Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Deutsche Post Mail

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.01.2013, 16:03   #1
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Hallo,
ich habe exakt das gleiche Problem wie in dem Thread:
deutsche post fehler in der lieferanschrift - aber keine zip datei
Ja, ich bin ein Depp, auf den Link zu klicken. Dummerweise habe ich Tage davor ein Paketkleber online gedruckt.

Sagt dir das was?
Gruss, Joachim

Code:
ATTFilter
ComboFix 13-01-31.01 - jo 31.01.2013  15:59:46.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1977.1019 [GMT 1:00]
ausgeführt von:: c:\users\jo\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\jo\AppData\Roaming\.#
c:\users\jo\AppData\Roaming\inst.exe
c:\users\jo\AppData\Roaming\siw_sdk.dll
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-28 bis 2013-01-31  ))))))))))))))))))))))))))))))
.
.
2013-01-31 15:08 . 2013-01-31 15:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-30 09:46 . 2013-01-30 09:50	--------	d-----w-	c:\programdata\HitmanPro
2013-01-29 14:34 . 2013-01-15 01:45	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{48CA11FA-3518-4D33-9016-9528B8A36638}\mpengine.dll
2013-01-29 10:41 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-29 10:41 . 2013-01-29 10:41	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-28 07:56 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-21 16:45 . 2012-11-22 05:44	800768	----a-w-	c:\windows\system32\usp10.dll
2013-01-21 16:45 . 2012-11-22 04:45	626688	----a-w-	c:\windows\SysWow64\usp10.dll
2013-01-21 16:45 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-21 16:45 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-21 16:45 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-21 16:45 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-21 16:45 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-21 16:45 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-21 16:45 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-21 16:45 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-21 16:43 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-13 10:42 . 2013-01-19 17:30	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-01-11 13:35 . 2013-01-12 13:20	--------	d-----w-	c:\programdata\On-ScreenKeyboardPortable
2013-01-11 13:30 . 2013-01-11 14:24	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-01-11 13:30 . 2013-01-31 14:55	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-03 14:48 . 2013-01-31 10:16	--------	d-----w-	c:\users\jo\AppData\Roaming\vlc
2013-01-03 14:47 . 2013-01-03 14:47	--------	d-----w-	c:\program files\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 16:57 . 2010-03-06 14:12	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 16:40 . 2012-04-01 09:42	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:40 . 2011-08-14 17:59	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 10:15 . 2009-11-27 08:42	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-12-16 17:11 . 2012-12-22 12:23	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 12:23	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:23	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:23	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-02 14:25 . 2012-12-02 14:25	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-02 14:25 . 2012-12-02 14:25	289768	----a-w-	c:\windows\system32\javaws.exe
2012-12-02 14:25 . 2012-12-02 14:25	189416	----a-w-	c:\windows\system32\javaw.exe
2012-12-02 14:25 . 2012-12-02 14:25	188904	----a-w-	c:\windows\system32\java.exe
2012-12-02 14:25 . 2012-12-02 14:22	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-02 14:25 . 2012-12-02 14:22	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-30 04:45 . 2013-01-21 16:43	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-09 05:45 . 2012-12-16 08:50	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-16 08:50	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-06 11:33	220608	----a-w-	c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-06 11:33	220608	----a-w-	c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-06 11:33	220608	----a-w-	c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-11 1231368]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-06-11 3695416]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2009-11-27 1265664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avisfltr;avisfltr;c:\windows\system32\DRIVERS\avisfltr.sys [2012-05-29 388168]
R3 cpuz135;cpuz135;c:\users\jo\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-05-07 63264]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-05-07 49696]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2008-02-21 196992]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2011-04-15 610816]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-07 82816]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-06 11:33	244672	----a-w-	c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-06 11:33	244672	----a-w-	c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-06 11:33	244672	----a-w-	c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 492032]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-15 1172480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.de/
FF - prefs.js: network.proxy.ftp - 95.141.193.49
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 95.141.193.49
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 95.141.193.49
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 95.141.193.49
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-12-02 10:27; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-31  16:12:10
ComboFix-quarantined-files.txt  2013-01-31 15:12
.
Vor Suchlauf: 107938349056 Bytes frei
Nach Suchlauf: 107552894976 Bytes frei
.
- - End Of File - - E76FF355488DD130C343E802E3B45689
         

Geändert von Roadmaster (31.01.2013 um 16:24 Uhr)

Alt 03.02.2013, 09:48   #2
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Wieso führst du ComboFix ohne Anweisung aus?
Haben Hitman und ComboFix dein Problem behoben?

Welches Problem hattest du? Eine genauere Beschreibung wäre hilfreich.

Hast du diesen Proxy Server eingerichtet?
FF - prefs.js: network.proxy.socks - 95.141.193.49
__________________

__________________

Alt 03.02.2013, 10:17   #3
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Hallo,

> Haben Hitman und ComboFix dein Problem behoben?
bzw.
> Welches Problem hattest du? Eine genauere Beschreibung wäre hilfreich.

Genau genommen weiss ich garnicht, ob ich überhaupt ein Problem habe. Jedenfalls kann ich keine Auffälligkeiten an meinem Läppi feststellen.
Ich habe nur dummerweise den Link in der Postmail angeklickt, wo allerdings ein 404 zu sehen war. Ob das jetzt ein gefaktes 404 war, kenn ich nicht beurteilen.
Ich habe keine Zip Datei runtergeladen, noch eine exe ausgeführt.

Bei Hitman oder Combofix konnte ich jedenfalls keinen Trojaner erkennen.

Gruss, Joachim


> Hast du diesen Proxy Server eingerichtet?
> FF - prefs.js: network.proxy.socks - 95.141.193.49

Er wurde mal von mir eingetragen, ist aber nicht aktiviert.
__________________

Alt 03.02.2013, 10:25   #4
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Servus,


möchtest du deinen Rechner einer genaueren Analyse unterziehen?
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 03.02.2013, 11:25   #5
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Hallo,
ja, kann ja nicht schaden.
Gruss, Joachim


Alt 03.02.2013, 12:36   #6
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Servus Joachim,


na dann geht es gleich los.






Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt[/B] auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________
--> Deutsche Post Mail

Alt 03.02.2013, 15:54   #7
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



So, das Ergebnis:

Code:
ATTFilter
OTL logfile created on: 03.02.2013 14:45:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.93% Memory free
5.84 Gb Paging File | 4.52 Gb Available in Paging File | 77.39% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 97.01 Gb Free Space | 70.69% Space Free | Partition Type: NTFS
 
Computer Name: JO-PC | User Name: jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.02.03 14:42:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
PRC - [2013.01.31 16:23:54 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.01.31 16:23:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.31 16:23:09 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2010.03.24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.08.11 23:08:50 | 001,231,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
PRC - [2007.07.02 07:14:44 | 001,265,664 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2007.07.02 05:56:43 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2007.02.22 09:33:43 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_K_Win32.dll
MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.15 17:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009.08.12 00:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013.01.31 16:23:54 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.01.31 16:23:09 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.19 17:07:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 17:40:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.31 16:24:28 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.01.31 16:24:28 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.31 16:24:27 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.29 17:41:20 | 000,388,168 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avisfltr.sys -- (avisfltr)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.07 15:55:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.31 00:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.07 23:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009.05.07 23:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.09.30 17:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}&lang=Deutsch (Deutschland)
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = https://www.pagessyndication.com/google/?q={searchTerms}&lang=Deutsch (Deutschland)
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{7E393A76-B290-4911-9C41-B78C9344EC21}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.20 11:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.02 10:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.26 11:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M]
 
