Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Redirect - Malware - Google leitet falsch um

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.12.2012, 15:35   #1
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Hallo zusammen,

vorab der Username sollte MasterofDesaster heißen entweder ist der Username auf eine Zeichenanzahl begrenzt oder ich habe mich vertippt *peinlich*

Wäre schön wen das irgendwie umgeändert werden könnte.

Ich bin neu auf diesem Forum und habe mich eigentlich nur wegen dem Problem hier angemeldet. Denke aber, dass ich dieses Forum bei weiteren Problemen wieder aufsuchen werde.

Mein Problem ist das gleiche, wie es dieser Herr hier hat / hatte:
http://www.trojaner-board.de/114152-...et-nichts.html

Seit ungefähr einer Woche leitet Google Suchanfragen auf andere Suchmaschinen Anbieter um, statt auf die eigentliche Ziel Seite.

Folgende Anti Viren Programme habe ich schon drüber laufen lassen:
- Avira Anti Vir (Normales Anti Vir)
- Avira Anti Vir_Anti Rootkit
- Malwarebytes Anti-Malware
und noch ein Programm speziell für Rootkit's wovon mir der Name gerade nicht einfällt.

Leider ohne Erfolg..

Also, habt ihr vielleicht einen Vorschlag, wie ich das Ding wieder von meinem PC' bekommen tue?

Mit freundlichen Grüßen,
MasterofDesaster

P.s. Interessant ist auch das Google mich bei dem Suchbegriff "ihavenet" (Eine dieser Seiten auf die Google weiterleitet) auf die Microsoft Seite hxxp://support.microsoft.com/kb/827315 umleitet.

Alt 20.12.2012, 16:00   #2
ryder
/// TB-Ausbilder
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Und die Logfiles die dabei entstanden sind, sind geheim?
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 20.12.2012, 19:36   #3
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Abend,

Hier die Logs die ich vergessen hatte, beim ersten Post einzureichen:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-20 19:27:29
Windows 6.1.7601 Service Pack 1 
Running: 3cx5glfb.exe


---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                     0
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                  0x94 0x49 0x38 0x79 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                               
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                            0x20 0x01 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                         0xFB 0xBF 0x1C 0xB1 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                  0x3D 0x14 0x32 0x85 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41                                                                                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                                                                                  0xCC 0x64 0x09 0x51 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                    
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                         0
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                      0x94 0x49 0x38 0x79 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                           
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                0x20 0x01 0x00 0x00 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                             0xFB 0xBF 0x1C 0xB1 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                    
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                      0x3D 0x14 0x32 0x85 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)                                                                    
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                                                                                      0xCC 0x64 0x09 0x51 ...
Reg   HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\Electronic Arts\SimCity\x2122 Societies\PackageInstaller.exe  1

---- Files - GMER 1.0.15 ----

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00158.log                                                                                                                  1048576 bytes
File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00159.log                                                                                                                  0 bytes

---- EOF - GMER 1.0.15 ----
         
__________________

Geändert von MasterofDesa (20.12.2012 um 19:42 Uhr)

Alt 20.12.2012, 19:37   #4
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.12.2012 18:34:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Paul\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,68 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 79,60% Memory free
15,36 Gb Paging File | 13,75 Gb Available in Paging File | 89,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 404,09 Gb Free Space | 86,78% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 95,80 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
 
Computer Name: PAUL | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.20 18:34:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Downloads\OTL.exe
PRC - [2012.08.10 12:56:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 13:30:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 13:30:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.23 18:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
PRC - [2011.01.23 18:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.23 18:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
MOD - [2011.01.23 18:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
MOD - [2010.04.01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
MOD - [2010.04.01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
MOD - [2009.05.27 06:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
MOD - [2009.04.07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
MOD - [2009.03.09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009.02.20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll
MOD - [2009.02.20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.14 13:01:44 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2010.04.14 13:01:37 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.14 19:19:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.09 18:08:50 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 13:30:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 13:30:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.09 18:46:10 | 008,158,720 | ---- | M] () [Auto | Stopped] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011.06.07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.04.14 13:01:37 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010.04.14 13:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.21 03:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- c:\xampp\service.exe -- (XAMPP)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2012.05.08 13:30:45 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:30:45 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.22 12:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.28 11:41:58 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.01.10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.22 02:47:10 | 000,243,712 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.14 22:43:10 | 000,343,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57amd64.sys -- (k57nd)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.13 11:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.09 02:53:52 | 000,027,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OAfilt.sys -- (OAfilt)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 12:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\1075.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =  
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 C1 3F E2 E5 CF CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8619ED4E-6DC2-4923-B2AC-0EFA34152DA5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=fc911272-afc3-427e-a24a-fba71373df57&apn_sauid=F340EF68-6056-4AF0-BC1A-CD1EB2714A5E
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.17 15:59:59 | 000,000,000 | ---D | M]
 
[2012.04.14 16:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions
[2012.12.17 17:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\fyuzp2lz.default\extensions
[2012.12.14 18:42:36 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\fyuzp2lz.default\extensions\ich@maltegoetz.de
[2012.11.18 13:32:29 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\extensions\toolbar@web.de.xpi
[2012.08.30 15:22:54 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.12.17 17:36:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.18 13:32:33 | 000,000,911 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\searchplugins\11-suche.xml
[2012.11.18 13:32:33 | 000,002,273 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\searchplugins\englische-ergebnisse.xml
[2012.11.18 13:32:33 | 000,010,563 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\searchplugins\gmx-suche.xml
[2012.11.18 13:32:33 | 000,002,432 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\searchplugins\lastminute.xml
[2012.10.21 15:41:42 | 000,003,915 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\searchplugins\sweetim.xml
[2012.11.18 13:32:33 | 000,005,545 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\fyuzp2lz.default\searchplugins\webde-suche.xml
[2012.10.14 16:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.17 15:59:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.17 12:53:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 21:54:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.17 12:53:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.17 12:53:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.17 12:53:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.17 12:53:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Users\Paul\Desktop\eclipse\jre\bin\jp2ssv.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ETD Control Center] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4EFC12-F303-423E-81E6-C6F2A7EB6150}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE48309-9898-46A9-B8FC-639DDB3B91BA}: NameServer = 192.168.178.103,192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\sys32\svhost.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ab42f949-57f3-11e1-bbd5-dc0ea1089af0}\Shell - "" = AutoRun
O33 - MountPoints2\{ab42f949-57f3-11e1-bbd5-dc0ea1089af0}\Shell\AutoRun\command - "" = E:\gehirnjogging.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 19:26:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2012.12.17 19:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 19:26:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.17 19:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 19:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.17 17:10:04 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.17 17:05:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.17 16:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.12.16 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\assembly
[2012.12.16 10:32:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\FileActions
[2012.12.15 21:57:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.12.15 21:56:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\GehirnJoggingGenerations
[2012.12.15 21:56:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happyneuron
[2012.12.15 21:55:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Happyneuron
[2012.12.14 15:51:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Adobe Mini Bridge CS5
[2012.12.13 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Publish Providers
[2012.12.13 10:56:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Vegas Movie Studio HD Platinum 11.0 Projekte
[2012.12.01 22:00:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\TuneUp Software
[2012.12.01 22:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.01 21:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2012.12.01 21:56:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012.12.01 21:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.01 21:46:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.12.01 21:33:37 | 000,000,000 | ---D | C] -- C:\Directx
[2012.12.01 21:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.12.01 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.12.01 20:54:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\DivX
[2012.12.01 20:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.12.01 20:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.12.01 20:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.12.01 20:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.12.01 20:51:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\FileZilla
[2012.12.01 20:51:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.12.01 20:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.12.01 20:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.12.01 20:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.12.01 20:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.12.01 20:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.12.01 20:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.12.01 20:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.12.01 20:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.12.01 20:38:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.01 20:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.01 20:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012.12.01 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Saw
[2012.12.01 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\HTML, FLASH  und PHP
[2012.12.01 19:55:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Visual Basic Projekte
[2012.12.01 19:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.12.01 19:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.01 19:46:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Visual Studio 2010
[2012.12.01 19:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.12.01 19:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012.12.01 19:35:03 | 004,677,512 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\ETDUI.cpl
[2012.12.01 19:35:03 | 000,135,560 | ---- | C] (ELAN Microelectronic Corp.) -- C:\Windows\SysNative\drivers\ETD.sys
[2012.12.01 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.12.01 18:05:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Macromedia
[2012.12.01 18:05:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Adobe
[2012.12.01 18:05:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.12.01 18:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.12.01 17:38:13 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.12.01 17:37:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda
[2012.12.01 17:37:07 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.12.01 17:35:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.12.01 17:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.01 17:35:45 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.12.01 17:35:44 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.12.01 17:35:44 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012.12.01 17:35:44 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.12.01 17:35:44 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.12.01 17:35:44 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.12.01 17:35:44 | 000,078,672 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012.12.01 17:35:44 | 000,078,672 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012.12.01 17:35:44 | 000,071,504 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.12.01 17:35:41 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.12.01 17:35:41 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.12.01 17:35:41 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.12.01 17:35:41 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.12.01 17:35:41 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.12.01 17:35:41 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.12.01 17:35:39 | 001,736,536 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.12.01 17:35:39 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.12.01 17:35:38 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.12.01 17:35:38 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.12.01 17:35:38 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.12.01 17:35:37 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.12.01 17:35:37 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.12.01 17:35:37 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.12.01 17:35:37 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.12.01 17:35:36 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.12.01 17:35:36 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.12.01 17:35:36 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.12.01 17:35:36 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.12.01 17:35:36 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.12.01 17:35:36 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.12.01 17:35:36 | 000,124,176 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.12.01 17:35:36 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.12.01 17:35:36 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.12.01 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.12.01 17:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.12.01 17:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.12.01 17:32:53 | 002,229,608 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012.12.01 17:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.12.01 17:27:16 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.01 17:27:16 | 000,000,000 | R--D | C] -- C:\Users\Paul\Searches
[2012.12.01 17:27:16 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.01 17:27:05 | 000,000,000 | R--D | C] -- C:\Users\Paul\Contacts
[2012.12.01 17:26:54 | 000,000,000 | --SD | C] -- C:\Users\Paul\AppData\Roaming\Microsoft
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Videos
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Saved Games
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Pictures
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Music
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Links
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Favorites
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Downloads
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Documents
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\Desktop
[2012.12.01 17:26:54 | 000,000,000 | R--D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Vorlagen
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\Verlauf
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\Temporary Internet Files
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Startmenü
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\SendTo
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Recent
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Netzwerkumgebung
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Lokale Einstellungen
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Documents\Eigene Videos
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Documents\Eigene Musik
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Eigene Dateien
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Documents\Eigene Bilder
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Druckumgebung
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Cookies
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Local\Anwendungsdaten
[2012.12.01 17:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Paul\Anwendungsdaten
[2012.12.01 17:26:54 | 000,000,000 | -H-D | C] -- C:\Users\Paul\AppData
[2012.12.01 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Temp
[2012.12.01 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Microsoft
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012.12.01 17:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.12.01 17:22:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.12.01 17:22:03 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.11.24 17:18:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.24 17:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.24 17:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.23 16:53:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Haunt_64_Data
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 18:36:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.20 18:34:02 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 18:34:02 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 18:34:02 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 18:34:02 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 18:34:02 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.20 18:24:05 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 18:24:05 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 18:19:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 18:19:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.20 18:18:59 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\vlpwcvxy.job
[2012.12.20 18:18:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 18:17:40 | 000,000,020 | ---- | M] () -- C:\Users\Paul\defogger_reenable
[2012.12.17 21:23:30 | 005,020,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.17 19:27:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 13:43:05 | 000,135,168 | RHS- | M] () -- C:\Windows\SysWow64\rasdlgr.dll
[2012.12.14 11:05:27 | 000,001,857 | ---- | M] () -- C:\Users\Paul\Desktop\UseNeXT.lnk
[2012.12.11 14:35:26 | 008,664,903 | ---- | M] () -- C:\Users\Paul\Desktop\Given In Death - Heaven Shall Burn.mp3
[2012.12.01 20:51:58 | 000,002,000 | ---- | M] () -- C:\Users\Paul\Desktop\FileZilla Client .lnk
[2012.12.01 20:42:25 | 000,000,943 | ---- | M] () -- C:\Users\Paul\Desktop\Audacity .lnk
[2012.12.01 17:23:55 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.12.01 17:23:55 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.12.01 17:22:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.29 15:55:16 | 008,455,117 | ---- | M] () -- C:\Users\Paul\Desktop\All That Remains - This Calling  [HQ].mp3
[2012.11.26 20:44:53 | 000,007,617 | ---- | M] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2012.11.24 17:18:04 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.20 18:17:40 | 000,000,020 | ---- | C] () -- C:\Users\Paul\defogger_reenable
[2012.12.20 14:38:59 | 008,455,117 | ---- | C] () -- C:\Users\Paul\Desktop\All That Remains - This Calling  [HQ].mp3
[2012.12.20 14:38:31 | 008,664,903 | ---- | C] () -- C:\Users\Paul\Desktop\Given In Death - Heaven Shall Burn.mp3
[2012.12.17 21:23:09 | 005,020,168 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.17 19:26:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 13:43:05 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\rasdlgr.dll
[2012.12.16 13:43:05 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\vlpwcvxy.job
[2012.12.15 22:18:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.15 21:56:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.15 12:23:31 | 000,001,391 | ---- | C] () -- C:\Users\Paul\Desktop\Microsoft Visual Basic 2010 Express.lnk
[2012.12.14 11:05:27 | 000,001,857 | ---- | C] () -- C:\Users\Paul\Desktop\UseNeXT.lnk
[2012.12.01 21:55:20 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.01 20:59:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.12.01 20:51:58 | 000,002,000 | ---- | C] () -- C:\Users\Paul\Desktop\FileZilla Client .lnk
[2012.12.01 20:50:36 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012.12.01 20:49:16 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.12.01 20:49:01 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.12.01 20:47:10 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.12.01 20:47:05 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.12.01 20:42:25 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.12.01 20:42:25 | 000,000,943 | ---- | C] () -- C:\Users\Paul\Desktop\Audacity .lnk
[2012.12.01 19:26:40 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.01 17:35:49 | 000,247,560 | R--- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2012.12.01 17:35:49 | 000,037,468 | R--- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2012.12.01 17:35:49 | 000,001,448 | R--- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2012.12.01 17:35:49 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2012.12.01 17:35:49 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2012.12.01 17:35:49 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2012.12.01 17:35:49 | 000,000,520 | R--- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2012.12.01 17:35:49 | 000,000,176 | R--- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat
[2012.12.01 17:35:49 | 000,000,024 | R--- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2012.12.01 17:34:29 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012.12.01 17:27:16 | 000,000,457 | -HS- | C] () -- C:\Users\Paul\Desktop\desktop .ini
[2012.12.01 17:22:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.26 20:44:53 | 000,007,617 | ---- | C] () -- C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
[2012.11.23 16:53:27 | 010,741,248 | ---- | C] () -- C:\Users\Paul\Desktop\Haunt_64.exe
[2012.10.09 18:09:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.09.01 15:44:25 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini
[2012.08.14 22:21:37 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2012.07.20 20:23:33 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.04 16:03:44 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2012.05.31 18:50:58 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2012.05.31 18:50:58 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2012.04.01 21:40:45 | 000,000,132 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.28 13:51:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.03.28 13:01:46 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.22 19:56:51 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll
[2012.01.22 19:56:51 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll
[2012.01.22 19:56:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll
[2012.01.22 19:56:51 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll
[2012.01.22 19:56:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll
[2012.01.22 19:56:51 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll
[2012.01.22 19:56:51 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll
[2012.01.22 19:56:51 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll
[2012.01.22 19:56:51 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll
[2012.01.22 19:56:51 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll
[2012.01.22 19:56:51 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll
[2012.01.22 19:56:51 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll
[2012.01.22 19:56:51 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll
[2012.01.22 19:56:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll
[2012.01.22 19:56:51 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll
[2012.01.22 19:56:50 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll
[2012.01.22 19:56:50 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll
[2012.01.22 19:56:50 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecoms.exe
[2012.01.22 19:56:50 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecfg.exe
[2012.01.22 19:56:50 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll
[2012.01.22 19:56:50 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeih.exe
[2012.01.22 19:56:28 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll
[2012.01.22 19:56:28 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.16 12:55:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.minecraft
[2012.10.14 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\BASS.NET
[2012.12.20 18:19:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Dropbox
[2012.12.19 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FileZilla
[2012.12.15 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GehirnJoggingGenerations
[2012.12.20 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ
[2012.05.13 15:38:38 | 000,000,000 | RHSD | M] -- C:\Users\Paul\AppData\Roaming\install
[2012.04.24 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAXON
[2012.12.20 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\NetSpeedMonitor
[2012.04.08 18:31:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
[2012.04.07 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2012.12.13 10:56:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Publish Providers
[2012.12.17 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony
[2012.08.02 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Stardock
[2012.12.17 17:10:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TuneUp Software
[2012.12.17 17:28:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\UseNeXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         

