fotowelt\Meine Penny Fotowelt.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2965953352-1890760225-2496969144-1005]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043E40BA-290B-4C21-A664-6B45572849C6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{050D349C-75E2-45BC-AF9E-B7A00B8CC9DE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{09EFEA52-E3E9-4A74-9FEC-4A59648B4EDD}" = lport=12346 | protocol=6 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | 
"{1B6D9331-19BB-452E-848A-DFBBF225AF76}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) | 
"{1D933372-5D65-41A0-AE00-40C52E83BBB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2A4F895E-5EED-4466-9324-4F403E4DC7B9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3037CF33-BE15-441A-8AA6-4BE77FC056C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3300A8DA-4C76-4273-84FC-177BAE197550}" = lport=12345 | protocol=17 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe | 
"{42EA98FE-6860-4086-8FC2-6360D9A06F71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5AF9F806-5AA5-46D3-8246-6385D3068214}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5C8468F9-20BA-4157-A14F-D9E3B5C9B3DA}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) | 
"{5EBF7A75-CACF-4AFE-94A0-7015F7E45ACD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{61F8D555-721C-41D0-B986-D21A35E2EA18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{62339E9B-4735-4684-9489-C68C94EA332F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6292115B-3765-45A5-8C60-0282ECB8AD71}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) | 
"{647B2CA7-3E95-4716-B966-95E0C4E6A4CC}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) | 
"{67D761CB-9447-489E-AD20-9E4AAE39AD5C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{82DBAA61-D562-4D3C-8E03-D32EEF2F3A1B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{912D93F7-56B6-4884-A34E-078B41AF6649}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9ACA33DE-4EAE-4048-8F0E-106A2221997C}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) | 
"{B9C197B6-5DA4-4BFD-BECE-E980A60BF06E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BBBB30C4-B077-4B61-A1B7-E09532BBE345}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe | 
"{CAD414E1-614D-44AC-ACF3-799CBD5AD68E}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) | 
"{E3C30A12-1323-4393-8308-2594A014F1EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F7914D80-6DCC-4097-92C2-C9647A5245BA}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A2492-0065-4D41-907D-A3AEE1C46C73}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{01579CA4-FE10-4FFA-8F35-95539AD22DF3}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\u3\0877020a28931f0e\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe | 
"{04E156A1-BFEA-4FE7-A170-929ACE45C9A3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{0D596B76-14F2-4C56-9E2F-8ABDC3A365B5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{0FACF4D4-972D-4D65-B8C9-FA873308E081}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{13751A64-C0C9-4E57-ABF1-0F39A79AE807}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1B184E09-E7D3-4CC0-869B-F79D463B7170}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142-demo\bf2142.exe | 
"{1D064B2F-91EA-4C17-887F-42F6D5FC74A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1D4FB092-64CB-47F9-BD9B-33D34F13596C}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1F47FE55-F6A5-432A-A225-03ACE4FC0E88}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe | 
"{2896CB9F-C7B9-4A7B-B725-1C058C0207E5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{29F1940C-25B3-44F7-A0F0-6BC051996F37}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{31986909-E370-4E0F-A7C8-414A7582D6EF}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{333D55BB-9E71-4141-9507-D4CFBEB3CF0D}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe | 
"{336D1A4B-58AD-4D39-8C23-BAA75E786913}" = protocol=17 | dir=in | app=j:\mass effect 3\battlefield 1942\bf1942.exe | 
"{33FC5D3F-52E0-4414-A0F9-BBED90E3652B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{389F2BD8-D4D6-404A-80C8-965EC39A8678}" = protocol=6 | dir=in | app=j:\mass effect 3\battlefield 1942\bf1942.exe | 
"{3AFED1C3-3D0E-4DF5-B0DA-E4395F10677F}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{3FB9D87A-DADD-442B-B191-87928BA809EE}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\snowboundonline\run.exe | 
"{475AF2A6-C880-49CB-82A7-1C5E543BA0E3}" = protocol=17 | dir=in | app=j:\bf2142\bf2142.exe | 
"{4772B36F-1447-447D-9452-86840A543652}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{4811B5DA-0EB2-4740-B961-AB10D35B4027}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\cod4\call of duty 4\iw3mp.exe | 
"{4CE01849-D520-433D-B883-933E22620FBF}" = dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe | 
"{4E21C7DC-2287-4545-8A33-EB614CDB127F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{4E93362E-0D55-4A8D-B065-A54333BED1EE}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{56BFB906-DB16-4D49-AE34-93193AD1240C}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\swarm.exe | 