[2013.01.19 17:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 17:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.15 10:44:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.31 16:08:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1740A04-164B-48FB-8F7B-8644309CAE82}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\jo\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SDTray - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Vidalia - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 -  File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - C:\Windows\SysWow64\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: hitmanpro37 - Reg Error: Value error.
SafeBootMin:64bit: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: hitmanpro37 - Reg Error: Value error.
SafeBootMin: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro37 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro37 - Reg Error: Value error.
SafeBootNet: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 14:42:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
[2013.01.31 16:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.31 16:31:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.01.31 16:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.31 16:26:02 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.31 16:26:02 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.31 16:26:01 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.31 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.01.31 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.31 15:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.31 15:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.31 15:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- \Qoobox
[2013.01.31 15:35:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.01.29 11:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.29 11:41:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.29 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.28 08:56:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.25 08:42:59 | 000,000,000 | -H-D | C] -- C:\Users\jo\Documents\Freemake_do_not_remove_this_folder
[2013.01.21 17:45:21 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.21 17:45:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.21 17:45:08 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.21 17:45:08 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.21 17:44:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.21 17:44:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.21 17:44:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.21 17:44:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.21 17:44:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.21 17:44:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.21 17:44:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.21 17:44:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.21 17:44:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.21 17:44:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.21 17:44:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.21 17:44:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.21 17:44:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.21 17:44:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.21 17:44:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.21 17:44:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.21 17:44:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.21 17:44:19 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.21 17:44:19 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.21 17:44:19 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.21 17:44:17 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.21 17:44:17 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.21 17:44:17 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.21 17:44:17 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.21 17:44:17 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.21 17:44:17 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.21 17:44:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.21 17:44:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.21 17:43:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.21 17:43:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.21 17:43:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.21 17:43:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.21 17:43:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.21 17:43:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.21 17:43:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.21 17:43:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.21 17:43:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.21 17:43:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.21 17:43:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.21 17:43:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.21 17:43:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.21 17:43:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.21 17:43:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.21 17:43:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.21 17:43:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.21 17:43:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.21 17:43:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.21 17:43:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.19 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.13 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.11 14:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\On-ScreenKeyboardPortable
[2013.01.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.11 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.07 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\gopro
[2009.08.26 06:27:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 14:42:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
[2013.02.03 14:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 14:06:41 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 14:06:41 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 14:05:32 | 001,640,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.03 14:05:32 | 000,711,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.03 14:05:32 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.03 14:05:32 | 000,152,690 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.03 14:05:32 | 000,125,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.03 14:00:10 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.02.03 13:58:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 13:58:25 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.31 16:24:28 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.31 16:24:28 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.31 16:24:27 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.31 16:08:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.26 17:27:29 | 014,822,190 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv
[2013.01.23 12:05:56 | 000,088,267 | ---- | M] () -- C:\Users\jo\Documents\Hardcopy.pdf
[2013.01.23 11:42:07 | 000,169,328 | ---- | M] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf
[2013.01.22 17:19:23 | 005,056,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.21 18:07:17 | 001,618,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.13 12:06:49 | 014,338,402 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv
[2013.01.13 11:42:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.11 11:27:54 | 014,773,407 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv
[2013.01.09 17:40:05 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 17:40:05 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.06 15:33:49 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
 
========== Files Created - No Company Name ==========
 
[2013.01.31 16:31:34 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.31 15:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.31 15:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.31 15:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.31 15:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.31 15:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 17:27:15 | 014,822,190 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv
[2013.01.23 11:42:04 | 000,169,328 | ---- | C] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf
[2013.01.13 11:52:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.13 11:42:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.13 11:42:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.13 11:35:23 | 014,338,402 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv
[2013.01.11 11:27:41 | 014,773,407 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv
[2012.10.17 09:31:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.05.23 20:01:54 | 000,000,355 | ---- | C] () -- C:\Users\jo\Netzwerk - Verknüpfung.lnk
[2012.04.02 13:18:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.04.01 10:41:54 | 000,017,408 | ---- | C] () -- C:\Users\jo\AppData\Local\WebpageIcons.db
[2012.02.23 19:03:22 | 000,000,218 | ---- | C] () -- C:\Users\jo\.recently-used.xbel
[2011.12.19 13:59:04 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini
[2011.10.12 16:18:58 | 000,000,000 | ---- | C] () -- C:\Users\jo\AppData\Local\{45511484-10CE-4BDD-B175-20E8C66390BC}
[2011.04.19 15:37:29 | 000,000,049 | ---- | C] () -- C:\Windows\VCDWizardDLL.INI
[2011.02.15 10:55:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.08 13:55:34 | 000,002,793 | ---- | C] () -- C:\Users\jo\jo2.wmi
[2010.08.14 12:42:59 | 000,005,120 | ---- | C] () -- C:\Users\jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.25 09:20:21 | 000,001,457 | ---- | C] () -- C:\Users\jo\AppData\Local\RecConfig.xml
[2010.02.18 18:51:54 | 000,007,598 | ---- | C] () -- C:\Users\jo\AppData\Local\Resmon.ResmonCfg
[2009.11.27 09:42:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.09 01:38:10 | 000,002,716 | RHS- | C] () -- \Patch.rev
[2009.09.08 15:51:25 | 1554,743,296 | -HS- | C] () -- \hiberfil.sys
[2009.08.22 11:16:37 | 000,000,174 | RHS- | C] () -- \Preload.rev
[2009.07.27 21:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009.07.27 21:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr
[2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007.11.07 08:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
[2007.11.07 08:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
[2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
 
========== ZeroAccess Check ==========
 
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE"
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 03.02.2013 14:45:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.93% Memory free
5.84 Gb Paging File | 4.52 Gb Available in Paging File | 77.39% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 97.01 Gb Free Space | 70.69% Space Free | Partition Type: NTFS
 
Computer Name: JO-PC | User Name: jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017803BA-50CE-456D-8206-91CFCE10BE48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0C3B6D49-0BDC-4BD3-8314-6BB459221788}" = lport=138 | protocol=17 | dir=in | app=system | 
"{14C275A8-77B7-4C47-B04B-B16D2BE8D1FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2946FE09-7803-4001-ABB5-B2036A909704}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4185DEE9-3A9E-4DEC-BFF7-096A5FCB1666}" = lport=137 | protocol=17 | dir=in | app=system | 
"{664EF62D-0FE6-43E4-A80C-DEECB921161F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7A57A46E-18C3-4F60-A42C-1FBFE9BBC9D5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D23C857-08B6-4F1E-9441-F44BEEAF0E3C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{813B7A27-17FA-41FC-9742-0985983ED1EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8880ABBC-96F8-4A26-87AF-A2EDA788CC0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8A2D8CE8-118F-4976-9EFE-8F0167C8CB9D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ACE6E496-C380-4114-A0AC-FCB7A9C2B7B3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D9E50C10-AE38-488A-8696-EFD7D0E2B921}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC48EEDA-CEF6-4030-A723-BA3989C09CB8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E0B41035-96C2-4FDF-BBF9-417D4473CBCB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E1A31072-529B-439A-8E6C-405930638614}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0558FEEE-AD3C-4DCD-A36B-2358B9AEF989}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{30BDE348-DC04-44FB-A606-E631272325F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{80A90723-2820-457E-B727-02E7C49F43BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8893C1D0-8F0B-4871-9FD1-21E7F531644C}" = dir=in | app=c:\users\jo\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{9BBEFB97-9D1F-4B1A-B189-93F629C152DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BEA66DA8-A589-4EE7-82A0-75279C31B6C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CDEFC9CF-F690-421A-8544-D97B1B5DA5FD}" = dir=in | app=c:\users\jo\appdata\local\microsoft\skydrive\skydrive.exe | 
"TCP Query User{5E2A2928-C0D5-4066-BBF6-7CF500EA3249}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{A97678C8-C078-41E1-92BE-EC3E66C22261}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{515BF98C-CC28-4BDA-99D3-132AAE6F32AD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{854F5B9E-0F7B-4CA7-BDA5-91659AC67DAA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.14.73
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62E9CD05-3D0A-4609-AAD7-0D4FFB91B3C8}" = Brother HL-2140
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}" = ACDSee for PENTAX 3.0
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-PDF Website Converter_is1" = 7-PDF Website Converter Version 1.0.3 (Build 236)
"7-Zip" = 7-Zip 9.20
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Desktop Media Player by Wishlistradio.com_is1" = Desktop Media Player by Wishlistradio.com v2.0.9
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.712
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.3.1206
"Free Studio_is1" = Free Studio version 5.8.0.1130
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.20.1031
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"GridVista" = Acer GridVista
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"HD Tune_is1" = HD Tune 2.55
"Identity Card" = Identity Card
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"VideoPad" = VideoPad Video Editor
"Watermark Image_is1" = Watermark Image software version 1.8.3.1
"Winamp" = Winamp (nur entfernen)
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 06:33:13 | Computer Name = jo-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 30.01.2013 06:33:14 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 30.01.2013 06:33:58 | Computer Name = jo-PC | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 30.01.2013 12:11:09 | Computer Name = jo-PC | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 30.01.2013 12:20:27 | Computer Name = jo-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\jo\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30.01.2013 12:20:30 | Computer Name = jo-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\jo\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 02.02.2013 12:43:13 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 02.02.2013 12:43:13 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 06:01:26 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 06:01:26 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 06:53:54 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 06:53:54 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 07:13:21 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 07:13:21 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 08:58:38 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
Error - 03.02.2013 08:58:38 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
 