Alt 20.12.2012, 19:44   #5
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Und die Extras.txt..

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.12.2012 18:34:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Paul\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,68 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 79,60% Memory free
15,36 Gb Paging File | 13,75 Gb Available in Paging File | 89,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 404,09 Gb Free Space | 86,78% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 95,80 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
 
Computer Name: PAUL | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01684FF5-89F6-41C1-9FDB-CF82B19A45AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15FD6582-025F-4228-AC5D-39C54A046732}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1964CA9B-2EF5-4B09-AE36-59EC7BA7FE1A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1D7D72FD-F871-4193-9A8D-26E83D72B58A}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{217EE448-8A3A-4711-8349-700C53A9CA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A61EF8B-F62C-4CC3-A6E1-2B3353244A21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CE408E3-E934-4A3D-9085-60D43A2D4FD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4AEAF4DC-7180-4A7A-A9E2-B17A3FB7E912}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4C676FDD-897E-4E39-BB95-0EDCD68D1D2C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5260F6F9-47E4-4915-AA22-8B5501832C3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52E81550-2FE6-4263-832F-E4399431D47D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{56B5FCAF-4AD9-4EEE-869D-B417AD58FA90}" = lport=139 | protocol=6 | dir=in | app=system | 
"{64B3CCD6-22BC-4AA0-B8B8-4A1FC639B697}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6897709A-30F4-4F5D-8AD2-E6634BA97593}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6CB3F4EE-198B-4F2F-9CC0-6F1515430C3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{70FEEB51-52FC-4A35-A901-CB41145DECB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7313FC73-4902-44BC-B6FE-71B776F63FE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C3C6319-2974-4ABD-AF7F-10215FB38AEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CE62199-1A70-41F6-B9EE-594CDF00B291}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8F6542C8-1EA9-441F-B573-2A2DD2297F79}" = rport=445 | protocol=6 | dir=out | app=system | 
"{98E3C43A-8227-4DC2-863E-C5501BCC7ACB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9B1F7371-417D-4337-B708-E54F109AFDDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0F5B21A-0032-476E-ADBE-3136D6F68A35}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{B4964503-6D1D-4BE6-8BEB-EC9445B1D971}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C026B12B-14A5-431F-B916-18F916C74DC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E0B29240-9862-4282-A835-402E5334F198}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F04473EE-172D-4745-8B3C-FADDCF2C5B58}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023DF04E-186C-4B1D-B29A-A4BC5F776154}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0348ADFC-C89F-43C3-AA6F-48A8CFB80472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{09C27258-97D9-45D8-A339-9E28A912C6AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{109579A1-ABDB-4DD2-8CD9-8AE335A8495E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{1236AEF4-DB22-4C2D-A91E-A8EFBE0B9364}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{20DD4019-7261-4E32-9394-D073657A47F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{230552F5-A71D-42E7-9FA9-DA2BB24CB391}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{270DC5A9-9907-460F-8272-4E382A8F4718}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{2BC6EA7A-CF9E-498C-A8F9-8F21D921E4B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{363353B5-E7C7-48BA-BC36-3C622C72D4B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3CC20C87-4E21-4977-8CF8-EF99C3B5405A}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{3E5D69E1-5927-4515-9F35-2260072F05A1}" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe | 
"{44007AE8-1CB9-48DA-8F14-D70994EF357C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4B1DBF64-9CF0-44F6-B0E3-3384AE022275}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D287F0B-8615-412C-875F-AD394BB4F4D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{54560336-9361-48C0-811F-70885E3757D5}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{5C6FADE9-D947-408A-AB06-09D3596CFCCC}" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe | 
"{60CFC40D-BA24-4683-BDD9-D99BD05979BC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{71C135DA-B9B8-4D40-895D-0DB06766AEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{761EE36C-90E0-44B6-857B-CAF779956421}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{9210640F-50C6-43C6-829F-24295000FF36}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{981FD4B3-43F2-4D72-ACA9-83DDDC1BBB3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A0B45E59-E1E4-4803-89AE-B3F8AA82C7EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7EF9827-B8B6-4EBC-84D5-47D55D0E89AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A9108294-51D2-4C80-A4EF-98E2BC1EE64B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{AB21CEA6-D8EC-46DB-8403-A146123D5438}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B27A0548-27A8-4B6C-AC0F-8686E0F7629B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B4A0B17E-361D-4C7C-9292-00179A2CE78E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B802DB8E-0BC6-4F06-9A36-25958310320F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B8FE2A89-2D0C-4AA9-885C-20CB2D57DF99}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{BF22DEC3-A0EE-4624-A21F-D5E27C789375}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C155BD50-3EE7-43E5-A527-A87901059BF5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C38246F3-F1AB-40C3-B218-21B664C370B2}" = protocol=6 | dir=out | app=system | 
"{CC1ACE4E-0AD5-490C-B7A9-7C1A24397684}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D5A82CD5-9BA8-4895-8B1B-1F8DBC0AFC32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DA8BFBA8-1863-4020-A94E-B94F0271E7AB}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{E23B87C2-ACAD-4423-BA31-0504EC7288F8}" = dir=in | app=c:\windows\system32\lxeecoms.exe | 
"{E9D718B9-C1FC-4F10-B791-AC03B9E9D53E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F263BC35-CA37-4655-9587-9B6AC9D0D0C8}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{F83CABB9-A46D-42E2-87D8-CC0BDD9493A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FEAE2F86-7EB9-4C12-8FB7-4F6F7B4F4B52}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{0F69628D-B73A-438D-9CA0-B8B39B45C831}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{1232FA48-8F3A-4501-9151-C14F4EECAB08}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{13AD371E-8D1D-45EF-AA50-B97560952C24}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{13F0B415-B0E4-4088-9B36-DFCBA2C2B6E4}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{171D6A79-C6EB-4ACA-AD96-C27C26333A41}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{501B5033-FC01-4BC3-94A1-E5ED3FDC6BE1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{60247F13-BAF3-418D-9BD8-70AA190D8652}C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe | 
"TCP Query User{6E80ED59-17DF-412D-9B66-8FD866777D17}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{75DD4035-6FC7-4AC2-BA58-741C490FA249}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{85FC4036-532B-4622-902D-F8A0065C33ED}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{88FC55C9-20BF-4236-853E-ACEB88246C58}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{BEEE3B88-55DB-4C3D-A541-A5D8D78AE09E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{FDF1BBCB-43FB-42FF-A851-6E146A2FDE33}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{01B937D4-FB66-4986-8F19-070BCCF9117B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{16E06A12-D229-4977-B045-04641B655F69}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{17682660-7E15-4CE9-ABB9-4571BBF0355A}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{28999388-1F39-41D8-902E-78848B8500A3}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{7348B9ED-1A10-4ED1-8494-CB240DD5942C}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{7DB444F8-E3E8-49D3-9832-8BBDB8D115BC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{8BAFD214-D139-4773-A676-EE287946E28B}C:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - closed beta 7.0\binaries\win32\udk.exe | 
"UDP Query User{924E1E73-5C6B-441B-B074-23608B11C69F}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{BBD4AB04-25E2-4F73-835C-5C99481ADD02}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{BE4EB7C6-8B16-4E84-973E-2BA48BBD29A8}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{E21FFDFF-7E90-4562-B6B3-A854BE0D5D88}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{E9CF8ED5-F29D-4E14-929C-8769DB438A8B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{FE140738-F5A3-496F-A99B-2C8CAD84DF44}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160350}" = Java(TM) SE Development Kit 6 Update 35 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"MAXON8C02D5E0" = CINEMA 4D 12.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"UDK-3c7954e9-7d0e-4970-986f-a324d4c02e46" = Paranormal - CLOSED BETA 7.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{79B3E8EE-35F2-4CCD-82D9-4A57F408E449}" = Nero 11 Platinum
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2EDC0F-B7C2-11E0-BE17-0013D3D69929}" = Vegas Movie Studio HD Platinum 11.0
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0E3B891-B7C3-11E0-A2BD-001320F83A25}" = MSVCRT Redists
"{C93093D4-06B3-48BE-B93F-620EB253872A}" = BASS.NET API
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Nokia Suite" = Nokia Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Tunatic" = Tunatic
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR Archivierer
"xampp" = XAMPP 1.7.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.12.2012 15:23:30 | Computer Name = Paul | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm 1602 wurde wegen dieses Fehlers geschlossen.