"{5F091766-5C2E-4D36-BF4C-31CA2AB69C6E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{612AD058-ADFD-4840-A8D1-B8DCD65300EF}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\cod4\call of duty 4\iw3mp.exe | 
"{61E96254-C0E5-4FB6-B2CF-B153244AAB42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{634C018E-9750-48AE-A1FB-434814D53992}" = protocol=6 | dir=in | app=j:\bf2142\bf2142.exe | 
"{63C0C541-A9C7-4183-BE67-28E02FFC1FDA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{63D55AC9-3C99-4BE2-A031-668E24A1105E}" = protocol=17 | dir=in | app=j:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{64969770-7192-474A-AD89-E3EA61D14CEA}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe | 
"{673341BD-1D80-4D31-80B1-7DB3F03343DC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6A68C287-FEF5-4C31-BE0D-A8A4DC6BDE5C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{6D8AEC5D-0C6B-4643-ACA3-7CAF913E4C5B}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\bullet run\launchpad.exe | 
"{6EF54516-8CC6-480E-9E0B-9975CAB98041}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\srcds.exe | 
"{6F4178A6-1790-437B-8E66-CE6E87050F2B}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\srcds.exe | 
"{7383D51E-0CF2-40B5-BB8F-BD337483B885}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{741AC322-C212-447B-9054-37270CC09916}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7D0BE409-9AC1-4D46-BCF0-2348E7006BD4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{86D94FB9-83B7-4257-840C-6E97A4CB6BF1}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe | 
"{8B64B647-7D5B-4360-BA76-A1CFA2FFC1B2}" = protocol=17 | dir=in | app=j:\battlefield bad company 2 installation\installation\bfbc2updater.exe | 
"{9554D44E-52B0-4699-8978-7125091BF9BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9648B1D8-055A-4A7C-BD40-969D0F32E87B}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\snowboundonline\run.exe | 
"{9A2BA966-8815-43D1-8F6F-6B282479EFB4}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9B8FF9E9-A6FF-4002-9022-9347CD9DA994}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A6AAD251-65DC-4A9F-B432-C9B8708421A9}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steam.exe | 
"{AA0119C2-8546-40A8-8BD2-889CB7E937ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD99BBAE-1CB3-41B1-9940-43B5A0EB8FC3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{B2C836D1-4270-40A1-9E75-F57422E414D3}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{B59224AC-256C-4A39-8850-E1E4DCBB4652}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B60A1A0B-CE95-4543-84EE-21E8B66903AE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142-demo\bf2142.exe | 
"{B938BEBA-7526-4486-90B0-D09B65641106}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\swarm.exe | 
"{BA7A24F0-2C3F-445A-907F-566EA5AE170B}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe | 
"{BCA223DD-3731-4E34-91B1-47B8B4470EFB}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{BD8A7EDE-C644-40EC-A26F-D6B2678A93A7}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{BE2FB613-DC7D-466D-926E-2D8A48A92275}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe | 
"{BEB5A006-B708-4A0F-95E6-96E121338565}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{BEC86453-AD6E-49ED-A2A4-C7B771244744}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe | 
"{C4E18CAE-58BB-43CD-AC0F-36DFAC6D5531}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{C89B0DB3-ADD6-4966-B71E-1EA6B36351F0}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{C97B6629-96B4-4AFA-AA8E-8491E229D032}" = protocol=6 | dir=in | app=j:\battlefield bad company 2 installation\installation\bfbc2updater.exe | 
"{CA6BD48D-CEDE-4D6E-90F6-6A29AFFA01AC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe | 
"{CB983A37-8226-4FC1-A370-64468FE2D5A1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{D18D99CC-E680-41F8-B621-0536099A1F33}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steam.exe | 
"{D23FBF07-E105-41FF-8C8D-7B636F9C46E4}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe | 
"{D57833E9-7C6E-48CB-BC81-694D573F3741}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{D99382CB-8319-4589-B2C5-2173ACF3CC1A}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{DA741759-8F1D-48FF-966B-D85F95BACD01}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0597B26-C6D9-45FE-8EB3-9BC34583CDEC}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{E41C3E88-62F0-4300-8912-0AC17F3C9912}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\u3\0877020a28931f0e\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe | 
"{E610BA98-922A-4101-895D-5E7F8F4DB51A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E869332F-242D-47B8-9484-34D31447FC99}" = dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe | 
"{EDC8972E-994B-4DE7-A875-F15CEA735F8A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe | 