 
< End of report >
         

Code:
ATTFilter
  defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:02 on 03/02/2013 (jo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-03 15:53:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0 149.05GB
Running: 466rogrr.exe; Driver: C:\Users\jo\AppData\Local\Temp\pgtdypoc.sys


---- Kernel code sections - GMER 2.0 ----

.text  C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                    fffff960001a3c00 7 bytes [C0, A0, F3, FF, 01, AC, F0]
.text  C:\Windows\System32\win32k.sys!W32pServiceTable + 9                                                                                                fffff960001a3c09 2 bytes [06, 02]

---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076361401 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076361419 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076361431 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007636144a 2 bytes [36, 76]
.text  ...                                                                                                                                                * 9
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000763614dd 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000763614f5 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007636150d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076361525 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007636153d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076361555 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007636156d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076361585 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007636159d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000763615b5 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000763615cd 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000763616b2 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000763616bd 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17         0000000076361401 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17           0000000076361419 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17         0000000076361431 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42         000000007636144a 2 bytes [36, 76]
.text  ...                                                                                                                                                * 9
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17            00000000763614dd 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17     00000000763614f5 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17            000000007636150d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17     0000000076361525 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17           000000007636153d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                0000000076361555 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17         000000007636156d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17           0000000076361585 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17              000000007636159d 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17           00000000763615b5 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17         00000000763615cd 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20     00000000763616b2 2 bytes [36, 76]
.text  C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31     00000000763616bd 2 bytes [36, 76]

---- Disk sectors - GMER 2.0 ----

Disk   \Device\Harddisk0\DR0                                                                                                                              unknown MBR code

---- EOF - GMER 2.0 ----
         

Alt 04.02.2013, 08:13   #8
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Servus Joachim,





Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 04.02.2013, 09:05   #9
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Code:
ATTFilter
10:01:43.0499 3428  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:01:43.0582 3428  ============================================================
10:01:43.0582 3428  Current date / time: 2013/02/04 10:01:43.0582
10:01:43.0582 3428  SystemInfo:
10:01:43.0582 3428  
10:01:43.0582 3428  OS Version: 6.1.7601 ServicePack: 1.0
10:01:43.0582 3428  Product type: Workstation
10:01:43.0583 3428  ComputerName: JO-PC
10:01:43.0583 3428  UserName: jo
10:01:43.0583 3428  Windows directory: C:\Windows
10:01:43.0583 3428  System windows directory: C:\Windows
10:01:43.0583 3428  Running under WOW64
10:01:43.0583 3428  Processor architecture: Intel x64
10:01:43.0583 3428  Number of processors: 1
10:01:43.0583 3428  Page size: 0x1000
10:01:43.0583 3428  Boot type: Normal boot
10:01:43.0583 3428  ============================================================
10:01:43.0935 3428  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:01:43.0939 3428  ============================================================
10:01:43.0939 3428  \Device\Harddisk0\DR0:
10:01:43.0940 3428  MBR partitions:
10:01:43.0940 3428  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
10:01:43.0940 3428  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x11276EB0
10:01:43.0940 3428  ============================================================
10:01:43.0994 3428  C: <-> \Device\Harddisk0\DR0\Partition2
10:01:43.0994 3428  ============================================================
10:01:43.0994 3428  Initialize success
10:01:43.0994 3428  ============================================================
10:01:50.0663 4128  ============================================================
10:01:50.0663 4128  Scan started
10:01:50.0663 4128  Mode: Manual; 
10:01:50.0663 4128  ============================================================
10:01:52.0032 4128  ================ Scan system memory ========================
10:01:52.0032 4128  System memory - ok
10:01:52.0035 4128  ================ Scan services =============================
10:01:52.0269 4128  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:01:52.0291 4128  1394ohci - ok
10:01:52.0395 4128  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:01:52.0397 4128  ACDaemon - ok
10:01:52.0429 4128  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:01:52.0438 4128  ACPI - ok
10:01:52.0471 4128  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:01:52.0487 4128  AcpiPmi - ok
10:01:52.0601 4128  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:01:52.0603 4128  AdobeARMservice - ok
10:01:52.0748 4128  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:01:52.0751 4128  AdobeFlashPlayerUpdateSvc - ok
10:01:52.0794 4128  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:01:52.0820 4128  adp94xx - ok
10:01:52.0870 4128  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:01:52.0884 4128  adpahci - ok
10:01:52.0898 4128  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:01:52.0907 4128  adpu320 - ok
10:01:52.0946 4128  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:01:52.0958 4128  AeLookupSvc - ok
10:01:53.0033 4128  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
10:01:53.0066 4128  Afc - ok
10:01:53.0115 4128  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:01:53.0122 4128  AFD - ok
10:01:53.0152 4128  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:01:53.0159 4128  agp440 - ok
10:01:53.0172 4128  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:01:53.0174 4128  ALG - ok
10:01:53.0191 4128  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:01:53.0198 4128  aliide - ok
10:01:53.0207 4128  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:01:53.0218 4128  amdide - ok
10:01:53.0254 4128  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:01:53.0276 4128  AmdK8 - ok
10:01:53.0282 4128  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:01:53.0322 4128  AmdPPM - ok
10:01:53.0350 4128  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:01:53.0358 4128  amdsata - ok
10:01:53.0389 4128  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:01:53.0401 4128  amdsbs - ok
10:01:53.0421 4128  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:01:53.0496 4128  amdxata - ok
10:01:53.0736 4128  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:01:53.0738 4128  AntiVirSchedulerService - ok
10:01:53.0812 4128  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:01:53.0814 4128  AntiVirService - ok
10:01:53.0852 4128  [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
10:01:53.0874 4128  ApfiltrService - ok
10:01:53.0903 4128  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:01:53.0926 4128  AppID - ok
10:01:53.0959 4128  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:01:53.0967 4128  AppIDSvc - ok
10:01:54.0023 4128  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:01:54.0032 4128  Appinfo - ok
10:01:54.0085 4128  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:01:54.0095 4128  arc - ok
10:01:54.0102 4128  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:01:54.0116 4128  arcsas - ok
10:01:54.0236 4128  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:01:54.0280 4128  aspnet_state - ok
10:01:54.0286 4128  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:01:54.0296 4128  AsyncMac - ok
10:01:54.0330 4128  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:01:54.0361 4128  atapi - ok
10:01:54.0438 4128  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:01:54.0568 4128  athr - ok
10:01:54.0618 4128  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:01:54.0724 4128  AudioEndpointBuilder - ok
10:01:54.0758 4128  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:01:54.0763 4128  AudioSrv - ok
10:01:54.0872 4128  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:01:54.0882 4128  avgntflt - ok
10:01:54.0959 4128  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:01:54.0971 4128  avipbb - ok
10:01:55.0049 4128  [ 837DC57745D3589E5E8BC6B6E5B008CA ] avisfltr        C:\Windows\system32\DRIVERS\avisfltr.sys
10:01:55.0075 4128  avisfltr - ok
10:01:55.0122 4128  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:01:55.0130 4128  avkmgr - ok
10:01:55.0174 4128  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:01:55.0183 4128  AxInstSV - ok
10:01:55.0242 4128  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:01:55.0266 4128  b06bdrv - ok
10:01:55.0312 4128  [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:01:55.0334 4128  b57nd60a - ok
10:01:55.0398 4128  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
10:01:55.0443 4128  BCM43XX - ok
10:01:55.0482 4128  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:01:55.0490 4128  BDESVC - ok
10:01:55.0525 4128  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:01:55.0529 4128  Beep - ok
10:01:55.0588 4128  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:01:55.0636 4128  BFE - ok
10:01:55.0701 4128  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
10:01:55.0721 4128  BITS - ok
10:01:55.0744 4128  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:01:55.0752 4128  blbdrive - ok
10:01:55.0790 4128  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:01:55.0800 4128  bowser - ok
10:01:55.0818 4128  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:55.0822 4128  BrFiltLo - ok
10:01:55.0835 4128  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:55.0838 4128  BrFiltUp - ok
10:01:55.0892 4128  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:01:55.0901 4128  BridgeMP - ok
10:01:56.0050 4128  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:01:56.0093 4128  Browser - ok
10:01:56.0121 4128  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:01:56.0151 4128  Brserid - ok
10:01:56.0163 4128  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:56.0169 4128  BrSerWdm - ok
10:01:56.0182 4128  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:56.0186 4128  BrUsbMdm - ok
10:01:56.0197 4128  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:56.0201 4128  BrUsbSer - ok
10:01:56.0214 4128  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:56.0220 4128  BTHMODEM - ok
10:01:56.0264 4128  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:01:56.0272 4128  bthserv - ok
10:01:56.0305 4128  catchme - ok
10:01:56.0324 4128  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:01:56.0332 4128  cdfs - ok
10:01:56.0367 4128  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
10:01:56.0377 4128  cdrom - ok
10:01:56.0424 4128  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:01:56.0431 4128  CertPropSvc - ok
10:01:56.0472 4128  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:01:56.0479 4128  circlass - ok
10:01:56.0504 4128  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:01:56.0509 4128  CLFS - ok
10:01:56.0576 4128  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:56.0579 4128  clr_optimization_v2.0.50727_32 - ok
10:01:56.0634 4128  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:01:56.0637 4128  clr_optimization_v2.0.50727_64 - ok
10:01:56.0753 4128  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:56.0841 4128  clr_optimization_v4.0.30319_32 - ok
10:01:56.0891 4128  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:01:56.0916 4128  clr_optimization_v4.0.30319_64 - ok
10:01:56.0954 4128  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:56.0958 4128  CmBatt - ok
10:01:56.0982 4128  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:01:56.0987 4128  cmdide - ok
10:01:57.0026 4128  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:01:57.0059 4128  CNG - ok
10:01:57.0080 4128  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:01:57.0086 4128  Compbatt - ok
10:01:57.0127 4128  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:01:57.0133 4128  CompositeBus - ok
10:01:57.0144 4128  COMSysApp - ok
10:01:57.0252 4128  cpuz135 - ok
10:01:57.0273 4128  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:57.0278 4128  crcdisk - ok
10:01:57.0349 4128  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:01:57.0362 4128  CryptSvc - ok
10:01:57.0415 4128  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:01:57.0433 4128  DcomLaunch - ok
10:01:57.0499 4128  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:01:57.0520 4128  defragsvc - ok
10:01:57.0555 4128  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:01:57.0672 4128  DfsC - ok
10:01:57.0704 4128  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:01:57.0709 4128  Dhcp - ok
10:01:57.0738 4128  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:01:57.0740 4128  discache - ok
10:01:57.0782 4128  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:01:57.0791 4128  Disk - ok
10:01:57.0915 4128  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
10:01:57.0959 4128  DKbFltr - ok
10:01:58.0013 4128  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:01:58.0026 4128  Dnscache - ok
10:01:58.0083 4128  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:01:58.0106 4128  dot3svc - ok
10:01:58.0134 4128  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:01:58.0138 4128  DPS - ok
10:01:58.0174 4128  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:01:58.0177 4128  drmkaud - ok
10:01:58.0235 4128  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:01:58.0260 4128  DXGKrnl - ok
10:01:58.0301 4128  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:01:58.0308 4128  EapHost - ok
10:01:58.0418 4128  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:01:58.0565 4128  ebdrv - ok
10:01:58.0598 4128  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:01:58.0600 4128  EFS - ok
10:01:58.0638 4128  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:01:58.0662 4128  elxstor - ok
10:01:58.0697 4128  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:01:58.0703 4128  ErrDev - ok
10:01:58.0865 4128  [ 2F6D55DC521C557880116B51925A792A ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
10:01:58.0867 4128  ETService - ok
10:01:58.0968 4128  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:01:59.0034 4128  EventSystem - ok
10:01:59.0058 4128  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:01:59.0080 4128  exfat - ok
10:01:59.0113 4128  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:01:59.0140 4128  fastfat - ok
10:01:59.0190 4128  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:01:59.0205 4128  Fax - ok
10:01:59.0219 4128  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:01:59.0224 4128  fdc - ok
10:01:59.0244 4128  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:01:59.0250 4128  fdPHost - ok
10:01:59.0266 4128  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:01:59.0273 4128  FDResPub - ok
10:01:59.0299 4128  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:01:59.0323 4128  FileInfo - ok
10:01:59.0352 4128  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:01:59.0357 4128  Filetrace - ok
10:01:59.0387 4128  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:59.0392 4128  flpydisk - ok
10:01:59.0421 4128  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:01:59.0475 4128  FltMgr - ok
10:01:59.0527 4128  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:01:59.0596 4128  FontCache - ok
10:01:59.0649 4128  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:01:59.0652 4128  FontCache3.0.0.0 - ok
10:01:59.0711 4128  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:01:59.0719 4128  FsDepends - ok
10:01:59.0787 4128  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
10:01:59.0794 4128  fssfltr - ok
10:01:59.0858 4128  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:01:59.0883 4128  Fs_Rec - ok
10:01:59.0927 4128  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:01:59.0931 4128  fvevol - ok
10:01:59.0963 4128  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:59.0971 4128  gagp30kx - ok
10:02:00.0019 4128  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:02:00.0048 4128  gpsvc - ok
10:02:00.0075 4128  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:02:00.0100 4128  hcw85cir - ok
10:02:00.0167 4128  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:02:00.0188 4128  HdAudAddService - ok
10:02:00.0217 4128  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:02:00.0220 4128  HDAudBus - ok
10:02:00.0247 4128  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:02:00.0253 4128  HidBatt - ok
10:02:00.0266 4128  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:02:00.0273 4128  HidBth - ok
10:02:00.0286 4128  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:02:00.0292 4128  HidIr - ok
10:02:00.0326 4128  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
10:02:00.0334 4128  hidserv - ok
10:02:00.0372 4128  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:02:00.0397 4128  HidUsb - ok
10:02:00.0436 4128  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:02:00.0443 4128  hkmsvc - ok
10:02:00.0489 4128  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:02:00.0510 4128  HomeGroupListener - ok
10:02:00.0555 4128  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:02:00.0567 4128  HomeGroupProvider - ok
10:02:00.0591 4128  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:02:00.0600 4128  HpSAMD - ok
10:02:00.0651 4128  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:02:00.0669 4128  HTTP - ok
10:02:00.0688 4128  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:02:00.0689 4128  hwpolicy - ok
10:02:00.0725 4128  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:02:00.0735 4128  i8042prt - ok
10:02:00.0841 4128  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:02:00.0847 4128  IAANTMON - ok
10:02:00.0878 4128  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:02:00.0881 4128  iaStor - ok