Programm:
 1602  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000013  Datenträgertyp: 0
 
Error - 12.12.2012 15:35:48 | Computer Name = Paul | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 1602.exe, Version: 0.2.5.2, Zeitstempel:
 0x37c2b625  Name des fehlerhaften Moduls: 1602.exe, Version: 0.2.5.2, Zeitstempel:
 0x37c2b625  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006a976  ID des fehlerhaften Prozesses:
 0x9b8  Startzeit der fehlerhaften Anwendung: 0x01cdd89e962b5f3d  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\ANNO 1602 Königs-Edition\1602.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\ANNO 1602 Königs-Edition\1602.exe  Berichtskennung:
 20c5ec4e-4493-11e2-9325-dc0ea1089af0
 
Error - 12.12.2012 17:20:13 | Computer Name = Paul | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.4.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e48    Startzeit: 
01cdd8acbbcc347d    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:
 b5039237-44a1-11e2-9325-dc0ea1089af0  
 
Error - 14.12.2012 19:01:53 | Computer Name = Paul | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fritz.exe, Version: 0.0.0.0, Zeitstempel:
 0x46aa1ab7  Name des fehlerhaften Moduls: Fritz.exe, Version: 0.0.0.0, Zeitstempel:
 0x46aa1ab7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000012fe  ID des fehlerhaften Prozesses:
 0x40e8  Startzeit der fehlerhaften Anwendung: 0x01cdda4effa37fa0  Pfad der fehlerhaften
 Anwendung: C:\Users\Paul\AppData\Local\Temp\Rar$EX00.260\Fritz.exe  Pfad des fehlerhaften
 Moduls: C:\Users\Paul\AppData\Local\Temp\Rar$EX00.260\Fritz.exe  Berichtskennung:
 3fdb802c-4642-11e2-8edc-dc0ea1089af0
 
Error - 15.12.2012 17:25:04 | Computer Name = Paul | Source = MsiInstaller | ID = 11935
Description = 
 
Error - 17.12.2012 12:07:04 | Computer Name = Paul | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 17.12.2012 12:19:47 | Computer Name = Paul | Source = Application Hang | ID = 1002
Description = Programm integrator.exe, Version 13.0.3000.132 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 21c0    Startzeit: 01cddc72425aafe5    Endzeit: 0    Anwendungspfad: 
C:\Program Files (x86)\TuneUp Utilities 2013\integrator.exe    Berichts-ID:   
 
Error - 17.12.2012 15:59:39 | Computer Name = Paul | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_NlaSvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: nlasvc.dll, Version: 6.1.7601.17964,
 Zeitstempel: 0x506c7976  Ausnahmecode: 0xc0000006  Fehleroffset: 0x000000000002407c
ID
 des fehlerhaften Prozesses: 0x458  Startzeit der fehlerhaften Anwendung: 0x01cddc66be0a67df
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\nlasvc.dll  Berichtskennung: 4a0f256d-4884-11e2-b1df-dc0ea1089af0
 
Error - 17.12.2012 15:59:40 | Computer Name = Paul | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\nlasvc.dll"
 zugegriffen werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern,
 oder der Datenträger fehlt.  Das Programm Hostprozess für Windows-Dienste wurde wegen
 dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei: C:\Windows\System32\nlasvc.dll

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. 
Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000185  Datenträgertyp: 3
 
Error - 20.12.2012 12:08:51 | Computer Name = Paul | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 20.12.2012 12:09:36 | Computer Name = Paul | Source = Windows Search Service | ID = 7042
Description = 
 
[ Media Center Events ]
Error - 28.03.2012 12:36:12 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 18:36:12 - Fehler beim Herstellen der Internetverbindung.  18:36:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2012 12:36:22 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 18:36:17 - Fehler beim Herstellen der Internetverbindung.  18:36:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 08:00:00 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 14:00:00 - Fehler beim Herstellen der Internetverbindung.  14:00:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 08:00:27 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 14:00:12 - Fehler beim Herstellen der Internetverbindung.  14:00:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 09:00:31 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 15:00:31 - Fehler beim Herstellen der Internetverbindung.  15:00:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 09:00:37 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 15:00:36 - Fehler beim Herstellen der Internetverbindung.  15:00:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 11:09:57 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 17:09:57 - Fehler beim Herstellen der Internetverbindung.  17:09:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 11:10:03 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 17:10:02 - Fehler beim Herstellen der Internetverbindung.  17:10:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 12:10:13 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 18:10:13 - Fehler beim Herstellen der Internetverbindung.  18:10:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 29.03.2012 12:10:29 | Computer Name = Paul | Source = MCUpdate | ID = 0
Description = 18:10:19 - Fehler beim Herstellen der Internetverbindung.  18:10:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 12:55:56 | Computer Name = Paul | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 20.12.2012 13:19:00 | Computer Name = Paul | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxeeCATSCustConnectService erreicht.
 
Error - 20.12.2012 13:19:00 | Computer Name = Paul | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 20.12.2012 13:20:03 | Computer Name = Paul | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Hoffe, ihr könnt mir helfen.

Mit freundlichen Grüßen,
MasterofDesaster


Alt 20.12.2012, 21:05   #6
ryder
/// TB-Ausbilder
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um




Zitat:
Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.


Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.
  • Nur Scanns durchführen zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Wenn du das alles gelesen und verstanden hast, kannst du loslegen!
Gelesen und verstanden?

Schritt 1:
Laufwerksemulationen abschalten mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully ... Continue?" bestätige dies mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Poste bitte die defogger_disable.txt von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.
Schritt 2:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
Schritt 3:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change parameters, setze einen Haken bei Detect TDLFS file system und bestätige mit OK.
  • Drücke Start Scan
  • Warnung:
    Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread (bitte dringend in CODE-Tags mit dem #-Symbol im Editor).
Schritt 4:
Scan mit DDS (+ attach)
Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com | dds.scr | dds.pif
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.
__________________
--> Google Redirect - Malware - Google leitet falsch um

Alt 20.12.2012, 21:15   #7
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Danke dir das, du mir helfen willst

PC wurde automatisch neugestartet wie es im Log steht.
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:17 on 20/12/2012 (Paul)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Gruß,
MasterofDesaster

Alt 20.12.2012, 21:17   #8
ryder
/// TB-Ausbilder
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Gelesen und verstanden?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 20.12.2012, 21:36   #9
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Ja, habe alles gelesen und verstanden.

Programm aswMBR.exe bleibt leider bei einer Datei im Windows Verzeichniss hängen.

".. funktioniert nicht mehr" Screen erscheint

versuche es jetzt hiermit:
"Hinweis: Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none)"

P.s. Hier das LOG:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 21:34:31
-----------------------------
21:34:31.916    OS Version: Windows x64 6.1.7601 Service Pack 1
21:34:31.916    Number of processors: 4 586 0x2505
21:34:31.916    ComputerName: PAUL  UserName: Paul
21:34:35.011    Initialize success
21:34:42.736    AVAST engine defs: 12122001
21:36:52.479    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:36:52.484    Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11
21:36:52.499    Disk 0 MBR read successfully
21:36:52.504    Disk 0 MBR scan
21:36:52.509    Disk 0 Windows 7 default MBR code
21:36:52.519    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:36:52.534    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
21:36:52.594    Disk 0 scanning C:\Windows\system32\drivers
21:37:16.154    Service scanning
21:37:51.214    Modules scanning
21:37:51.219    Disk 0 trace - called modules:
21:37:51.264    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
21:37:51.269    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008313060]
21:37:51.274    3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80080ab550]
21:37:51.279    Scan finished successfully
21:38:15.669    Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
21:38:15.674    The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"
         

Alt 20.12.2012, 21:42   #10
ryder
/// TB-Ausbilder
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Zitat:
Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.
-------------

Dann bitte weiter.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 20.12.2012, 21:51   #11
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