"{EE5A97FD-BF8E-4606-A216-9D55A8198567}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F16004F0-A467-4F9A-BF6F-9E10A9137446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F3338F92-AFA6-4135-AF4F-827C3F291EAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F34BAB6D-0B40-45F7-911B-32E4553C1DAA}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{F3700F4B-FCBC-4340-A41C-FB4FF58E2AB5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{F8A677DA-BAD8-4BFF-8B18-791485AA77A6}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\bullet run\launchpad.exe | 
"{FAACBDC6-23C9-4E1F-9E9A-9A15EA58F400}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD321891-A361-4527-ABCD-FDD50C9F8603}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{FD732187-1938-43AD-A857-169979224063}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{FE2C0635-2C57-45CD-89F5-9545B0CD7E32}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{FF3509B2-B5C1-4B06-9E6B-31E8990F2FBD}" = protocol=6 | dir=in | app=j:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"TCP Query User{03D33879-E3AA-4425-BECC-704636108403}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{06EDE779-C0A7-423D-A439-AC91BF725ED4}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{0F96FE42-65E2-499B-B71F-CFF9ED281BA4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{1348F152-A572-4878-983F-4256B827AE16}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{1AB91DBF-EA0E-4B2D-95F0-BA81FC5FB37A}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | 
"TCP Query User{2ABA0EB1-C48B-47A3-8A33-E96E0A6D7731}C:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\kingdoms.exe | 
"TCP Query User{304F9A74-5FE8-4E6F-B368-5F6182377E19}C:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{33CD4190-123C-44FD-8F4C-F97C44973892}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe | 
"TCP Query User{396C7825-604B-4569-A87F-EFBA69A4B70B}C:\users\"Mein Name"\downloads\lt2.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\lt2.exe | 
"TCP Query User{44972D24-599F-4A4E-BC81-041CE26FBA63}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{49757D71-DD69-4DEF-B5D2-FB672CD845BF}C:\users\"Mein Name"\desktop\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\icq6\icq.exe | 
"TCP Query User{4CFC4B1A-2974-4CB0-A923-92F827924253}C:\users\"Mein Name"\documents\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\xfire\xfire.exe | 
"TCP Query User{51C3D57E-86F7-4243-AF5B-E18FF9F1B140}C:\program files\electronic arts\need for speed 2142\bf2142.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed 2142\bf2142.exe | 
"TCP Query User{5220CD32-8958-4517-989A-8B111F5E7147}C:\users\"Mein Name"\desktop\wolf\etded.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\etded.exe | 
"TCP Query User{57C508FA-5A2F-41C0-B9FB-961461BDA7DD}C:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe | 
"TCP Query User{5F92C5E0-49BB-4F8A-B1CA-0234E8C28BDE}J:\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=j:\battlefield 2\bf2.exe | 
"TCP Query User{646CFE34-F136-4D98-81B3-059A6C2471B9}C:\users\"Mein Name"\downloads\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\warcraft iii\war3.exe | 
"TCP Query User{68962E6F-C6C1-49B9-8A22-866295A326AB}C:\users\"Mein Name"\saved games\medieval_tw.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\medieval_tw.exe | 
"TCP Query User{689F6D71-E1F1-42D2-A5BA-166D633B2C4A}C:\users\"Mein Name"\downloads\enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\etded.exe | 
"TCP Query User{6C0900B0-CF0A-4114-A0FD-38A3B1932FDB}J:\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=j:\microsoft games\age of mythology\aom.exe | 
"TCP Query User{7932B87C-1958-4E22-956E-A5417C315923}C:\users\"Mein Name"\desktop\wolf\et.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\et.exe | 
"TCP Query User{87B0E21E-0D7C-4944-8677-CF1482DCAB50}C:\program files\metin2_germany\zoom.nebel.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\zoom.nebel.exe | 
"TCP Query User{93079E9F-415B-48B5-9C4C-1285D146ED99}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"TCP Query User{97CDC3DE-D4EB-4A67-9D23-5A765EC0E94E}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe | 
"TCP Query User{AFC2FCDD-3F35-4FCD-B9D7-D1AAAB6D5770}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{BA7220BB-D13E-4E6D-87D9-EBDCCE9B6FCB}J:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=j:\call of duty 2\cod2mp_s.exe | 
"TCP Query User{C3DE0B48-C340-4EFE-B5D0-B648C72BE420}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe | 
"TCP Query User{C69183A1-BBD4-46CF-A4D6-2E1C306B21EC}C:\users\"Mein Name"\desktop\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\icq6.5\icq.exe | 
"TCP Query User{C883CE68-10E8-42F4-954E-DB94FC5646AE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{CF33721D-264B-42C4-A710-CB872B269610}C:\users\"Mein Name"\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\program files\dna\btdna.exe | 
"TCP Query User{D21D26C6-F907-4DCF-A9E8-25CB6BAA5332}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D2CB94A2-EBEE-418F-A7D9-FCB0DD0BBBC6}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{D4DEBAF2-DA52-4E03-8CA8-7AD39B156076}C:\users\"Mein Name"\downloads\enemy territory\et.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\et.exe | 