10:02:00.0996 4128  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:02:01.0018 4128  iaStorV - ok
10:02:01.0117 4128  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:02:01.0144 4128  idsvc - ok
10:02:01.0340 4128  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:02:01.0557 4128  igfx - ok
10:02:01.0588 4128  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:02:01.0596 4128  iirsp - ok
10:02:01.0647 4128  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:02:01.0666 4128  IKEEXT - ok
10:02:01.0702 4128  [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
10:02:01.0707 4128  int15 - ok
10:02:01.0783 4128  [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:02:01.0856 4128  IntcAzAudAddService - ok
10:02:01.0886 4128  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:02:01.0892 4128  intelide - ok
10:02:01.0920 4128  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:02:01.0936 4128  intelppm - ok
10:02:01.0975 4128  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:02:01.0983 4128  IPBusEnum - ok
10:02:02.0007 4128  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:02:02.0015 4128  IpFilterDriver - ok
10:02:02.0130 4128  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:02:02.0137 4128  iphlpsvc - ok
10:02:02.0169 4128  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:02:02.0178 4128  IPMIDRV - ok
10:02:02.0229 4128  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:02:02.0239 4128  IPNAT - ok
10:02:02.0265 4128  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:02:02.0271 4128  IRENUM - ok
10:02:02.0312 4128  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:02:02.0391 4128  isapnp - ok
10:02:02.0436 4128  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:02:02.0457 4128  iScsiPrt - ok
10:02:02.0477 4128  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:02:02.0487 4128  kbdclass - ok
10:02:02.0509 4128  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:02:02.0514 4128  kbdhid - ok
10:02:02.0533 4128  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:02:02.0536 4128  KeyIso - ok
10:02:02.0566 4128  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:02:02.0576 4128  KSecDD - ok
10:02:02.0624 4128  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:02:02.0635 4128  KSecPkg - ok
10:02:02.0671 4128  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:02:02.0676 4128  ksthunk - ok
10:02:02.0721 4128  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:02:02.0760 4128  KtmRm - ok
10:02:02.0790 4128  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
10:02:02.0797 4128  L1E - ok
10:02:02.0843 4128  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:02:02.0869 4128  LanmanServer - ok
10:02:02.0911 4128  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:02:02.0922 4128  LanmanWorkstation - ok
10:02:02.0946 4128  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:02:02.0954 4128  lltdio - ok
10:02:02.0995 4128  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:02:03.0017 4128  lltdsvc - ok
10:02:03.0037 4128  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:02:03.0043 4128  lmhosts - ok
10:02:03.0061 4128  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:02:03.0070 4128  LSI_FC - ok
10:02:03.0098 4128  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:02:03.0107 4128  LSI_SAS - ok
10:02:03.0120 4128  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:02:03.0137 4128  LSI_SAS2 - ok
10:02:03.0149 4128  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:02:03.0165 4128  LSI_SCSI - ok
10:02:03.0191 4128  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:02:03.0199 4128  luafv - ok
10:02:03.0220 4128  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:02:03.0227 4128  megasas - ok
10:02:03.0254 4128  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:02:03.0275 4128  MegaSR - ok
10:02:03.0309 4128  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:02:03.0318 4128  MMCSS - ok
10:02:03.0342 4128  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:02:03.0349 4128  Modem - ok
10:02:03.0362 4128  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:02:03.0364 4128  monitor - ok
10:02:03.0397 4128  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:02:03.0406 4128  mouclass - ok
10:02:03.0431 4128  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:02:03.0438 4128  mouhid - ok
10:02:03.0487 4128  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:02:03.0490 4128  mountmgr - ok
10:02:03.0649 4128  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:02:03.0650 4128  MozillaMaintenance - ok
10:02:03.0714 4128  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:02:03.0725 4128  mpio - ok
10:02:03.0778 4128  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:02:03.0784 4128  mpsdrv - ok
10:02:03.0858 4128  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:02:03.0896 4128  MpsSvc - ok
10:02:03.0931 4128  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:02:03.0942 4128  MRxDAV - ok
10:02:03.0989 4128  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:02:03.0999 4128  mrxsmb - ok
10:02:04.0037 4128  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:02:04.0058 4128  mrxsmb10 - ok
10:02:04.0079 4128  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:02:04.0088 4128  mrxsmb20 - ok
10:02:04.0112 4128  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:02:04.0133 4128  msahci - ok
10:02:04.0179 4128  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:02:04.0188 4128  msdsm - ok
10:02:04.0268 4128  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:02:04.0272 4128  MSDTC - ok
10:02:04.0317 4128  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:02:04.0324 4128  Msfs - ok
10:02:04.0346 4128  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:02:04.0349 4128  mshidkmdf - ok
10:02:04.0393 4128  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:02:04.0400 4128  msisadrv - ok
10:02:04.0438 4128  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:02:04.0447 4128  MSiSCSI - ok
10:02:04.0457 4128  msiserver - ok
10:02:04.0477 4128  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:02:04.0481 4128  MSKSSRV - ok
10:02:04.0498 4128  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:02:04.0502 4128  MSPCLOCK - ok
10:02:04.0522 4128  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:02:04.0526 4128  MSPQM - ok
10:02:04.0579 4128  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:02:04.0601 4128  MsRPC - ok
10:02:04.0622 4128  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:02:04.0623 4128  mssmbios - ok
10:02:04.0647 4128  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:02:04.0650 4128  MSTEE - ok
10:02:04.0663 4128  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:02:04.0667 4128  MTConfig - ok
10:02:04.0692 4128  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:02:04.0700 4128  Mup - ok
10:02:04.0756 4128  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:02:04.0771 4128  napagent - ok
10:02:04.0810 4128  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:02:04.0831 4128  NativeWifiP - ok
10:02:04.0891 4128  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:02:04.0911 4128  NDIS - ok
10:02:04.0938 4128  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:02:04.0944 4128  NdisCap - ok
10:02:04.0965 4128  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:02:04.0971 4128  NdisTapi - ok
10:02:05.0002 4128  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:02:05.0009 4128  Ndisuio - ok
10:02:05.0113 4128  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:02:05.0198 4128  NdisWan - ok
10:02:05.0260 4128  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:02:05.0266 4128  NDProxy - ok
10:02:05.0296 4128  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:02:05.0310 4128  NetBIOS - ok
10:02:05.0355 4128  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:02:05.0359 4128  NetBT - ok
10:02:05.0380 4128  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:02:05.0382 4128  Netlogon - ok
10:02:05.0423 4128  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:02:05.0444 4128  Netman - ok
10:02:05.0530 4128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0567 4128  NetMsmqActivator - ok
10:02:05.0596 4128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0597 4128  NetPipeActivator - ok
10:02:05.0624 4128  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:02:05.0632 4128  netprofm - ok
10:02:05.0646 4128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0647 4128  NetTcpActivator - ok
10:02:05.0659 4128  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0661 4128  NetTcpPortSharing - ok
10:02:05.0819 4128  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
10:02:05.0988 4128  netw5v64 - ok
10:02:06.0034 4128  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:02:06.0057 4128  nfrd960 - ok
10:02:06.0097 4128  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:02:06.0119 4128  NlaSvc - ok
10:02:06.0135 4128  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:02:06.0142 4128  Npfs - ok
10:02:06.0175 4128  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:02:06.0180 4128  nsi - ok
10:02:06.0200 4128  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:02:06.0209 4128  nsiproxy - ok
10:02:06.0288 4128  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:02:06.0387 4128  Ntfs - ok
10:02:06.0422 4128  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:02:06.0426 4128  Null - ok
10:02:06.0458 4128  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:02:06.0466 4128  nvraid - ok
10:02:06.0496 4128  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:02:06.0507 4128  nvstor - ok
10:02:06.0548 4128  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:02:06.0557 4128  nv_agp - ok
10:02:06.0593 4128  [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
10:02:06.0595 4128  O2FLASH - ok
10:02:06.0624 4128  [ 26DA4B40670AD436F7DAEC053A2A9ECA ] O2MDRDR         C:\Windows\system32\DRIVERS\o2mdx64.sys
10:02:06.0631 4128  O2MDRDR - ok
10:02:06.0644 4128  [ 2E69A2ADC12DAA7AC7B4FFD8601E88B0 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sdx64.sys
10:02:06.0650 4128  O2SDRDR - ok
10:02:06.0686 4128  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:02:06.0720 4128  ohci1394 - ok
10:02:06.0826 4128  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:02:06.0830 4128  ose - ok
10:02:06.0873 4128  [ 5F79934084DF6DC0635578864376CE54 ] OV550I          C:\Windows\system32\Drivers\ov550ivx.sys
10:02:06.0884 4128  OV550I - ok
10:02:06.0921 4128  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:02:06.0929 4128  p2pimsvc - ok
10:02:06.0958 4128  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:02:07.0012 4128  p2psvc - ok
10:02:07.0056 4128  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:02:07.0064 4128  Parport - ok
10:02:07.0090 4128  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:02:07.0191 4128  partmgr - ok
10:02:07.0225 4128  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:02:07.0236 4128  PcaSvc - ok
10:02:07.0257 4128  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:02:07.0277 4128  pci - ok
10:02:07.0324 4128  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:02:07.0329 4128  pciide - ok
10:02:07.0364 4128  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:02:07.0394 4128  pcmcia - ok
10:02:07.0429 4128  [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
10:02:07.0436 4128  pcouffin - ok
10:02:07.0453 4128  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:02:07.0462 4128  pcw - ok
10:02:07.0481 4128  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:02:07.0510 4128  PEAUTH - ok
10:02:07.0550 4128  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:02:07.0553 4128  PerfHost - ok
10:02:07.0638 4128  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:02:07.0712 4128  pla - ok
10:02:07.0762 4128  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:02:07.0792 4128  PlugPlay - ok
10:02:07.0820 4128  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:02:07.0830 4128  PNRPAutoReg - ok
10:02:07.0863 4128  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:02:07.0867 4128  PNRPsvc - ok
10:02:07.0909 4128  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:02:07.0933 4128  PolicyAgent - ok
10:02:07.0979 4128  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:02:07.0982 4128  Power - ok
10:02:08.0011 4128  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:02:08.0019 4128  PptpMiniport - ok
10:02:08.0052 4128  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:02:08.0063 4128  Processor - ok
10:02:08.0110 4128  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:02:08.0154 4128  ProfSvc - ok
10:02:08.0177 4128  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:02:08.0179 4128  ProtectedStorage - ok
10:02:08.0235 4128  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:02:08.0237 4128  Psched - ok
10:02:08.0298 4128  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:02:08.0443 4128  ql2300 - ok
10:02:08.0451 4128  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:02:08.0469 4128  ql40xx - ok
10:02:08.0517 4128  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:02:08.0539 4128  QWAVE - ok
10:02:08.0551 4128  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:02:08.0558 4128  QWAVEdrv - ok
10:02:08.0565 4128  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:02:08.0583 4128  RasAcd - ok
10:02:08.0612 4128  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:02:08.0622 4128  RasAgileVpn - ok
10:02:08.0642 4128  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:02:08.0652 4128  RasAuto - ok
10:02:08.0693 4128  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:02:08.0702 4128  Rasl2tp - ok
10:02:08.0745 4128  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:02:08.0855 4128  RasMan - ok
10:02:08.0868 4128  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:02:08.0882 4128  RasPppoe - ok
10:02:08.0896 4128  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:02:08.0904 4128  RasSstp - ok
10:02:08.0928 4128  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:02:08.0950 4128  rdbss - ok
10:02:08.0963 4128  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:02:08.0968 4128  rdpbus - ok
10:02:08.0992 4128  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:02:08.0993 4128  RDPCDD - ok
10:02:09.0011 4128  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:02:09.0012 4128  RDPENCDD - ok
10:02:09.0034 4128  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:02:09.0036 4128  RDPREFMP - ok
10:02:09.0086 4128  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:02:09.0093 4128  RdpVideoMiniport - ok
10:02:09.0120 4128  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:02:09.0142 4128  RDPWD - ok
10:02:09.0233 4128  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:02:09.0245 4128  rdyboost - ok
10:02:09.0299 4128  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:02:09.0308 4128  RemoteAccess - ok
10:02:09.0421 4128  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:02:09.0434 4128  RemoteRegistry - ok
10:02:09.0470 4128  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:02:09.0480 4128  RpcEptMapper - ok
10:02:09.0513 4128  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:02:09.0515 4128  RpcLocator - ok
10:02:09.0555 4128  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:02:09.0562 4128  RpcSs - ok
10:02:09.0592 4128  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:02:09.0599 4128  rspndr - ok
10:02:09.0616 4128  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:02:09.0618 4128  SamSs - ok
10:02:09.0654 4128  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:02:09.0664 4128  sbp2port - ok
10:02:09.0705 4128  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:02:09.0717 4128  SCardSvr - ok