DDS Logfile:
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by Paul at 21:48:16 on 2012-12-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.7863.5983 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\lxeecoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
uLocal Page =  
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ETD Control Center] C:\Program Files\Elantech\ETDCtrl.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00109-0002-0009-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{2A4EFC12-F303-423E-81E6-C6F2A7EB6150} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{2A4EFC12-F303-423E-81E6-C6F2A7EB6150}\02D4F62696C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A4EFC12-F303-423E-81E6-C6F2A7EB6150}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2A4EFC12-F303-423E-81E6-C6F2A7EB6150}\D4F62696C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8DE48309-9898-46A9-B8FC-639DDB3B91BA} : NameServer = 192.168.178.103,192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\fyuzp2lz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-17 17:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\fyuzp2lz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 10
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-3-27 27760]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-27 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-27 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-3-27 98848]
R2 lxee_device;lxee_device;C:\Windows\System32\lxeecoms.exe -service --> C:\Windows\System32\lxeecoms.exe -service [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-12-1 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-12-1 56344]
R3 k57nd;Broadcom NetLink Gigabit Ethernet;C:\Windows\System32\drivers\k57amd64.sys [2010-5-14 343080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeeserv.exe [2012-1-22 45736]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 XAMPP;XAMPP Service;C:\xampp\service.exe [2007-12-21 60928]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\1075.tmp [2012-12-17 6144]
S3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 OAfilt;OAfilt;C:\Windows\System32\drivers\OAfilt.sys [2012-6-11 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-1-14 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-12-1 243712]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-14 59392]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE /p %1 [default=print - 'Open' doesn't exist]
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-17 18:26:35	--------	d-----w-	C:\Users\Paul\AppData\Roaming\Malwarebytes
2012-12-17 18:26:28	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-12-17 18:26:28	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-12-17 18:26:27	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-17 16:12:52	37216	----a-w-	C:\Windows\System32\uxt8CF3.tmp
2012-12-17 16:10:04	--------	d-sh--w-	C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-17 16:05:41	--------	d--h--w-	C:\ProgramData\Common Files
2012-12-17 15:42:26	6144	------w-	C:\Windows\System32\1075.tmp
2012-12-17 15:27:19	6144	------w-	C:\Windows\System32\3745.tmp
2012-12-17 15:27:12	--------	d-----w-	C:\Program Files (x86)\Sophos
2012-12-16 12:43:05	135168	--sha-r-	C:\Windows\SysWow64\rasdlgr.dll
2012-12-16 12:38:24	--------	d-----w-	C:\Users\Paul\AppData\Local\assembly
2012-12-15 21:18:23	9728	----a-w-	C:\Windows\System32\Wdfres.dll
2012-12-15 21:18:23	785512	----a-w-	C:\Windows\System32\drivers\Wdf01000.sys
2012-12-15 21:18:23	54376	----a-w-	C:\Windows\System32\drivers\WdfLdr.sys
2012-12-15 21:18:23	2560	----a-w-	C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2012-12-15 21:07:28	9125352	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E873CAC6-FFA6-4978-B0AC-EAE45A734D76}\mpengine.dll
2012-12-15 20:56:51	--------	d-----w-	C:\Users\Paul\AppData\Roaming\GehirnJoggingGenerations
2012-12-15 20:56:08	87040	----a-w-	C:\Windows\System32\drivers\WUDFPf.sys
2012-12-15 20:56:08	198656	----a-w-	C:\Windows\System32\drivers\WUDFRd.sys
2012-12-15 20:56:07	84992	----a-w-	C:\Windows\System32\WUDFSvc.dll
2012-12-15 20:56:07	744448	----a-w-	C:\Windows\System32\WUDFx.dll
2012-12-15 20:56:07	45056	----a-w-	C:\Windows\System32\WUDFCoinstaller.dll
2012-12-15 20:56:07	229888	----a-w-	C:\Windows\System32\WUDFHost.exe
2012-12-15 20:56:07	194048	----a-w-	C:\Windows\System32\WUDFPlatform.dll
2012-12-15 20:55:30	--------	d-----w-	C:\Program Files (x86)\Happyneuron
2012-12-15 20:50:22	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-15 20:50:22	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-15 20:50:22	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-15 20:50:22	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-15 20:50:18	55296	----a-w-	C:\Windows\System32\dhcpcsvc6.dll
2012-12-15 20:50:18	44032	----a-w-	C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-15 20:50:18	226816	----a-w-	C:\Windows\System32\dhcpcore6.dll
2012-12-15 20:50:18	193536	----a-w-	C:\Windows\SysWow64\dhcpcore6.dll
2012-12-15 20:48:59	950128	----a-w-	C:\Windows\System32\drivers\ndis.sys
2012-12-15 20:47:59	2004480	----a-w-	C:\Windows\System32\msxml6.dll
2012-12-15 20:47:58	1881600	----a-w-	C:\Windows\System32\msxml3.dll
2012-12-15 20:47:57	2048	----a-w-	C:\Windows\SysWow64\msxml3r.dll
2012-12-15 20:47:57	2048	----a-w-	C:\Windows\System32\msxml3r.dll
2012-12-15 20:47:57	1390080	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-12-15 20:47:57	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-12-15 20:47:55	751104	----a-w-	C:\Windows\System32\win32spl.dll
2012-12-15 20:47:55	67072	----a-w-	C:\Windows\splwow64.exe
2012-12-15 20:47:55	559104	----a-w-	C:\Windows\System32\spoolsv.exe
2012-12-15 20:47:55	492032	----a-w-	C:\Windows\SysWow64\win32spl.dll
2012-12-15 20:47:53	245760	----a-w-	C:\Windows\System32\OxpsConverter.exe
2012-12-15 20:47:46	715776	----a-w-	C:\Windows\System32\kerberos.dll
2012-12-15 20:47:46	542208	----a-w-	C:\Windows\SysWow64\kerberos.dll
2012-12-15 20:38:54	1464320	----a-w-	C:\Windows\System32\crypt32.dll
2012-12-15 20:38:53	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-12-15 20:38:53	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-12-15 20:38:53	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-12-15 20:38:53	1159680	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-12-15 20:38:53	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-12-14 14:51:32	--------	d-----w-	C:\Users\Paul\AppData\Roaming\Adobe Mini Bridge CS5
2012-12-01 21:00:49	--------	d-----w-	C:\Users\Paul\AppData\Roaming\TuneUp Software
2012-12-01 21:00:05	--------	d-----w-	C:\ProgramData\TuneUp Software
2012-12-01 20:56:24	--------	d-----w-	C:\Windows\SysWow64\QuickTime
2012-12-01 20:46:21	--------	d-sh--w-	C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-12-01 20:42:00	32768	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2012-12-01 20:42:00	266240	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2012-12-01 20:42:00	180224	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2012-12-01 20:41:59	409600	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2012-12-01 20:41:59	172032	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2012-12-01 20:41:57	761856	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2012-12-01 20:41:56	540772	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2012-12-01 20:36:59	506728	----a-w-	C:\Windows\System32\d3dx10_33.dll
2012-12-01 20:35:21	861696	----a-w-	C:\Windows\System32\oleaut32.dll
2012-12-01 20:35:21	571904	----a-w-	C:\Windows\SysWow64\oleaut32.dll
2012-12-01 20:35:21	331776	----a-w-	C:\Windows\System32\oleacc.dll
2012-12-01 20:35:21	233472	----a-w-	C:\Windows\SysWow64\oleacc.dll
2012-12-01 20:33:54	43520	----a-w-	C:\Windows\System32\csrsrv.dll
2012-12-01 20:33:37	--------	d-----w-	C:\Directx
2012-12-01 20:33:33	870912	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2012-12-01 20:33:33	1465344	----a-w-	C:\Windows\System32\XpsPrint.dll
2012-12-01 20:33:31	723456	----a-w-	C:\Windows\System32\EncDec.dll
2012-12-01 20:33:31	534528	----a-w-	C:\Windows\SysWow64\EncDec.dll
2012-12-01 20:33:15	142336	----a-w-	C:\Windows\System32\poqexec.exe
2012-12-01 20:33:14	123904	----a-w-	C:\Windows\SysWow64\poqexec.exe
2012-12-01 20:31:49	1572864	----a-w-	C:\Windows\System32\quartz.dll
2012-12-01 20:30:51	90624	----a-w-	C:\Windows\System32\drivers\bowser.sys
2012-12-01 20:23:12	--------	d-----w-	C:\ProgramData\MAGIX
2012-12-01 20:16:32	77312	----a-w-	C:\Windows\System32\packager.dll
2012-12-01 20:16:32	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2012-12-01 19:54:21	--------	d-----w-	C:\Program Files (x86)\Common Files\PX Storage Engine
2012-12-01 19:54:02	--------	d-----w-	C:\Program Files\DivX
2012-12-01 19:53:09	--------	d-----w-	C:\Program Files (x86)\DivX
2012-12-01 19:52:46	--------	d-----w-	C:\ProgramData\DivX
2012-12-01 19:42:23	--------	d-----w-	C:\Program Files (x86)\Audacity
2012-12-01 19:40:10	--------	d-----w-	C:\Program Files (x86)\VideoLAN
2012-12-01 18:47:16	--------	d-----w-	C:\Program Files (x86)\Microsoft Synchronization Services
2012-12-01 18:47:16	--------	d-----w-	C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-12-01 18:46:55	200384	----a-w-	C:\ProgramData\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-12-01 18:45:03	--------	d-----w-	C:\Program Files\Microsoft Help Viewer
2012-12-01 18:35:05	--------	d-----w-	C:\Program Files\Elantech
2012-12-01 18:35:03	4677512	----a-w-	C:\Windows\System32\ETDUI.cpl
2012-12-01 18:35:03	135560	----a-w-	C:\Windows\System32\drivers\ETD.sys
2012-12-01 17:05:52	73656	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-01 16:38:13	53248	----a-r-	C:\Windows\SysWow64\CSVer.dll
2012-12-01 16:37:36	--------	d-----w-	C:\Windows\SysWow64\sda
2012-12-01 16:37:23	422504	----a-w-	C:\Windows\System32\RtsUStor.dll
2012-12-01 16:37:07	--------	d-sh--w-	C:\Windows\Installer
2012-12-01 16:36:49	243712	----a-r-	C:\Windows\System32\drivers\RtsUStor.sys
2012-12-01 16:36:45	9112168	----a-w-	C:\Windows\SysWow64\RtsUStoricon.dll
2012-12-01 16:34:29	9014784	----a-w-	C:\Windows\System32\igfxress.dll
2012-12-01 16:34:29	90112	----a-w-	C:\Windows\System32\igfxCoIn_v2182.dll
2012-12-01 16:34:29	62464	----a-w-	C:\Windows\System32\igfxsrvc.dll
2012-12-01 16:34:29	110080	----a-w-	C:\Windows\System32\hccutils.dll
2012-12-01 16:33:37	56344	----a-w-	C:\Windows\System32\drivers\HECIx64.sys
2012-12-01 16:32:53	2229608	----a-w-	C:\Windows\System32\drivers\athrx.sys
2012-11-26 19:29:14	95208	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 16:18:04	--------	d-----r-	C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
2012-12-14 18:19:22	697272	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40	3149824	----a-w-	C:\Windows\System32\win32k.sys
2012-11-14 06:11:44	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-11-14 06:02:49	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46	599040	----a-w-	C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-11-09 04:42:49	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11	478208	----a-w-	C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31	376832	----a-w-	C:\Windows\SysWow64\dpnet.dll
2012-10-16 19:51:49	73501801	----a-w-	C:\ProgramData\SPLAEBE.tmp
2012-10-16 08:38:37	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52	561664	----a-w-	C:\Windows\apppatch\AcLayers.dll
2012-10-09 17:08:50	8192	----a-w-	C:\Windows\SysWow64\srvany.exe
2012-10-04 17:46:16	362496	----a-w-	C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15	243200	----a-w-	C:\Windows\System32\wow64.dll
2012-10-04 17:46:15	13312	----a-w-	C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55	215040	----a-w-	C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28	16384	----a-w-	C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16	424960	----a-w-	C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41	274944	----a-w-	C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55	338432	----a-w-	C:\Windows\System32\conhost.exe
2012-10-04 14:46:46	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43	2048	----a-w-	C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50	6144	---ha-w-	C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50	4608	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54	1914248	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21	70656	----a-w-	C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21	303104	----a-w-	C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17	246272	----a-w-	C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17	18944	----a-w-	C:\Windows\System32\netevent.dll
2012-10-03 17:44:16	216576	----a-w-	C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16	569344	----a-w-	C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24	18944	----a-w-	C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24	175104	----a-w-	C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23	156672	----a-w-	C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26	45568	----a-w-	C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43	78336	----a-w-	C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17	95744	----a-w-	C:\Windows\System32\synceng.dll
.
============= FINISH: 21:48:56,65 ===============
         
--- --- ---
attach.txt
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 01.12.2012 17:26:51
System Uptime: 20.12.2012 18:18:42 (3 hours ago)
.
Motherboard: Packard Bell |  | EasyNote TK85
Processor: Intel(R) Core(TM) i3 CPU       M 370  @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 403,589 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.1.4) - Deutsch
Audacity 1.2.6
Avira Free Antivirus
BASS.NET API
Camtasia Studio 7
CINEMA 4D 12.016
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX-Setup
Dropbox
ETDWare PS/2-x64 7.0.6.5_WHQL
Fences
FileZilla Client 3.5.3
Google Earth
Google Update Helper
High-Definition Video Playback
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 9
Java Auto Updater
Java(TM) SE Development Kit 6 Update 35 (64-bit)
Lexmark Pro700 Series
Malwarebytes Anti-Malware Version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0 Language Pack - DEU
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual Basic 2010 Express - DEU
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 Service Pack 1
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 17.0.1 (x86 de)
MSVC80_x64
MSVC80_x64_v2
MSVC80_x86
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT Redists
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Platinum
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NetSpeedMonitor 2.5.4.0 x64
Nokia Suite
Paranormal - CLOSED BETA 7.0
PC Connectivity Solution
Samplitude Music Studio 17 Download-Version
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Visual Basic 2010 Express - DEU (KB2251489)
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.0
Tunatic
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
UseNeXT
VC80CRTRedist - 8.0.50727.6195
Vegas Movie Studio HD Platinum 11.0
VLC media player 2.0.4
Welcome App (Start-up experience)
WinRAR Archivierer
XAMPP 1.7.7
.
==== End Of File ===========================
         