"TCP Query User{D8CBD838-3C84-4BBC-AB58-303BA2D3DF5A}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe | 
"TCP Query User{D8E033B5-B008-4C0C-8E58-23E889B07AB5}C:\program files\ea sports\fifa 08\fifa08.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 08\fifa08.exe | 
"TCP Query User{F6E12003-13A5-434D-A5FA-B263130B3C3C}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"UDP Query User{0C0D690E-F99F-4DA4-890D-6D9C8CEDDEFA}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"UDP Query User{107EEF0C-CFBE-461A-A832-0EE7081E28BA}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"UDP Query User{19F2C2CE-717D-4A90-A4B5-7A767B98BE65}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{1AB22088-2A1A-4F36-B9C4-CBAB40991D97}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{1CBF49BA-8D4C-41A7-A455-A60C4C060B93}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe | 
"UDP Query User{27E87F2B-7500-488C-B285-45E1384EFDA5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{2809C715-5B06-46B1-91C9-0C2058BF31AD}J:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=j:\call of duty 2\cod2mp_s.exe | 
"UDP Query User{2FB7BAE5-9D0D-43EE-AD3E-930827C6F036}C:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\kingdoms.exe | 
"UDP Query User{33F3464D-97E7-424A-99FA-A41F0D7BA165}C:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe | 
"UDP Query User{3A78D58A-A596-41E8-A45C-EBF247AFC79A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3C197361-5E89-40A4-ACE0-9DAB5606835C}C:\users\"Mein Name"\downloads\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\warcraft iii\war3.exe | 
"UDP Query User{458F72FD-3FAB-4624-9A3C-08C654CA74FD}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe | 
"UDP Query User{479518A2-2254-4236-9602-1E210D996940}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe | 
"UDP Query User{4A319CA3-9CA3-420E-8A26-FCC8A6E7D8E7}C:\users\"Mein Name"\documents\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\xfire\xfire.exe | 
"UDP Query User{57123135-B37B-4279-BE31-638E79544ED4}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe | 
"UDP Query User{77B992A8-8701-4CD0-84B2-77A3F4E42FE1}C:\program files\metin2_germany\zoom.nebel.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\zoom.nebel.exe | 
"UDP Query User{7FACA5C7-C559-47A2-9F02-68A367299ACE}C:\users\"Mein Name"\saved games\medieval_tw.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\medieval_tw.exe | 
"UDP Query User{88985996-6974-4D4C-A54B-4CE9CDAD28CA}C:\users\"Mein Name"\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\program files\dna\btdna.exe | 
"UDP Query User{929DE895-4CEB-4E2C-B5DE-06D378875361}C:\users\"Mein Name"\downloads\enemy territory\et.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\et.exe | 
"UDP Query User{9B75E4FE-0490-48F1-A8C4-D382993E2BD5}C:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe | 
"UDP Query User{9D416AF1-ABA9-4DFD-9A20-26D57731924C}C:\users\"Mein Name"\desktop\wolf\et.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\et.exe | 
"UDP Query User{9DD0867B-0EB0-43C7-8371-36C47FF0A0F8}C:\users\"Mein Name"\downloads\enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\etded.exe | 
"UDP Query User{A0617B1A-0D69-47BC-A698-81478813B6E1}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{A08232B3-619C-497C-B77F-49F6803C5758}C:\program files\ea sports\fifa 08\fifa08.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 08\fifa08.exe | 
"UDP Query User{A53AEEC9-637F-4CFC-9D49-E6F398D69D1C}C:\users\"Mein Name"\desktop\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\icq6\icq.exe | 
"UDP Query User{AB580111-DC9E-420F-84D3-C136C54C585A}J:\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=j:\battlefield 2\bf2.exe | 
"UDP Query User{AF16AA90-D274-49FA-8FC1-505B2CBAD3BA}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{BA96268C-BA5C-4181-A903-DC90931290E9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{C28E026C-AD95-419E-806A-946CA64FD002}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe | 
"UDP Query User{D4EBB88D-A56D-45D8-9724-508F175F70DC}C:\users\"Mein Name"\downloads\lt2.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\lt2.exe | 
"UDP Query User{D5B045A6-DF06-4911-B625-975909D269AF}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe | 
"UDP Query User{D7F79F11-1A42-4B48-A096-E3199A85CBC5}C:\program files\electronic arts\need for speed 2142\bf2142.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed 2142\bf2142.exe | 
"UDP Query User{E09C0CD6-EEF7-4C72-AFC1-7F88EFB8D012}C:\users\"Mein Name"\desktop\wolf\etded.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\etded.exe | 
"UDP Query User{E0C84730-9955-466D-9B30-83D62422BDA3}J:\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=j:\microsoft games\age of mythology\aom.exe | 
"UDP Query User{E5175B33-EE39-4972-9587-5DBC6DBDCDBC}C:\users\"Mein Name"\desktop\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\icq6.5\icq.exe | 
"UDP Query User{EDB774BA-079A-4E50-A547-3FE6CA4520CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02909B43-867E-4774-BB8B-9840D89D72EF}" = Medieval - Total War (TM)