10:02:09.0742 4128  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:02:09.0749 4128  scfilter - ok
10:02:09.0786 4128  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:02:09.0846 4128  Schedule - ok
10:02:09.0899 4128  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:02:09.0900 4128  SCPolicySvc - ok
10:02:09.0953 4128  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
10:02:09.0960 4128  sdbus - ok
10:02:10.0014 4128  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:02:10.0037 4128  SDRSVC - ok
10:02:10.0137 4128  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:02:10.0144 4128  SDScannerService - ok
10:02:10.0225 4128  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:02:10.0259 4128  SDUpdateService - ok
10:02:10.0301 4128  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:02:10.0304 4128  SDWSCService - ok
10:02:10.0349 4128  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:02:10.0354 4128  secdrv - ok
10:02:10.0407 4128  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:02:10.0414 4128  seclogon - ok
10:02:10.0448 4128  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
10:02:10.0451 4128  SENS - ok
10:02:10.0477 4128  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:02:10.0484 4128  SensrSvc - ok
10:02:10.0513 4128  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:02:10.0517 4128  Serenum - ok
10:02:10.0530 4128  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:02:10.0538 4128  Serial - ok
10:02:10.0568 4128  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:02:10.0572 4128  sermouse - ok
10:02:10.0649 4128  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:02:10.0662 4128  SessionEnv - ok
10:02:10.0702 4128  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:02:10.0706 4128  sffdisk - ok
10:02:10.0727 4128  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:02:10.0732 4128  sffp_mmc - ok
10:02:10.0757 4128  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:02:10.0765 4128  sffp_sd - ok
10:02:10.0778 4128  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:02:10.0782 4128  sfloppy - ok
10:02:10.0863 4128  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:02:10.0877 4128  SharedAccess - ok
10:02:10.0944 4128  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:02:10.0959 4128  ShellHWDetection - ok
10:02:10.0970 4128  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:02:10.0980 4128  SiSRaid2 - ok
10:02:11.0003 4128  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:02:11.0012 4128  SiSRaid4 - ok
10:02:11.0067 4128  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:02:11.0094 4128  Smb - ok
10:02:11.0140 4128  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:02:11.0144 4128  SNMPTRAP - ok
10:02:11.0158 4128  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:02:11.0169 4128  spldr - ok
10:02:11.0213 4128  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:02:11.0230 4128  Spooler - ok
10:02:11.0342 4128  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:02:11.0423 4128  sppsvc - ok
10:02:11.0445 4128  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:02:11.0454 4128  sppuinotify - ok
10:02:11.0533 4128  [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:02:11.0535 4128  SQLWriter - ok
10:02:11.0577 4128  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:02:11.0606 4128  srv - ok
10:02:11.0639 4128  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:02:11.0667 4128  srv2 - ok
10:02:11.0714 4128  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:02:11.0736 4128  SrvHsfHDA - ok
10:02:11.0789 4128  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:02:11.0899 4128  SrvHsfV92 - ok
10:02:11.0944 4128  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:02:12.0025 4128  SrvHsfWinac - ok
10:02:12.0082 4128  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:02:12.0144 4128  srvnet - ok
10:02:12.0196 4128  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:02:12.0248 4128  SSDPSRV - ok
10:02:12.0285 4128  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:02:12.0301 4128  SstpSvc - ok
10:02:12.0337 4128  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:02:12.0344 4128  stexstor - ok
10:02:12.0389 4128  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:02:12.0422 4128  stisvc - ok
10:02:12.0466 4128  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:02:12.0522 4128  swenum - ok
10:02:12.0567 4128  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:02:12.0596 4128  swprv - ok
10:02:12.0679 4128  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:02:12.0726 4128  SysMain - ok
10:02:12.0869 4128  [ 756AB3173A28DC66153214B59EBBC271 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
10:02:12.0887 4128  SystemExplorerHelpService - ok
10:02:12.0940 4128  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:02:12.0957 4128  TabletInputService - ok
10:02:13.0119 4128  [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
10:02:13.0124 4128  tap0901 - ok
10:02:13.0185 4128  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:02:13.0253 4128  TapiSrv - ok
10:02:13.0318 4128  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:02:13.0321 4128  TBS - ok
10:02:13.0401 4128  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:02:13.0494 4128  Tcpip - ok
10:02:13.0530 4128  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:02:13.0541 4128  TCPIP6 - ok
10:02:13.0579 4128  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:02:13.0585 4128  tcpipreg - ok
10:02:13.0623 4128  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:02:13.0629 4128  TDPIPE - ok
10:02:13.0676 4128  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:02:13.0681 4128  TDTCP - ok
10:02:13.0709 4128  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:02:13.0717 4128  tdx - ok
10:02:13.0742 4128  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:02:13.0752 4128  TermDD - ok
10:02:13.0785 4128  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:02:13.0818 4128  TermService - ok
10:02:13.0845 4128  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:02:13.0853 4128  Themes - ok
10:02:13.0895 4128  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:02:13.0897 4128  THREADORDER - ok
10:02:13.0918 4128  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:02:13.0931 4128  TrkWks - ok
10:02:13.0999 4128  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:02:14.0001 4128  TrustedInstaller - ok
10:02:14.0084 4128  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:02:14.0090 4128  tssecsrv - ok
10:02:14.0199 4128  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:02:14.0206 4128  TsUsbFlt - ok
10:02:14.0287 4128  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:02:14.0296 4128  tunnel - ok
10:02:14.0336 4128  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:02:14.0344 4128  uagp35 - ok
10:02:14.0390 4128  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:02:14.0412 4128  udfs - ok
10:02:14.0462 4128  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:02:14.0465 4128  UI0Detect - ok
10:02:14.0518 4128  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
10:02:14.0525 4128  UimBus - ok
10:02:14.0557 4128  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
10:02:14.0611 4128  Uim_IM - ok
10:02:14.0638 4128  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
10:02:14.0681 4128  Uim_VIM - ok
10:02:14.0709 4128  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:02:14.0719 4128  uliagpkx - ok
10:02:14.0761 4128  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
10:02:14.0768 4128  umbus - ok
10:02:14.0805 4128  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:02:14.0810 4128  UmPass - ok
10:02:14.0893 4128  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:02:14.0897 4128  Updater Service - ok
10:02:14.0938 4128  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:02:14.0960 4128  upnphost - ok
10:02:15.0047 4128  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:02:15.0055 4128  usbaudio - ok
10:02:15.0122 4128  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:02:15.0166 4128  usbccgp - ok
10:02:15.0209 4128  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:02:15.0279 4128  usbcir - ok
10:02:15.0321 4128  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:02:15.0332 4128  usbehci - ok
10:02:15.0365 4128  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:02:15.0386 4128  usbhub - ok
10:02:15.0406 4128  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:02:15.0411 4128  usbohci - ok
10:02:15.0451 4128  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:02:15.0456 4128  usbprint - ok
10:02:15.0490 4128  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:02:15.0497 4128  usbscan - ok
10:02:15.0517 4128  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:02:15.0524 4128  USBSTOR - ok
10:02:15.0547 4128  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:02:15.0553 4128  usbuhci - ok
10:02:15.0617 4128  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:02:15.0637 4128  usbvideo - ok
10:02:15.0672 4128  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:02:15.0689 4128  UxSms - ok
10:02:15.0720 4128  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:02:15.0721 4128  VaultSvc - ok
10:02:15.0806 4128  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:02:15.0813 4128  vdrvroot - ok
10:02:15.0857 4128  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:02:15.0874 4128  vds - ok
10:02:15.0904 4128  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:02:15.0909 4128  vga - ok
10:02:15.0935 4128  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:02:15.0940 4128  VgaSave - ok
10:02:15.0973 4128  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:02:15.0987 4128  vhdmp - ok
10:02:16.0028 4128  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:02:16.0035 4128  viaide - ok
10:02:16.0062 4128  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:02:16.0071 4128  volmgr - ok
10:02:16.0120 4128  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:02:16.0126 4128  volmgrx - ok
10:02:16.0153 4128  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:02:16.0181 4128  volsnap - ok
10:02:16.0209 4128  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:02:16.0222 4128  vsmraid - ok
10:02:16.0300 4128  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:02:16.0350 4128  VSS - ok
10:02:16.0367 4128  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:02:16.0372 4128  vwifibus - ok
10:02:16.0415 4128  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:02:16.0422 4128  vwififlt - ok
10:02:16.0455 4128  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:02:16.0456 4128  vwifimp - ok
10:02:16.0507 4128  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:02:16.0512 4128  W32Time - ok
10:02:16.0535 4128  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:02:16.0540 4128  WacomPen - ok
10:02:16.0579 4128  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:02:16.0589 4128  WANARP - ok
10:02:16.0599 4128  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:02:16.0600 4128  Wanarpv6 - ok
10:02:16.0671 4128  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:02:16.0718 4128  wbengine - ok
10:02:16.0753 4128  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:02:16.0774 4128  WbioSrvc - ok
10:02:16.0818 4128  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:02:16.0840 4128  wcncsvc - ok
10:02:16.0862 4128  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:02:16.0894 4128  WcsPlugInService - ok
10:02:16.0928 4128  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:02:16.0935 4128  Wd - ok
10:02:16.0988 4128  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:02:17.0016 4128  Wdf01000 - ok
10:02:17.0033 4128  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:02:17.0050 4128  WdiServiceHost - ok
10:02:17.0060 4128  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:02:17.0065 4128  WdiSystemHost - ok
10:02:17.0106 4128  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:02:17.0127 4128  WebClient - ok
10:02:17.0154 4128  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:02:17.0177 4128  Wecsvc - ok
10:02:17.0195 4128  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:02:17.0205 4128  wercplsupport - ok
10:02:17.0226 4128  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:02:17.0237 4128  WerSvc - ok
10:02:17.0275 4128  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:02:17.0278 4128  WfpLwf - ok
10:02:17.0306 4128  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:02:17.0320 4128  WIMMount - ok
10:02:17.0353 4128  WinDefend - ok
10:02:17.0458 4128  [ 0E77040FCFCCBD7B12A16A11ECD3E66F ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
10:02:17.0473 4128  Windows7FirewallService - ok
10:02:17.0484 4128  WinHttpAutoProxySvc - ok
10:02:17.0559 4128  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:02:17.0582 4128  Winmgmt - ok
10:02:17.0661 4128  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:02:17.0747 4128  WinRM - ok
10:02:17.0788 4128  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:02:17.0795 4128  WinUsb - ok
10:02:17.0850 4128  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:02:17.0874 4128  Wlansvc - ok
10:02:18.0056 4128  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:02:18.0114 4128  wlidsvc - ok
10:02:18.0147 4128  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:02:18.0150 4128  WmiAcpi - ok
10:02:18.0184 4128  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:02:18.0188 4128  wmiApSrv - ok
10:02:18.0216 4128  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:02:18.0222 4128  WPCSvc - ok
10:02:18.0258 4128  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:02:18.0269 4128  WPDBusEnum - ok
10:02:18.0306 4128  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:02:18.0308 4128  ws2ifsl - ok
10:02:18.0343 4128  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
10:02:18.0361 4128  wscsvc - ok
10:02:18.0372 4128  WSearch - ok
10:02:18.0473 4128  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:02:18.0539 4128  wuauserv - ok
10:02:18.0578 4128  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:02:18.0586 4128  WudfPf - ok
10:02:18.0638 4128  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:02:18.0658 4128  WUDFRd - ok
10:02:18.0690 4128  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:02:18.0700 4128  wudfsvc - ok
10:02:18.0733 4128  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:02:18.0783 4128  WwanSvc - ok
10:02:18.0819 4128  ================ Scan global ===============================
10:02:18.0867 4128  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:02:18.0905 4128  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:02:18.0938 4128  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:02:18.0977 4128  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:02:19.0017 4128  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:02:19.0023 4128  [Global] - ok
10:02:19.0027 4128  ================ Scan MBR ==================================
10:02:19.0058 4128  [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
10:02:22.0034 4128  \Device\Harddisk0\DR0 - ok
10:02:22.0038 4128  ================ Scan VBR ==================================
10:02:22.0042 4128  [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
10:02:22.0043 4128  \Device\Harddisk0\DR0\Partition1 - ok
10:02:22.0098 4128  [ 56107C40DBBB03E1EA7359A3E096130D ] \Device\Harddisk0\DR0\Partition2
10:02:22.0099 4128  \Device\Harddisk0\DR0\Partition2 - ok
10:02:22.0103 4128  ============================================================
10:02:22.0103 4128  Scan finished
10:02:22.0104 4128  ============================================================
10:02:22.0121 5092  Detected object count: 0
10:02:22.0121 5092  Actual detected object count: 0
10:02:42.0459 1128  Deinitialize success
         