Alt 20.12.2012, 22:03   #12
ryder
/// TB-Ausbilder
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Schritt 3?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 20.12.2012, 22:08   #13
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Code:
ATTFilter
21:45:54.0550 3956  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:45:54.0750 3956  ============================================================
21:45:54.0750 3956  Current date / time: 2012/12/20 21:45:54.0750
21:45:54.0750 3956  SystemInfo:
21:45:54.0750 3956  
21:45:54.0750 3956  OS Version: 6.1.7601 ServicePack: 1.0
21:45:54.0750 3956  Product type: Workstation
21:45:54.0750 3956  ComputerName: PAUL
21:45:54.0750 3956  UserName: Paul
21:45:54.0750 3956  Windows directory: C:\Windows
21:45:54.0750 3956  System windows directory: C:\Windows
21:45:54.0750 3956  Running under WOW64
21:45:54.0750 3956  Processor architecture: Intel x64
21:45:54.0750 3956  Number of processors: 4
21:45:54.0750 3956  Page size: 0x1000
21:45:54.0750 3956  Boot type: Normal boot
21:45:54.0750 3956  ============================================================
21:45:56.0060 3956  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:56.0065 3956  ============================================================
21:45:56.0065 3956  \Device\Harddisk0\DR0:
21:45:56.0065 3956  MBR partitions:
21:45:56.0065 3956  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:45:56.0065 3956  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:45:56.0065 3956  ============================================================
21:45:56.0100 3956  C: <-> \Device\Harddisk0\DR0\Partition2
21:45:56.0100 3956  ============================================================
21:45:56.0100 3956  Initialize success
21:45:56.0100 3956  ============================================================
21:46:18.0430 3032  ============================================================
21:46:18.0430 3032  Scan started
21:46:18.0430 3032  Mode: Manual; TDLFS; 
21:46:18.0430 3032  ============================================================
21:46:19.0745 3032  ================ Scan system memory ========================
21:46:19.0745 3032  System memory - ok
21:46:19.0745 3032  ================ Scan services =============================
21:46:19.0890 3032  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:46:19.0895 3032  1394ohci - ok
21:46:19.0930 3032  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:46:19.0930 3032  ACPI - ok
21:46:19.0960 3032  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:46:19.0960 3032  AcpiPmi - ok
21:46:20.0045 3032  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:46:20.0045 3032  AdobeARMservice - ok
21:46:20.0145 3032  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:46:20.0145 3032  AdobeFlashPlayerUpdateSvc - ok
21:46:20.0185 3032  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:46:20.0190 3032  adp94xx - ok
21:46:20.0215 3032  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:46:20.0215 3032  adpahci - ok
21:46:20.0235 3032  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:46:20.0235 3032  adpu320 - ok
21:46:20.0265 3032  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:46:20.0270 3032  AeLookupSvc - ok
21:46:20.0300 3032  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:46:20.0305 3032  AFD - ok
21:46:20.0340 3032  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:46:20.0340 3032  agp440 - ok
21:46:20.0360 3032  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:46:20.0360 3032  ALG - ok
21:46:20.0380 3032  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:46:20.0380 3032  aliide - ok
21:46:20.0395 3032  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:46:20.0400 3032  amdide - ok
21:46:20.0420 3032  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:46:20.0420 3032  AmdK8 - ok
21:46:20.0435 3032  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:46:20.0435 3032  AmdPPM - ok
21:46:20.0460 3032  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:46:20.0460 3032  amdsata - ok
21:46:20.0485 3032  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:46:20.0485 3032  amdsbs - ok
21:46:20.0500 3032  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:46:20.0500 3032  amdxata - ok
21:46:20.0550 3032  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:46:20.0550 3032  AntiVirSchedulerService - ok
21:46:20.0565 3032  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:46:20.0565 3032  AntiVirService - ok
21:46:20.0620 3032  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:46:20.0620 3032  AppID - ok
21:46:20.0655 3032  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:46:20.0655 3032  AppIDSvc - ok
21:46:20.0685 3032  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:46:20.0685 3032  Appinfo - ok
21:46:20.0705 3032  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:46:20.0705 3032  AppMgmt - ok
21:46:20.0750 3032  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:46:20.0750 3032  arc - ok
21:46:20.0755 3032  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:46:20.0755 3032  arcsas - ok
21:46:20.0855 3032  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:46:20.0855 3032  aspnet_state - ok
21:46:20.0880 3032  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:20.0880 3032  AsyncMac - ok
21:46:20.0900 3032  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:46:20.0900 3032  atapi - ok
21:46:20.0965 3032  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:46:20.0975 3032  athr - ok
21:46:21.0025 3032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:46:21.0030 3032  AudioEndpointBuilder - ok
21:46:21.0055 3032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:46:21.0055 3032  AudioSrv - ok
21:46:21.0070 3032  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:46:21.0070 3032  avgntflt - ok
21:46:21.0085 3032  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:46:21.0090 3032  avipbb - ok
21:46:21.0095 3032  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:46:21.0095 3032  avkmgr - ok
21:46:21.0130 3032  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:46:21.0130 3032  AxInstSV - ok
21:46:21.0165 3032  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:46:21.0170 3032  b06bdrv - ok
21:46:21.0205 3032  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:21.0205 3032  b57nd60a - ok
21:46:21.0240 3032  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:46:21.0240 3032  BDESVC - ok
21:46:21.0260 3032  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:46:21.0260 3032  Beep - ok
21:46:21.0285 3032  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:46:21.0290 3032  BFE - ok
21:46:21.0315 3032  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:46:21.0320 3032  BITS - ok
21:46:21.0335 3032  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:46:21.0340 3032  blbdrive - ok
21:46:21.0360 3032  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:46:21.0360 3032  bowser - ok
21:46:21.0380 3032  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:46:21.0380 3032  BrFiltLo - ok
21:46:21.0400 3032  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:46:21.0400 3032  BrFiltUp - ok
21:46:21.0425 3032  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:46:21.0430 3032  Browser - ok
21:46:21.0455 3032  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:46:21.0460 3032  Brserid - ok
21:46:21.0480 3032  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:46:21.0480 3032  BrSerWdm - ok
21:46:21.0485 3032  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:46:21.0485 3032  BrUsbMdm - ok
21:46:21.0490 3032  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:46:21.0490 3032  BrUsbSer - ok
21:46:21.0495 3032  BTATH_BUS - ok
21:46:21.0505 3032  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:46:21.0510 3032  BTHMODEM - ok
21:46:21.0555 3032  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:46:21.0555 3032  bthserv - ok
21:46:21.0585 3032  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:46:21.0585 3032  cdfs - ok
21:46:21.0730 3032  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:46:21.0730 3032  cdrom - ok
21:46:21.0755 3032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:46:21.0760 3032  CertPropSvc - ok
21:46:21.0770 3032  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:46:21.0770 3032  circlass - ok
21:46:21.0795 3032  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:46:21.0795 3032  CLFS - ok
21:46:21.0990 3032  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:21.0995 3032  clr_optimization_v2.0.50727_32 - ok
21:46:22.0040 3032  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:46:22.0040 3032  clr_optimization_v2.0.50727_64 - ok
21:46:22.0105 3032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:46:22.0105 3032  clr_optimization_v4.0.30319_32 - ok
21:46:22.0125 3032  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:46:22.0125 3032  clr_optimization_v4.0.30319_64 - ok
21:46:22.0150 3032  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:46:22.0150 3032  CmBatt - ok
21:46:22.0175 3032  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:46:22.0175 3032  cmdide - ok
21:46:22.0205 3032  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:46:22.0210 3032  CNG - ok
21:46:22.0220 3032  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:46:22.0220 3032  Compbatt - ok
21:46:22.0240 3032  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:46:22.0245 3032  CompositeBus - ok
21:46:22.0275 3032  COMSysApp - ok
21:46:22.0295 3032  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:46:22.0295 3032  crcdisk - ok
21:46:22.0330 3032  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:46:22.0330 3032  CryptSvc - ok
21:46:22.0360 3032  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
21:46:22.0365 3032  CSC - ok
21:46:22.0400 3032  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
21:46:22.0400 3032  CscService - ok
21:46:22.0425 3032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:46:22.0430 3032  DcomLaunch - ok
21:46:22.0455 3032  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:46:22.0460 3032  defragsvc - ok
21:46:22.0490 3032  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:46:22.0490 3032  DfsC - ok
21:46:22.0515 3032  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:46:22.0525 3032  Dhcp - ok
21:46:22.0540 3032  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:46:22.0545 3032  discache - ok
21:46:22.0550 3032  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:46:22.0550 3032  Disk - ok
21:46:22.0575 3032  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:46:22.0580 3032  Dnscache - ok
21:46:22.0605 3032  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:46:22.0610 3032  dot3svc - ok
21:46:22.0635 3032  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:46:22.0640 3032  DPS - ok
21:46:22.0670 3032  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:46:22.0675 3032  drmkaud - ok
21:46:22.0715 3032  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:46:22.0740 3032  DXGKrnl - ok
21:46:22.0810 3032  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
21:46:22.0815 3032  E1G60 - ok
21:46:22.0885 3032  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:46:22.0895 3032  EapHost - ok
21:46:23.0160 3032  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:46:23.0175 3032  ebdrv - ok
21:46:23.0220 3032  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:46:23.0220 3032  EFS - ok
21:46:23.0260 3032  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:46:23.0270 3032  ehRecvr - ok
21:46:23.0295 3032  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:46:23.0300 3032  ehSched - ok
21:46:23.0335 3032  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:46:23.0345 3032  elxstor - ok
21:46:23.0385 3032  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:46:23.0385 3032  ErrDev - ok
21:46:23.0410 3032  [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
21:46:23.0415 3032  ETD - ok
21:46:23.0445 3032  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:46:23.0455 3032  EventSystem - ok
21:46:23.0460 3032  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:46:23.0460 3032  exfat - ok
21:46:23.0480 3032  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:46:23.0505 3032  fastfat - ok
21:46:23.0540 3032  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:46:23.0560 3032  Fax - ok
21:46:23.0580 3032  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:46:23.0580 3032  fdc - ok
21:46:23.0610 3032  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:46:23.0610 3032  fdPHost - ok
21:46:23.0630 3032  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:46:23.0635 3032  FDResPub - ok
21:46:23.0655 3032  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:46:23.0655 3032  FileInfo - ok
21:46:23.0670 3032  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:46:23.0670 3032  Filetrace - ok
21:46:23.0825 3032  [ BF72C20B44B85FD030AEAA721E35D512 ] FileZilla Server c:\xampp\FileZillaFTP\FileZillaServer.exe
21:46:23.0895 3032  FileZilla Server - ok
21:46:23.0935 3032  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:46:23.0965 3032  flpydisk - ok
21:46:24.0065 3032  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:46:24.0070 3032  FltMgr - ok
21:46:24.0115 3032  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:46:24.0125 3032  FontCache - ok
21:46:24.0175 3032  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:46:24.0175 3032  FontCache3.0.0.0 - ok
21:46:24.0210 3032  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:46:24.0210 3032  FsDepends - ok
21:46:24.0235 3032  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:46:24.0235 3032  Fs_Rec - ok
21:46:24.0275 3032  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:46:24.0275 3032  fvevol - ok
21:46:24.0280 3032  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:46:24.0285 3032  gagp30kx - ok
21:46:24.0315 3032  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:46:24.0340 3032  gpsvc - ok
21:46:24.0405 3032  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:24.0410 3032  gupdate - ok
21:46:24.0420 3032  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:24.0420 3032  gupdatem - ok
21:46:24.0445 3032  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:46:24.0445 3032  hcw85cir - ok
21:46:24.0475 3032  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:46:24.0480 3032  HdAudAddService - ok
21:46:24.0490 3032  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:46:24.0495 3032  HDAudBus - ok
21:46:24.0520 3032  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
21:46:24.0520 3032  HECIx64 - ok
21:46:24.0535 3032  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:46:24.0535 3032  HidBatt - ok
21:46:24.0550 3032  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:46:24.0555 3032  HidBth - ok
21:46:24.0560 3032  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:46:24.0560 3032  HidIr - ok
21:46:24.0590 3032  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:46:24.0625 3032  hidserv - ok
21:46:24.0695 3032  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:46:24.0695 3032  HidUsb - ok
21:46:24.0735 3032  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:46:24.0740 3032  hkmsvc - ok
21:46:24.0790 3032  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:46:24.0805 3032  HomeGroupListener - ok
21:46:24.0835 3032  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:46:24.0835 3032  HomeGroupProvider - ok
21:46:24.0880 3032  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:46:24.0885 3032  HpSAMD - ok
21:46:24.0930 3032  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:46:24.0950 3032  HTTP - ok
21:46:24.0965 3032  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:46:24.0970 3032  hwpolicy - ok
21:46:24.0980 3032  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:46:24.0985 3032  i8042prt - ok