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0740E89E-9162-4BE2-9C4E-D9CFE33CB67A}" = i-Clickr
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FCEE1FB-C48F-421C-B4C1-B952F1B67617}" = Actio multimedial
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online
"{2BE6CDFB-9037-4FE5-93D4-6CFB4BE84958}" = TubeBox
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Games
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Foto 2006 Standard Edition Editor
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FB66B14-DB8D-770D-D66F-5243AB27B604}" = Catalyst Control Center Graphics Previews Vista
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{581CE7EA-A30D-0000-A215-088635773309}" = Atheros AR5007 Wireless LAN - USB
"{58a26b11-1507-4461-bb28-9c2be3a0dff1}" = TubeBox
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD SPIELE Game-Center
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}" = Targa VFD Display
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6786926E-661B-F38F-4A02-27864C2CC290}" = Trainingstagebuch Uploader
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F5A4EAD-FAB1-48BE-9EDF-A975FF7D1031}" = Nero 7 Essentials
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.206
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{948B09C2-16EF-41DC-8E24-5C90B9D8360F}" = Sun VirtualBox
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9F74B6DE-B89C-4532-AFED-5AB0CCAAC1DF}_is1" = TCX Converter 2.0.24
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 9.0.600.0
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 3.085
"{D719F7E4-9280-410B-97D6-79F18306D29C}" = Similarity 1.1.0
"{DA08DB77-8603-96AC-ED7D-399D7304D079}" = Catalyst Control Center Localization German
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EDC66A92-4603-4D72-B28C-570075B55DF0}" = USB Wireless Keyboard Driver
"{EE246B64-54FC-42A6-8384-B61546B0C7F8}" = Steganos Safe Home 2007
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA630728-674D-F321-A9CE-C6DF1ED4EB50}" = CCC Help German
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FD347316-609E-4149-983C-84B40338D38A}" = Battlefield 2142-Demo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.57
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Mythology 1.0" = Age of Mythology
"Aladdin_is1" = Aladdin
"Alldj DVD Ripper Platium_is1" = Alldj DVD Ripper Platium 4.0
"AnyDVD" = AnyDVD
"AOL Deinstallation" = AOL Deinstallation
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Custom AOM Multiplayer+AI Maps by KillZaw" = Custom AOM Multiplayer+AI Maps by KillZaw
"Defraggler" = Defraggler
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DiskAid_is1" = DiskAid 5.08
"DivX Codec" = DivX Codec
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"easyshare" = devolo EasyShare
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout New Vegas_is1" = Fallout New Vegas
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.811
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.23.324
"Free Studio_is1" = Free Studio version 5.3.3
"Free Video Converter" = Free Video Converter
"Free Video Converter_is1" = Free Video Converter V 2.3
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Free YouTube Uploader_is1" = Free YouTube Uploader version 2.3
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"iLyrics_is1" = iLyrics 1.1.1.2 BETA
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{02909B43-867E-4774-BB8B-9840D89D72EF}" = Medieval - Total War (TM)
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"iPhone_Backup_Switch_1.0" = iPhone Backup Switch
"IrfanView" = IrfanView (remove only)
"ismxydep" = Favorit
"iTSfv_is1" = iTSfv 5.60.25 BETA
"LetsTrade" = LetsTrade Komponenten
"MAGIX_{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaInfo" = MediaInfo 0.7.39
"Medieval Total War" = Medieval - Total War (TM)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Notepad++" = Notepad++
"NSSSetup.{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Origin" = Origin
"Palringo" = Palringo
"Picasa 3" = Picasa 3
"PictureItPrem_v12" = Microsoft Foto 2006 Standard Edition
"Security Task Manager" = Security Task Manager 1.8d
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.2.4
"ST4UNST #1" = Peck's Power Join
"Steam" = Steam
"Steam App 211880" = Bullet Run
"Steam App 22350" = Brink
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TDMaker_is1" = iTSfv 5.60.25.1 BETA
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Uploader.6A755FBD4A9495E76557F9D696C5965FE7FBEA15.1" = Trainingstagebuch Uploader
"VLC media player" = VLC media player 1.0.0
"Voobly_is1" = Voobly Game Data
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"xampp" = XAMPP 1.8.1
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.2.1.6
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"StationRipper" = StationRipper 2.93B
"Vietcong 2" = Vietcong 2
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.12.2012 13:07:27 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000020, Fehleroffset 0x00008fc7,  Prozess-ID 0x1540, Anwendungsstartzeit 01cddbafd1ea10b0.
 