Alt 04.02.2013, 10:28   #10
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Servus,





Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 4
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von OTL.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 04.02.2013, 12:46   #11
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Code:
ATTFilter
# AdwCleaner v2.110 - Datei am 04/02/2013 um 11:55:08 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : jo - JO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\jo\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Users\jo\AppData\Local\Temp\AskSearch

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [1256 octets] - [04/02/2013 11:55:08]

########## EOF - C:\AdwCleaner[S2].txt - [1316 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by jo on 04.02.2013 at 12:36:05.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Failed to delete: [Folder] "C:\Users\jo\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\prefs.js

user_pref("browser.search.selectedEngine", "Ixquick.de (hxxps)");
user_pref("browser.startup.homepage", "hxxps://www.ixquick.de/");
Emptied folder: C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\minidumps [47 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2013 at 12:51:05.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
OTL logfile created on: 04.02.2013 13:24:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.96% Memory free
5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 100.37 Gb Free Space | 73.14% Space Free | Partition Type: NTFS
 
Computer Name: JO-PC | User Name: jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
PRC - [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.06.18 07:42:04 | 002,610,648 | ---- | M] (Mister Group) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe
PRC - [2010.03.24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.08.11 23:08:50 | 001,231,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
PRC - [2007.07.02 07:14:44 | 001,265,664 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.19 17:07:53 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2007.07.02 05:56:43 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2007.02.22 09:33:43 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_K_Win32.dll
MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.15 17:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009.08.12 00:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013.01.19 17:07:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 17:40:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.21 18:09:48 | 000,807,896 | ---- | M] (Mister Group) [On_Demand | Running] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.29 17:41:20 | 000,388,168 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avisfltr.sys -- (avisfltr)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.07 15:55:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.31 00:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.07 23:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009.05.07 23:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.09.30 17:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}&lang=Deutsch (Deutschland)
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = https://www.pagessyndication.com/google/?q={searchTerms}&lang=Deutsch (Deutschland)
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{7E393A76-B290-4911-9C41-B78C9344EC21}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.20 11:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.02 10:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.26 11:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M]
 