21:46:25.0015 3032  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:46:25.0020 3032  iaStorV - ok
21:46:25.0080 3032  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:46:25.0100 3032  idsvc - ok
21:46:25.0335 3032  [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:46:25.0560 3032  igfx - ok
21:46:25.0610 3032  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:46:25.0610 3032  iirsp - ok
21:46:25.0650 3032  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:46:25.0675 3032  IKEEXT - ok
21:46:25.0740 3032  [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:46:25.0810 3032  IntcAzAudAddService - ok
21:46:25.0820 3032  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:46:25.0820 3032  intelide - ok
21:46:25.0850 3032  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:46:25.0855 3032  intelppm - ok
21:46:25.0875 3032  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:46:25.0880 3032  IPBusEnum - ok
21:46:25.0910 3032  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:25.0915 3032  IpFilterDriver - ok
21:46:25.0955 3032  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:46:25.0965 3032  iphlpsvc - ok
21:46:25.0985 3032  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:46:25.0990 3032  IPMIDRV - ok
21:46:26.0030 3032  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:46:26.0030 3032  IPNAT - ok
21:46:26.0050 3032  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:46:26.0115 3032  IRENUM - ok
21:46:26.0145 3032  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:46:26.0145 3032  isapnp - ok
21:46:26.0180 3032  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:46:26.0185 3032  iScsiPrt - ok
21:46:26.0210 3032  [ D0601AD6A455E430528B34723691DADE ] k57nd           C:\Windows\system32\DRIVERS\k57amd64.sys
21:46:26.0220 3032  k57nd - ok
21:46:26.0245 3032  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:26.0250 3032  kbdclass - ok
21:46:26.0260 3032  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:46:26.0260 3032  kbdhid - ok
21:46:26.0275 3032  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:46:26.0280 3032  KeyIso - ok
21:46:26.0290 3032  KMService - ok
21:46:26.0320 3032  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:46:26.0320 3032  KSecDD - ok
21:46:26.0360 3032  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:46:26.0365 3032  KSecPkg - ok
21:46:26.0395 3032  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:46:26.0400 3032  ksthunk - ok
21:46:26.0455 3032  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:46:26.0460 3032  KtmRm - ok
21:46:26.0490 3032  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:46:26.0495 3032  LanmanServer - ok
21:46:26.0530 3032  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:46:26.0535 3032  LanmanWorkstation - ok
21:46:26.0555 3032  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:46:26.0560 3032  lltdio - ok
21:46:26.0620 3032  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:46:26.0625 3032  lltdsvc - ok
21:46:26.0640 3032  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:46:26.0645 3032  lmhosts - ok
21:46:26.0680 3032  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:46:26.0680 3032  LSI_FC - ok
21:46:26.0690 3032  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:46:26.0695 3032  LSI_SAS - ok
21:46:26.0700 3032  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:46:26.0700 3032  LSI_SAS2 - ok
21:46:26.0715 3032  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:46:26.0715 3032  LSI_SCSI - ok
21:46:26.0740 3032  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:46:26.0745 3032  luafv - ok
21:46:26.0790 3032  [ 60B3548FFA9A2EAAED75E9F0704DFCE0 ] lxeeCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe
21:46:26.0795 3032  lxeeCATSCustConnectService - ok
21:46:26.0795 3032  lxee_device - ok
21:46:26.0815 3032  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:46:26.0820 3032  Mcx2Svc - ok
21:46:26.0835 3032  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:46:26.0840 3032  megasas - ok
21:46:26.0855 3032  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:46:26.0860 3032  MegaSR - ok
21:46:26.0895 3032  [ 1595FECFFBE9EA2417E06D5FD0BFA4C4 ] MEMSWEEP2       C:\Windows\system32\1075.tmp
21:46:26.0895 3032  MEMSWEEP2 - ok
21:46:26.0940 3032  Microsoft SharePoint Workspace Audit Service - ok
21:46:26.0960 3032  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:46:26.0965 3032  MMCSS - ok
21:46:26.0980 3032  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:46:26.0980 3032  Modem - ok
21:46:27.0000 3032  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:46:27.0005 3032  monitor - ok
21:46:27.0030 3032  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:46:27.0035 3032  mouclass - ok
21:46:27.0050 3032  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:46:27.0055 3032  mouhid - ok
21:46:27.0085 3032  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:46:27.0085 3032  mountmgr - ok
21:46:27.0110 3032  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:46:27.0110 3032  mpio - ok
21:46:27.0125 3032  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:46:27.0125 3032  mpsdrv - ok
21:46:27.0160 3032  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:46:27.0165 3032  MpsSvc - ok
21:46:27.0195 3032  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:46:27.0195 3032  MRxDAV - ok
21:46:27.0230 3032  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:27.0230 3032  mrxsmb - ok
21:46:27.0265 3032  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:27.0270 3032  mrxsmb10 - ok
21:46:27.0275 3032  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:27.0275 3032  mrxsmb20 - ok
21:46:27.0300 3032  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:46:27.0300 3032  msahci - ok
21:46:27.0320 3032  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:46:27.0320 3032  msdsm - ok
21:46:27.0335 3032  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:46:27.0340 3032  MSDTC - ok
21:46:27.0375 3032  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:46:27.0375 3032  Msfs - ok
21:46:27.0390 3032  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:46:27.0395 3032  mshidkmdf - ok
21:46:27.0400 3032  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:46:27.0400 3032  msisadrv - ok
21:46:27.0420 3032  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:46:27.0420 3032  MSiSCSI - ok
21:46:27.0430 3032  msiserver - ok
21:46:27.0445 3032  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:46:27.0445 3032  MSKSSRV - ok
21:46:27.0460 3032  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:27.0465 3032  MSPCLOCK - ok
21:46:27.0485 3032  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:46:27.0485 3032  MSPQM - ok
21:46:27.0525 3032  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:46:27.0530 3032  MsRPC - ok
21:46:27.0560 3032  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:46:27.0560 3032  mssmbios - ok
21:46:27.0585 3032  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:46:27.0585 3032  MSTEE - ok
21:46:27.0600 3032  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:46:27.0600 3032  MTConfig - ok
21:46:27.0615 3032  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:46:27.0620 3032  Mup - ok
21:46:27.0675 3032  mysql - ok
21:46:27.0715 3032  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:46:27.0725 3032  napagent - ok
21:46:27.0750 3032  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:46:27.0755 3032  NativeWifiP - ok
21:46:27.0835 3032  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
21:46:27.0860 3032  NAUpdate - ok
21:46:27.0890 3032  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:46:27.0915 3032  NDIS - ok
21:46:27.0930 3032  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:46:27.0930 3032  NdisCap - ok
21:46:27.0955 3032  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:27.0955 3032  NdisTapi - ok
21:46:27.0980 3032  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:27.0985 3032  Ndisuio - ok
21:46:28.0005 3032  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:28.0005 3032  NdisWan - ok
21:46:28.0035 3032  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:46:28.0040 3032  NDProxy - ok
21:46:28.0060 3032  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:46:28.0060 3032  NetBIOS - ok
21:46:28.0095 3032  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:46:28.0100 3032  NetBT - ok
21:46:28.0115 3032  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:46:28.0115 3032  Netlogon - ok
21:46:28.0165 3032  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:46:28.0170 3032  Netman - ok
21:46:28.0300 3032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:28.0300 3032  NetMsmqActivator - ok
21:46:28.0310 3032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:28.0310 3032  NetPipeActivator - ok
21:46:28.0355 3032  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:46:28.0380 3032  netprofm - ok
21:46:28.0420 3032  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
21:46:28.0445 3032  netr7364 - ok
21:46:28.0465 3032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:28.0465 3032  NetTcpActivator - ok
21:46:28.0470 3032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:28.0470 3032  NetTcpPortSharing - ok
21:46:28.0500 3032  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:46:28.0505 3032  nfrd960 - ok
21:46:28.0530 3032  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:46:28.0535 3032  NlaSvc - ok
21:46:28.0555 3032  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:46:28.0560 3032  Npfs - ok
21:46:28.0585 3032  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:46:28.0590 3032  nsi - ok
21:46:28.0605 3032  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:46:28.0605 3032  nsiproxy - ok
21:46:28.0660 3032  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:46:28.0690 3032  Ntfs - ok
21:46:28.0710 3032  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:46:28.0710 3032  Null - ok
21:46:28.0740 3032  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:46:28.0740 3032  nvraid - ok
21:46:28.0755 3032  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:46:28.0760 3032  nvstor - ok
21:46:28.0765 3032  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:46:28.0770 3032  nv_agp - ok
21:46:28.0805 3032  [ 9A88D0C80EAE82CD295AEC875F715743 ] OAfilt          C:\Windows\system32\drivers\OAfilt.sys
21:46:28.0810 3032  OAfilt - ok
21:46:28.0825 3032  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:46:28.0830 3032  ohci1394 - ok
21:46:28.0875 3032  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:46:28.0875 3032  ose - ok
21:46:29.0015 3032  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:46:29.0130 3032  osppsvc - ok
21:46:29.0315 3032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:46:29.0370 3032  p2pimsvc - ok
21:46:29.0485 3032  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:46:29.0540 3032  p2psvc - ok
21:46:29.0565 3032  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:46:29.0570 3032  Parport - ok
21:46:29.0590 3032  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:46:29.0590 3032  partmgr - ok
21:46:29.0610 3032  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:46:29.0615 3032  PcaSvc - ok
21:46:29.0635 3032  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:46:29.0640 3032  pccsmcfd - ok
21:46:29.0660 3032  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:46:29.0660 3032  pci - ok
21:46:29.0685 3032  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:46:29.0690 3032  pciide - ok
21:46:29.0700 3032  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:46:29.0705 3032  pcmcia - ok
21:46:29.0710 3032  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:46:29.0710 3032  pcw - ok
21:46:29.0740 3032  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:46:29.0750 3032  PEAUTH - ok
21:46:29.0795 3032  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:46:29.0825 3032  PeerDistSvc - ok
21:46:29.0910 3032  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:46:29.0910 3032  PerfHost - ok
21:46:30.0015 3032  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:46:30.0050 3032  pla - ok
21:46:30.0105 3032  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:46:30.0115 3032  PlugPlay - ok
21:46:30.0125 3032  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:46:30.0125 3032  PNRPAutoReg - ok
21:46:30.0140 3032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:46:30.0145 3032  PNRPsvc - ok
21:46:30.0175 3032  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:46:30.0180 3032  PolicyAgent - ok
21:46:30.0220 3032  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:46:30.0225 3032  Power - ok
21:46:30.0250 3032  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:46:30.0255 3032  PptpMiniport - ok
21:46:30.0275 3032  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:46:30.0275 3032  Processor - ok
21:46:30.0325 3032  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:46:30.0330 3032  ProfSvc - ok
21:46:30.0350 3032  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:46:30.0350 3032  ProtectedStorage - ok
21:46:30.0385 3032  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:46:30.0390 3032  Psched - ok
21:46:30.0440 3032  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:46:30.0470 3032  ql2300 - ok
21:46:30.0490 3032  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:46:30.0495 3032  ql40xx - ok
21:46:30.0515 3032  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:46:30.0522 3032  QWAVE - ok
21:46:30.0530 3032  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:46:30.0535 3032  QWAVEdrv - ok
21:46:30.0555 3032  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:46:30.0555 3032  RasAcd - ok
21:46:30.0585 3032  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:30.0585 3032  RasAgileVpn - ok
21:46:30.0605 3032  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:46:30.0610 3032  RasAuto - ok
21:46:30.0640 3032  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:30.0645 3032  Rasl2tp - ok
21:46:30.0665 3032  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:46:30.0675 3032  RasMan - ok
21:46:30.0710 3032  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:30.0715 3032  RasPppoe - ok
21:46:30.0745 3032  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:46:30.0750 3032  RasSstp - ok
21:46:30.0810 3032  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:46:30.0820 3032  rdbss - ok
21:46:30.0845 3032  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:46:30.0845 3032  rdpbus - ok
21:46:30.0855 3032  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:30.0860 3032  RDPCDD - ok
21:46:30.0890 3032  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:46:30.0895 3032  RDPDR - ok
21:46:30.0895 3032  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:46:30.0900 3032  RDPENCDD - ok
21:46:30.0905 3032  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:46:30.0905 3032  RDPREFMP - ok
21:46:30.0975 3032  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:46:30.0980 3032  RdpVideoMiniport - ok
21:46:31.0020 3032  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:46:31.0025 3032  RDPWD - ok
21:46:31.0050 3032  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:46:31.0055 3032  rdyboost - ok
21:46:31.0090 3032  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:46:31.0090 3032  RemoteAccess - ok
21:46:31.0125 3032  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:46:31.0130 3032  RemoteRegistry - ok
21:46:31.0160 3032  [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
21:46:31.0165 3032  RMCAST - ok
21:46:31.0185 3032  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:46:31.0185 3032  RpcEptMapper - ok
21:46:31.0200 3032  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:46:31.0200 3032  RpcLocator - ok
21:46:31.0240 3032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:46:31.0245 3032  RpcSs - ok