Error - 16.12.2012 16:41:33 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000020, Fehleroffset 0x00008fc7,  Prozess-ID 0xd68, Anwendungsstartzeit 01cddbcdba238100.
 
Error - 17.12.2012 08:25:55 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = Die Protokollscannummer (103:184:1), die an den Protokollscan in der
 'msdb'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
 dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
 (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
 müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
 von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten 
führt. 
 
Error - 17.12.2012 08:25:55 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 3414
Description = Fehler bei der Wiederherstellung. Die 'msdb'-Datenbank (Datenbank-ID
 4) kann daher nicht neu gestartet werden. Diagnostizieren und beheben Sie die Wiederherstellungsfehler,
 oder führen Sie eine Wiederherstellung von einer als fehlerfrei bekannten Sicherung
 aus. Falls die Fehler nicht behoben werden oder unerwartete Fehler auftreten, wenden
 Sie sich an den technischen Support.
 
Error - 17.12.2012 08:26:01 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 8355
Description = Service Broker ist in MSDB deaktiviert, oder MSDB konnte nicht gestartet
 werden. Ereignisbenachrichtigungen auf Serverebene können nicht übermittelt werden.
 Ereignisbenachrichtigungen mit FAN_IN in anderen Datenbanken können ebenfalls davon
 betroffen sein.
 