21:46:31.0280 3032  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:46:31.0280 3032  rspndr - ok
21:46:31.0315 3032  [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
21:46:31.0320 3032  RSUSBSTOR - ok
21:46:31.0345 3032  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:46:31.0350 3032  s3cap - ok
21:46:31.0360 3032  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:46:31.0360 3032  SamSs - ok
21:46:31.0390 3032  SANDRA - ok
21:46:31.0410 3032  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:46:31.0410 3032  sbp2port - ok
21:46:31.0445 3032  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:46:31.0445 3032  SCardSvr - ok
21:46:31.0470 3032  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:46:31.0470 3032  scfilter - ok
21:46:31.0515 3032  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:46:31.0550 3032  Schedule - ok
21:46:31.0580 3032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:46:31.0585 3032  SCPolicySvc - ok
21:46:31.0600 3032  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:46:31.0605 3032  SDRSVC - ok
21:46:31.0635 3032  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:46:31.0640 3032  secdrv - ok
21:46:31.0655 3032  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:46:31.0660 3032  seclogon - ok
21:46:31.0695 3032  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:46:31.0700 3032  SENS - ok
21:46:31.0715 3032  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:46:31.0715 3032  SensrSvc - ok
21:46:31.0730 3032  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:46:31.0730 3032  Serenum - ok
21:46:31.0745 3032  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:46:31.0750 3032  Serial - ok
21:46:31.0780 3032  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:46:31.0780 3032  sermouse - ok
21:46:31.0875 3032  [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:46:31.0910 3032  ServiceLayer - ok
21:46:31.0955 3032  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:46:31.0960 3032  SessionEnv - ok
21:46:31.0985 3032  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:46:31.0990 3032  sffdisk - ok
21:46:32.0005 3032  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:46:32.0010 3032  sffp_mmc - ok
21:46:32.0030 3032  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:46:32.0030 3032  sffp_sd - ok
21:46:32.0055 3032  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:46:32.0055 3032  sfloppy - ok
21:46:32.0105 3032  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:46:32.0110 3032  SharedAccess - ok
21:46:32.0150 3032  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:46:32.0155 3032  ShellHWDetection - ok
21:46:32.0170 3032  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:46:32.0170 3032  SiSRaid2 - ok
21:46:32.0180 3032  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:46:32.0185 3032  SiSRaid4 - ok
21:46:32.0210 3032  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:46:32.0215 3032  SkypeUpdate - ok
21:46:32.0235 3032  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:46:32.0235 3032  Smb - ok
21:46:32.0270 3032  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:46:32.0275 3032  SNMPTRAP - ok
21:46:32.0290 3032  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:46:32.0295 3032  spldr - ok
21:46:32.0325 3032  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:46:32.0335 3032  Spooler - ok
21:46:32.0420 3032  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:46:32.0500 3032  sppsvc - ok
21:46:32.0530 3032  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:46:32.0535 3032  sppuinotify - ok
21:46:32.0580 3032  [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd            C:\Windows\System32\Drivers\sptd.sys
21:46:32.0600 3032  sptd - ok
21:46:32.0630 3032  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:46:32.0640 3032  srv - ok
21:46:32.0675 3032  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:46:32.0685 3032  srv2 - ok
21:46:32.0710 3032  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:46:32.0715 3032  srvnet - ok
21:46:32.0785 3032  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:46:32.0790 3032  SSDPSRV - ok
21:46:32.0810 3032  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:46:32.0810 3032  SstpSvc - ok
21:46:32.0840 3032  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:46:32.0840 3032  stexstor - ok
21:46:32.0915 3032  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:46:32.0935 3032  stisvc - ok
21:46:32.0965 3032  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:46:32.0965 3032  storflt - ok
21:46:32.0980 3032  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:46:32.0980 3032  storvsc - ok
21:46:33.0005 3032  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:46:33.0005 3032  swenum - ok
21:46:33.0065 3032  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:46:33.0075 3032  SwitchBoard - ok
21:46:33.0115 3032  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:46:33.0125 3032  swprv - ok
21:46:33.0135 3032  Synth3dVsc - ok
21:46:33.0190 3032  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:46:33.0235 3032  SysMain - ok
21:46:33.0275 3032  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:46:33.0280 3032  TabletInputService - ok
21:46:33.0310 3032  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:46:33.0315 3032  TapiSrv - ok
21:46:33.0335 3032  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:46:33.0340 3032  TBS - ok
21:46:33.0415 3032  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:46:33.0490 3032  Tcpip - ok
21:46:33.0545 3032  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:46:33.0555 3032  TCPIP6 - ok
21:46:33.0580 3032  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:46:33.0580 3032  tcpipreg - ok
21:46:33.0610 3032  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:46:33.0615 3032  TDPIPE - ok
21:46:33.0650 3032  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:46:33.0655 3032  TDTCP - ok
21:46:33.0685 3032  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:46:33.0695 3032  tdx - ok
21:46:33.0735 3032  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:46:33.0735 3032  TermDD - ok
21:46:33.0765 3032  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:46:33.0790 3032  TermService - ok
21:46:33.0825 3032  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:46:33.0825 3032  Themes - ok
21:46:33.0850 3032  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:46:33.0855 3032  THREADORDER - ok
21:46:33.0885 3032  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:46:33.0890 3032  TrkWks - ok
21:46:33.0970 3032  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:46:33.0970 3032  TrustedInstaller - ok
21:46:34.0005 3032  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:34.0010 3032  tssecsrv - ok
21:46:34.0035 3032  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:46:34.0040 3032  TsUsbFlt - ok
21:46:34.0045 3032  tsusbhub - ok
21:46:34.0065 3032  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:46:34.0065 3032  tunnel - ok
21:46:34.0095 3032  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:46:34.0095 3032  uagp35 - ok
21:46:34.0120 3032  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:46:34.0125 3032  udfs - ok
21:46:34.0160 3032  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:46:34.0165 3032  UI0Detect - ok
21:46:34.0175 3032  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:46:34.0180 3032  uliagpkx - ok
21:46:34.0205 3032  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:46:34.0205 3032  umbus - ok
21:46:34.0225 3032  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:46:34.0230 3032  UmPass - ok
21:46:34.0260 3032  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
21:46:34.0265 3032  UmRdpService - ok
21:46:34.0285 3032  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:46:34.0295 3032  upnphost - ok
21:46:34.0315 3032  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:46:34.0320 3032  usbaudio - ok
21:46:34.0350 3032  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:34.0350 3032  usbccgp - ok
21:46:34.0380 3032  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:46:34.0385 3032  usbcir - ok
21:46:34.0400 3032  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:46:34.0400 3032  usbehci - ok
21:46:34.0420 3032  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:46:34.0425 3032  usbhub - ok
21:46:34.0445 3032  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:46:34.0445 3032  usbohci - ok
21:46:34.0470 3032  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:46:34.0475 3032  usbprint - ok
21:46:34.0505 3032  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:46:34.0505 3032  usbscan - ok
21:46:34.0745 3032  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
21:46:34.0750 3032  usbser - ok
21:46:34.0765 3032  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:34.0770 3032  USBSTOR - ok
21:46:34.0785 3032  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:46:34.0795 3032  usbuhci - ok
21:46:34.0830 3032  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:46:34.0835 3032  usbvideo - ok
21:46:34.0860 3032  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:46:34.0865 3032  UxSms - ok
21:46:34.0885 3032  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:46:34.0885 3032  VaultSvc - ok
21:46:34.0915 3032  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:46:34.0915 3032  vdrvroot - ok
21:46:34.0960 3032  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:46:34.0970 3032  vds - ok
21:46:34.0995 3032  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:34.0995 3032  vga - ok
21:46:35.0015 3032  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:46:35.0015 3032  VgaSave - ok
21:46:35.0020 3032  VGPU - ok
21:46:35.0040 3032  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:46:35.0045 3032  vhdmp - ok
21:46:35.0080 3032  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:46:35.0080 3032  viaide - ok
21:46:35.0105 3032  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:46:35.0110 3032  vmbus - ok
21:46:35.0130 3032  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:46:35.0130 3032  VMBusHID - ok
21:46:35.0135 3032  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:46:35.0135 3032  volmgr - ok
21:46:35.0165 3032  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:46:35.0170 3032  volmgrx - ok
21:46:35.0195 3032  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:46:35.0215 3032  volsnap - ok
21:46:35.0230 3032  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:46:35.0235 3032  vsmraid - ok
21:46:35.0300 3032  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:46:35.0335 3032  VSS - ok
21:46:35.0355 3032  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:46:35.0360 3032  vwifibus - ok
21:46:35.0370 3032  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:46:35.0375 3032  vwififlt - ok
21:46:35.0400 3032  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:46:35.0410 3032  W32Time - ok
21:46:35.0425 3032  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:46:35.0425 3032  WacomPen - ok
21:46:35.0440 3032  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:46:35.0440 3032  WANARP - ok
21:46:35.0445 3032  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:46:35.0445 3032  Wanarpv6 - ok
21:46:35.0505 3032  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:46:35.0540 3032  wbengine - ok
21:46:35.0565 3032  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:46:35.0570 3032  WbioSrvc - ok
21:46:35.0595 3032  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:46:35.0600 3032  wcncsvc - ok
21:46:35.0620 3032  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:46:35.0625 3032  WcsPlugInService - ok
21:46:35.0650 3032  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:46:35.0660 3032  Wd - ok
21:46:35.0735 3032  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:46:35.0760 3032  Wdf01000 - ok
21:46:35.0775 3032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:46:35.0780 3032  WdiServiceHost - ok
21:46:35.0785 3032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:46:35.0785 3032  WdiSystemHost - ok
21:46:35.0820 3032  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:46:35.0825 3032  WebClient - ok
21:46:35.0860 3032  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:46:35.0865 3032  Wecsvc - ok
21:46:35.0885 3032  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:46:35.0890 3032  wercplsupport - ok
21:46:35.0900 3032  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:46:35.0905 3032  WerSvc - ok
21:46:35.0930 3032  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:46:35.0930 3032  WfpLwf - ok
21:46:35.0940 3032  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:46:35.0945 3032  WIMMount - ok
21:46:35.0955 3032  WinDefend - ok
21:46:35.0960 3032  WinHttpAutoProxySvc - ok
21:46:36.0010 3032  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:46:36.0015 3032  Winmgmt - ok
21:46:36.0085 3032  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:46:36.0130 3032  WinRM - ok
21:46:36.0160 3032  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:46:36.0165 3032  WinUsb - ok
21:46:36.0205 3032  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:46:36.0230 3032  Wlansvc - ok
21:46:36.0250 3032  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:46:36.0250 3032  WmiAcpi - ok
21:46:36.0290 3032  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:46:36.0290 3032  wmiApSrv - ok
21:46:36.0320 3032  WMPNetworkSvc - ok
21:46:36.0350 3032  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:46:36.0355 3032  WPCSvc - ok
21:46:36.0385 3032  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:46:36.0390 3032  WPDBusEnum - ok
21:46:36.0420 3032  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:46:36.0420 3032  ws2ifsl - ok
21:46:36.0435 3032  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:46:36.0440 3032  wscsvc - ok
21:46:36.0445 3032  WSearch - ok
21:46:36.0505 3032  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:46:36.0575 3032  wuauserv - ok
21:46:36.0610 3032  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:46:36.0610 3032  WudfPf - ok
21:46:36.0630 3032  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:36.0630 3032  WUDFRd - ok
21:46:36.0665 3032  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:46:36.0670 3032  wudfsvc - ok
21:46:36.0705 3032  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:46:36.0710 3032  WwanSvc - ok
21:46:36.0765 3032  [ 16A004D355467E44D217DC4DF62EC1E4 ] XAMPP           c:\xampp\service.exe
21:46:36.0785 3032  XAMPP - ok
21:46:36.0800 3032  ================ Scan global ===============================
21:46:37.0025 3032  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:46:37.0055 3032  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:46:37.0065 3032  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
21:46:37.0085 3032  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:46:37.0115 3032  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:46:37.0125 3032  [Global] - ok
21:46:37.0125 3032  ================ Scan MBR ==================================
21:46:37.0140 3032  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:46:37.0695 3032  \Device\Harddisk0\DR0 - ok
21:46:37.0695 3032  ================ Scan VBR ==================================
21:46:37.0695 3032  [ A2DB7CEDFC2DACDB8D8D11A25D68F7F6 ] \Device\Harddisk0\DR0\Partition1
21:46:37.0700 3032  \Device\Harddisk0\DR0\Partition1 - ok
21:46:37.0730 3032  [ F7A76E3D3B80054ED9DF10107DA98FDA ] \Device\Harddisk0\DR0\Partition2
21:46:37.0730 3032  \Device\Harddisk0\DR0\Partition2 - ok
21:46:37.0730 3032  ============================================================
21:46:37.0730 3032  Scan finished
21:46:37.0730 3032  ============================================================
21:46:37.0740 4132  Detected object count: 0
21:46:37.0740 4132  Actual detected object count: 0
21:46:41.0455 5072  Deinitialize success
         

Alt 20.12.2012, 22:11   #14
ryder
/// TB-Ausbilder
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Dann bitte:
Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 20.12.2012, 22:45   #15
MasterofDesa
 
Google Redirect - Malware - Google leitet falsch um - Standard

Google Redirect - Malware - Google leitet falsch um



Hat gemeckert wegen Avira Anti-Vir, habe es dan augeschaltet. Meldung kam jedoch wiederholt. Alles ohne PC Neustart.

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-20.02 - Paul 20.12.2012  22:32:28.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.7863.6016 [GMT 1:00]
ausgeführt von:: c:\users\Paul\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL40CA.tmp
c:\programdata\SPLAEBE.tmp
c:\users\Paul\AppData\Local\assembly\tmp
c:\windows\_detmp.2
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Sys32
c:\windows\SysWow64\tmp98E4.tmp
c:\windows\SysWow64\tmp98F5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-20 bis 2012-12-20  ))))))))))))))))))))))))))))))
.
.
2012-12-20 21:38 . 2012-12-20 21:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-17 18:26 . 2012-12-17 18:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-17 18:26 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-17 18:26 . 2012-12-17 18:27	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-17 16:12 . 2012-11-29 15:06	37216	----a-w-	c:\windows\system32\uxt8CF3.tmp
2012-12-17 16:10 . 2012-12-17 16:52	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-17 16:05 . 2012-12-17 16:05	--------	d--h--w-	c:\programdata\Common Files
2012-12-17 15:42 . 2009-06-18 11:54	6144	------w-	c:\windows\system32\1075.tmp
2012-12-17 15:27 . 2009-06-18 11:54	6144	------w-	c:\windows\system32\3745.tmp
2012-12-17 15:27 . 2012-12-18 16:06	--------	d-----w-	c:\program files (x86)\Sophos
2012-12-16 12:43 . 2012-12-16 12:43	135168	--sha-r-	c:\windows\SysWow64\rasdlgr.dll
2012-12-15 21:18 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-15 21:18 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-15 21:18 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-15 21:18 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-15 21:07 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E873CAC6-FFA6-4978-B0AC-EAE45A734D76}\mpengine.dll
2012-12-15 20:56 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-15 20:56 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-15 20:56 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-15 20:56 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-15 20:56 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-15 20:56 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-15 20:56 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-15 20:55 . 2012-12-18 16:06	--------	d-----w-	c:\program files (x86)\Happyneuron
2012-12-15 20:50 . 2012-11-05 21:35	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-15 20:50 . 2012-11-05 20:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 20:50 . 2012-11-05 20:32	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-15 20:50 . 2012-11-05 20:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-15 20:50 . 2012-10-09 18:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-12-15 20:50 . 2012-10-09 18:17	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-12-15 20:50 . 2012-10-09 17:40	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-15 20:50 . 2012-10-09 17:40	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-12-15 20:48 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-12-15 20:47 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-12-15 20:47 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-12-15 20:47 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-12-15 20:47 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-12-15 20:47 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-12-15 20:47 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-12-15 20:47 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-12-15 20:47 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-12-15 20:47 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-12-15 20:47 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-12-15 20:47 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-12-15 20:47 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-12-15 20:47 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-12-15 20:38 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-12-15 20:38 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-12-15 20:38 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-12-15 20:38 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-12-15 20:38 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-12-15 20:38 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-12-01 21:00 . 2012-12-17 16:10	--------	d-----w-	c:\programdata\TuneUp Software
2012-12-01 20:56 . 2012-05-16 17:00	--------	d-----w-	c:\windows\SysWow64\QuickTime
2012-12-01 20:46 . 2012-12-17 16:52	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-12-01 20:36 . 2007-04-04 17:55	403304	----a-w-	c:\windows\system32\xactengine2_7.dll
2012-12-01 20:35 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2012-12-01 20:35 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2012-12-01 20:35 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2012-12-01 20:35 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2012-12-01 20:33 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2012-12-01 20:33 . 2012-12-01 20:34	--------	d-----w-	C:\Directx
2012-12-01 20:33 . 2011-03-12 12:08	1465344	----a-w-	c:\windows\system32\XpsPrint.dll
2012-12-01 20:33 . 2011-03-12 11:23	870912	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2012-12-01 20:33 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2012-12-01 20:33 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2012-12-01 20:33 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2012-12-01 20:33 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2012-12-01 20:31 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-12-01 20:30 . 2011-02-23 04:55	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2012-12-01 20:23 . 2012-03-28 20:20	--------	d-----w-	c:\programdata\MAGIX
2012-12-01 20:16 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-12-01 20:16 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-12-01 20:02 . 2012-12-15 21:28	--------	d-----w-	c:\programdata\Microsoft Help
2012-12-01 19:54 . 2012-06-09 10:32	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-12-01 19:54 . 2012-06-16 15:51	--------	d-----w-	c:\program files\DivX
2012-12-01 19:53 . 2012-06-16 15:51	--------	d-----w-	c:\program files (x86)\DivX
2012-12-01 19:52 . 2012-06-16 15:51	--------	d-----w-	c:\programdata\DivX
2012-12-01 19:51 . 2012-12-01 19:51	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-12-01 19:50 . 2012-05-19 12:54	--------	d-----w-	c:\program files\Adobe
2012-12-01 19:49 . 2012-12-01 19:50	--------	d-----w-	c:\program files\Common Files\Adobe
2012-12-01 19:44 . 2012-05-19 12:58	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-12-01 19:42 . 2012-12-01 19:42	--------	d-----w-	c:\program files (x86)\Audacity
2012-12-01 19:40 . 2012-12-01 19:40	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-12-01 18:47 . 2012-12-01 18:47	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2012-12-01 18:47 . 2012-12-01 18:47	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-01 18:46 . 2012-12-15 21:06	200384	----a-w-	c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-12-01 18:45 . 2012-12-01 18:45	--------	d-----w-	c:\program files\Microsoft Help Viewer
2012-12-01 18:35 . 2012-12-01 18:35	--------	d-----w-	c:\program files\Elantech
2012-12-01 18:35 . 2010-04-13 10:15	135560	----a-w-	c:\windows\system32\drivers\ETD.sys
2012-12-01 18:35 . 2010-02-03 06:03	4677512	----a-w-	c:\windows\system32\ETDUI.cpl
2012-12-01 18:25 . 2012-12-01 18:45	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2012-12-01 17:05 . 2012-12-14 18:19	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-01 17:05 . 2012-12-01 17:05	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-12-01 17:05 . 2012-12-01 17:05	--------	d-----w-	c:\windows\system32\Macromed
2012-12-01 16:38 . 2009-11-18 08:03	53248	----a-r-	c:\windows\SysWow64\CSVer.dll
2012-12-01 16:37 . 2012-12-01 16:37	--------	d-----w-	c:\windows\SysWow64\sda
2012-12-01 16:37 . 2010-07-20 09:42	422504	----a-w-	c:\windows\system32\RtsUStor.dll
2012-12-01 16:37 . 2012-12-20 17:27	--------	d-sh--w-	c:\windows\Installer
2012-12-01 16:36 . 2010-09-22 01:47	243712	----a-r-	c:\windows\system32\drivers\RtsUStor.sys
2012-12-01 16:36 . 2010-07-20 09:42	9112168	----a-w-	c:\windows\SysWow64\RtsUStoricon.dll
2012-12-01 16:34 . 2012-01-28 13:36	--------	d-----w-	c:\program files (x86)\Intel
2012-12-01 16:34 . 2012-01-10 20:19	62464	----a-w-	c:\windows\system32\igfxsrvc.dll
2012-12-01 16:34 . 2012-01-10 20:19	110080	----a-w-	c:\windows\system32\hccutils.dll
2012-12-01 16:34 . 2012-01-10 20:18	9014784	----a-w-	c:\windows\system32\igfxress.dll
2012-12-01 16:34 . 2010-07-20 00:14	90112	----a-w-	c:\windows\system32\igfxCoIn_v2182.dll
2012-12-01 16:33 . 2009-09-17 05:54	56344	----a-w-	c:\windows\system32\drivers\HECIx64.sys
2012-12-01 16:32 . 2010-05-11 10:11	2229608	----a-w-	c:\windows\system32\drivers\athrx.sys
2012-11-26 19:29 . 2012-09-24 22:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 16:18 . 2012-11-24 16:18	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-11-24 16:18 . 2012-11-24 16:18	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 18:19 . 2012-04-07 08:20	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 14:58 . 2009-10-14 05:12	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-12-15 20:49	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-15 20:49	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-15 20:49	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:08 . 2012-10-09 17:09	8192	----a-w-	c:\windows\SysWow64\srvany.exe
2012-10-04 16:40 . 2012-12-15 20:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETD Control Center"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 649608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1075.tmp [2009-06-18 6144]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 OAfilt;OAfilt;c:\windows\system32\drivers\OAfilt.sys [2010-03-09 27136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 243712]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-01-28 868848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys [2010-05-14 343080]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 32789138
*NewlyCreated* - 83674301
*NewlyCreated* - ASWMBR
*Deregistered* - 32789138
*Deregistered* - 83674301
*Deregistered* - aswMBR
*Deregistered* - TuneUpUtilitiesDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 18:19]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 17:10]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 17:10]
.
2012-12-20 c:\windows\Tasks\vlpwcvxy.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"EzPrint"="c:\program files (x86)\Lexmark Pro700 Series\ezprint.exe" [2011-01-23 148280]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page =  
uStart Page = hxxp://de.ask.com/?l=dis&o=102875&gct=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8DE48309-9898-46A9-B8FC-639DDB3B91BA}: NameServer = 192.168.178.103,192.168.178.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\fyuzp2lz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - ExtSQL: 2012-12-17 17:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\fyuzp2lz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1075.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*za]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*za\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*za]
@Allowed: (Read) (RestrictedCode)
"0"=hex:48,3a,5c,4d,75,73,69,6b,5c,53,6f,6e,73,74,69,67,65,5c,41,6c,65,78,20,
   43,2e,20,2d,20,44,75,20,48,61,73,74,20,64,65,6e,20,73,63,68,c3,b6,6e,73,74,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3022334636-3528408976-154827064-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,40,05,e0,bf,03,b5,e5,38,0f,e4,b9,ba,c4,4b,4e,db,6a,ef,98,fe,
   9d,f9,f6,ed,88,1e,53,da,35,3d,f8,ad,e7,fa,2e,a2,2f,4d,5f,f3,80,51,61,ae,5e,\
"rkeysecu"=hex:44,b1,ac,69,d8,8a,a4,33,a3,ec,6f,3d,82,95,e5,cf
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-20  22:41:31
ComboFix-quarantined-files.txt  2012-12-20 21:41
.
Vor Suchlauf: 10 Verzeichnis(se), 433.131.724.800 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 433.229.754.368 Bytes frei
.
- - End Of File - - D3B6E9CBDC3BB68C43331312D0EE4901
         
--- --- ---

Antwort

Themen zu Google Redirect - Malware - Google leitet falsch um
anbieter, anti, anzahl, aufsuchen, falsch, forum, frage, fragen, google, google redirect, hallo zusammen, interessant, leitet, malware, malwarebytes, mas, microsoft, neu, problem, probleme, programme, redirect, suchmaschine, viren, woche, zusammen



Ähnliche Themen: Google Redirect - Malware - Google leitet falsch um


  1. Windows 7: Google Redirect leitet auf Werbeseite mit Captcha
    Log-Analyse und Auswertung - 07.09.2014 (3)
  2. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  3. google leitet falsch um
    Log-Analyse und Auswertung - 16.05.2012 (11)
  4. Google redirect Malware
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (26)
  5. Google leitet falsch weiter
    Plagegeister aller Art und deren Bekämpfung - 12.02.2011 (5)
  6. Google leitet auf ungewünschte Seiten weiter (redirect, jumper)
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (22)
  7. Google leitet falsch weiter & ... .exe hat ein Problem festgestellt und muss beendet werden
    Log-Analyse und Auswertung - 11.11.2010 (11)
  8. Google leitet falsch weiter, manche Seiten lassen sich gar nicht öffnen, Malwarebytes defekt!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (34)
  9. Google leitet falsch weiter...Bin ratlos!
    Log-Analyse und Auswertung - 07.02.2010 (3)
  10. Schonwieder jemand mit "Google leitet falsch" Komme selber nicht weiter.
    Plagegeister aller Art und deren Bekämpfung - 04.02.2010 (1)
  11. HiJackThis lässt sich gar nicht erst installieren! Google leitet falsch weiter.Hilfe!
    Log-Analyse und Auswertung - 21.11.2009 (1)
  12. Google leitet falsch weiter/Anti-Malware Programme lassen sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 19.08.2009 (8)
  13. Google leitet falsch weiter, wo ist der Trojaner?
    Log-Analyse und Auswertung - 16.07.2009 (3)
  14. google leitet falsch weiter
    Log-Analyse und Auswertung - 11.02.2009 (17)
  15. Google leitet falsch weiter
    Log-Analyse und Auswertung - 11.02.2009 (15)
  16. Google leitet auf Malware-Seiten um
    Log-Analyse und Auswertung - 23.12.2008 (11)
  17. Google leitet falsch weiter etc.
    Log-Analyse und Auswertung - 22.10.2008 (1)

Zum Thema Google Redirect - Malware - Google leitet falsch um - Hallo zusammen, vorab der Username sollte MasterofDesaster heißen entweder ist der Username auf eine Zeichenanzahl begrenzt oder ich habe mich vertippt *peinlich* Wäre schön wen das irgendwie umgeändert werden könnte. - Google Redirect - Malware - Google leitet falsch um...
Archiv
Du betrachtest: Google Redirect - Malware - Google leitet falsch um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.