Error - 17.12.2012 08:33:06 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000020, Fehleroffset 0x00008fc7,  Prozess-ID 0x14c4, Anwendungsstartzeit 01cddc52a5ddc806.
 
Error - 17.12.2012 09:29:22 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000020, Fehleroffset 0x00008fc7,  Prozess-ID 0x8d4, Anwendungsstartzeit 01cddc5a83ce2bd6.
 
Error - 17.12.2012 13:19:18 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = Die Protokollscannummer (103:184:1), die an den Protokollscan in der
 'msdb'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
 dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
 (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
 müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
 von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten 
führt. 
 
Error - 17.12.2012 13:19:18 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 3414
Description = Fehler bei der Wiederherstellung. Die 'msdb'-Datenbank (Datenbank-ID
 4) kann daher nicht neu gestartet werden. Diagnostizieren und beheben Sie die Wiederherstellungsfehler,
 oder führen Sie eine Wiederherstellung von einer als fehlerfrei bekannten Sicherung
 aus. Falls die Fehler nicht behoben werden oder unerwartete Fehler auftreten, wenden
 Sie sich an den technischen Support.
 
Error - 17.12.2012 13:19:22 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 8355
Description = Service Broker ist in MSDB deaktiviert, oder MSDB konnte nicht gestartet
 werden. Ereignisbenachrichtigungen auf Serverebene können nicht übermittelt werden.
 Ereignisbenachrichtigungen mit FAN_IN in anderen Datenbanken können ebenfalls davon
 betroffen sein.
 
[ Media Center Events ]
Error - 28.07.2007 11:05:00 | Computer Name = "Mein Name"-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 16.04.2008 08:10:42 | Computer Name = "Mein Name"-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ OSession Events ]
Error - 05.01.2010 05:34:44 | Computer Name = "Mein Name"-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.12.2012 13:10:11 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 17.12.2012 13:10:11 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 12, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 17.12.2012 13:10:11 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 13, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 17.12.2012 13:12:41 | Computer Name = "Mein Name"-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 17.12.2012 13:21:30 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.12.2012 13:21:30 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2012 13:21:49 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 17.12.2012 13:21:49 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2012 13:23:10 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 17.12.2012 13:23:10 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 17.12.2012, 18:51   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Standard

Funde von Malwarebytes (5 REgistry Keys, 2 Files)



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (StarOpen) --  File not found
O3 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Files
C:\Users\"Mein Name"\Documents\MBR.dat
C:\Users\"Mein Name"\Punkbuster.*
C:\e74359119baa189018d3c0110d143279
C:\ProgramData\sysqcl1129139270.dat
C:\Users\"Mein Name"\AppData\Roaming\inst.exe
C:\Users\"Mein Name"\random.dat
C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat
C:\Users\"Mein Name"\AppData\Local\ismxydep.bat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Funde von Malwarebytes (5 REgistry Keys, 2 Files)
aktion, appdata, dateien, erstell, erstellt, files, gen, hijack, hijack this, infizierte, löschen, malwarebytes, microsoft, ordner, registry, rogue.residue, software, spoiler, system32, temp, this, version, virus, wichtige, windows



Ähnliche Themen: Funde von Malwarebytes (5 REgistry Keys, 2 Files)


  1. Windows 7: AVAST 3 Funde, Malwarebytes 8 Funde
    Log-Analyse und Auswertung - 16.12.2014 (13)
  2. Windows 7: mehrere Registry Key-Funde (über 1000), Internet Explorer sehr langsam
    Log-Analyse und Auswertung - 09.06.2014 (12)
  3. Malwarebytes Funde! Und nun?
    Log-Analyse und Auswertung - 10.04.2014 (15)
  4. aswMBR Locked Files, TDSS Killer und MBR Master keine Funde
    Log-Analyse und Auswertung - 30.03.2014 (7)
  5. Win 7 x64: Setup[1].exe (Win32/Injected.F trojan) in Temporary Internet Files und weitere Funde
    Log-Analyse und Auswertung - 16.03.2014 (13)
  6. Registry Keys bei Scan gefunden? Bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (10)
  7. 14 Funde bei Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (11)
  8. Funde bei Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (22)
  9. Funde malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (5)
  10. Malwarebytes 34 Funde Normal ?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (15)
  11. Windows 7: Avira hat 172 Viren gefunden, davor mehrer Funde einzel Funde bei Malwarebytes bzw. Avira
    Log-Analyse und Auswertung - 15.09.2013 (13)
  12. Mehrere Funde von Malwarebytes: Hauptsächlich Registry keys!
    Log-Analyse und Auswertung - 15.06.2013 (25)
  13. Malwarebytes-Funde
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (32)
  14. Malwarebytes Log: 16 Funde
    Log-Analyse und Auswertung - 20.09.2011 (1)
  15. Funde mit Malwarebytes
    Log-Analyse und Auswertung - 03.06.2010 (2)
  16. silentbanker->McAfee->hidden registry keys / values
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (6)
  17. Log files nicht zu löschen / registry spinnt
    Log-Analyse und Auswertung - 31.05.2005 (4)

Zum Thema Funde von Malwarebytes (5 REgistry Keys, 2 Files) - Hallo! Erster Post seid gnädig Ich habe mir Malwarebytes geholt und einen Systemcheck gemacht. Es fand 5 Infizierungen, davon waren 2 Files und 5 Registry keys. Dies sind die wichtigen - Funde von Malwarebytes (5 REgistry Keys, 2 Files)...
Archiv
Du betrachtest: Funde von Malwarebytes (5 REgistry Keys, 2 Files) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.