[2013.01.19 17:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 17:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.15 10:44:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.31 16:08:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-776483207-145609781-3413881836-1003..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1740A04-164B-48FB-8F7B-8644309CAE82}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 13:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
[2013.02.04 12:36:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- \JRT
[2013.02.03 15:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2013.02.03 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2013.01.31 16:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.31 16:31:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.01.31 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.31 15:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.31 15:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.31 15:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- \Qoobox
[2013.01.31 15:35:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.01.25 08:42:59 | 000,000,000 | -H-D | C] -- C:\Users\jo\Documents\Freemake_do_not_remove_this_folder
[2013.01.19 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.13 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.11 14:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\On-ScreenKeyboardPortable
[2013.01.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.11 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.07 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\gopro
[2009.08.26 06:27:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 13:26:10 | 001,640,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.04 13:26:10 | 000,711,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.04 13:26:10 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.04 13:26:10 | 000,152,690 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.04 13:26:10 | 000,125,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
[2013.02.04 13:20:39 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.02.04 13:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 13:19:47 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 12:39:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 10:04:30 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013.02.03 15:02:55 | 000,000,000 | ---- | M] () -- C:\Users\jo\defogger_reenable
[2013.01.31 16:08:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.26 17:27:29 | 014,822,190 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv
[2013.01.23 12:05:56 | 000,088,267 | ---- | M] () -- C:\Users\jo\Documents\Hardcopy.pdf
[2013.01.23 11:42:07 | 000,169,328 | ---- | M] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf
[2013.01.22 17:19:23 | 005,056,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.21 18:07:17 | 001,618,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.13 12:06:49 | 014,338,402 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv
[2013.01.13 11:42:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.11 11:27:54 | 014,773,407 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv
 
========== Files Created - No Company Name ==========
 
[2013.02.03 15:02:55 | 000,000,000 | ---- | C] () -- C:\Users\jo\defogger_reenable
[2013.01.31 16:31:34 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.31 15:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.31 15:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.31 15:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.31 15:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.31 15:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 17:27:15 | 014,822,190 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv
[2013.01.23 11:42:04 | 000,169,328 | ---- | C] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf
[2013.01.13 11:52:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.13 11:42:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.13 11:42:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.13 11:35:23 | 014,338,402 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv
[2013.01.11 11:27:41 | 014,773,407 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv
[2012.10.17 09:31:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.05.23 20:01:54 | 000,000,355 | ---- | C] () -- C:\Users\jo\Netzwerk - Verknüpfung.lnk
[2012.04.02 13:18:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.04.01 10:41:54 | 000,017,408 | ---- | C] () -- C:\Users\jo\AppData\Local\WebpageIcons.db
[2012.02.23 19:03:22 | 000,000,218 | ---- | C] () -- C:\Users\jo\.recently-used.xbel
[2011.12.19 13:59:04 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini
[2011.10.12 16:18:58 | 000,000,000 | ---- | C] () -- C:\Users\jo\AppData\Local\{45511484-10CE-4BDD-B175-20E8C66390BC}
[2011.04.19 15:37:29 | 000,000,049 | ---- | C] () -- C:\Windows\VCDWizardDLL.INI
[2011.02.15 10:55:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.08 13:55:34 | 000,002,793 | ---- | C] () -- C:\Users\jo\jo2.wmi
[2010.08.14 12:42:59 | 000,005,120 | ---- | C] () -- C:\Users\jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.25 09:20:21 | 000,001,457 | ---- | C] () -- C:\Users\jo\AppData\Local\RecConfig.xml
[2010.02.18 18:51:54 | 000,007,598 | ---- | C] () -- C:\Users\jo\AppData\Local\Resmon.ResmonCfg
[2009.11.27 09:42:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.09 01:38:10 | 000,002,716 | RHS- | C] () -- \Patch.rev
[2009.09.08 15:51:25 | 1554,743,296 | -HS- | C] () -- \hiberfil.sys
[2009.08.22 11:16:37 | 000,000,174 | RHS- | C] () -- \Preload.rev
[2009.07.27 21:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009.07.27 21:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr
[2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
 
========== ZeroAccess Check ==========
 
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.13 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\AAV
[2009.11.23 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\ACD Systems
[2009.08.22 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Acer
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010.11.13 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo
[2011.09.20 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\backup
[2010.10.24 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Buhl Data Service GmbH
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2009.08.26 08:16:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSobi
[2011.09.20 11:17:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\explauncher
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012.12.20 11:52:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Freemake
[2013.01.30 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2010.04.02 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo
[2011.09.18 15:21:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Kingsoft
[2011.09.20 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\launcher
[2012.02.21 12:46:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\LogCollector
[2011.05.25 17:46:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\MicroWorld
[2010.03.12 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\NtiDvdCopy
[2009.08.22 10:39:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\OEM
[2013.01.12 14:20:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\On-ScreenKeyboardPortable
[2012.12.29 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2009.11.23 16:35:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sandlot Games
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2013.02.03 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemExplorer
[2009.11.27 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012.07.01 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\TinyWall
[2010.12.24 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\TomTom
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.06.18 08:58:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\vsosdk
[2011.11.06 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\AppData
[2012.12.30 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\LocalLow
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009.11.23 16:23:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2012.09.06 12:33:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.03.25 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\jo\.gnubg
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Anwendungsdaten
[2010.05.25 16:52:33 | 000,000,000 | -H-D | M] -- C:\Users\jo\AppData
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Contacts
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Cookies
[2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Desktop
[2013.02.03 17:02:56 | 000,000,000 | R--D | M] -- C:\Users\jo\Documents
[2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Downloads
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Druckumgebung
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Eigene Dateien
[2012.12.31 16:22:53 | 000,000,000 | R--D | M] -- C:\Users\jo\Favorites
[2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\lang
[2012.11.07 13:49:23 | 000,000,000 | R--D | M] -- C:\Users\jo\Links
[2010.03.11 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\jo\LocalCDDB
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Lokale Einstellungen
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Music
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Netzwerkumgebung
[2009.12.21 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\jo\NTI-Shadow
[2011.01.17 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\jo\Option
[2013.02.03 12:18:03 | 000,000,000 | R--D | M] -- C:\Users\jo\Pictures
[2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\Plugins
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Recent
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Saved Games
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Searches
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\SendTo
[2012.09.06 12:33:41 | 000,000,000 | R--D | M] -- C:\Users\jo\SkyDrive
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Startmenü
[2012.12.31 11:17:37 | 000,000,000 | ---D | M] -- C:\Users\jo\Tracing
[2013.01.30 17:46:27 | 000,000,000 | R--D | M] -- C:\Users\jo\Videos
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Vorlagen
[2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013.02.03 16:59:27 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012.12.30 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents
[2011.07.14 15:54:02 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.03.04 14:43:19 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2010.03.13 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Public\OEM
[2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010.08.17 19:43:43 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV
[2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\Users\All Users\TEMP:AB689DEA
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\Users\All Users\TEMP:93DE1838
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 125 bytes -> C:\Users\All Users\TEMP:E3C56885
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885

< End of report >
         
Code:
ATTFilter
# AdwCleaner v2.110 - Datei am 04/02/2013 um 11:55:08 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : jo - JO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\jo\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Users\jo\AppData\Local\Temp\AskSearch

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\prefs.js

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [1256 octets] - [04/02/2013 11:55:08]

########## EOF - C:\AdwCleaner[S2].txt - [1316 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by jo on 04.02.2013 at 12:36:05.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Failed to delete: [Folder] "C:\Users\jo\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\prefs.js

user_pref("browser.search.selectedEngine", "Ixquick.de (hxxps)");
user_pref("browser.startup.homepage", "hxxps://www.ixquick.de/");
Emptied folder: C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\minidumps [47 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2013 at 12:51:05.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
OTL logfile created on: 04.02.2013 13:24:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.96% Memory free
5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 100.37 Gb Free Space | 73.14% Space Free | Partition Type: NTFS
 
Computer Name: JO-PC | User Name: jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
PRC - [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.06.18 07:42:04 | 002,610,648 | ---- | M] (Mister Group) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe
PRC - [2010.03.24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.08.11 23:08:50 | 001,231,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
PRC - [2007.07.02 07:14:44 | 001,265,664 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.19 17:07:53 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2007.07.02 05:56:43 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2007.02.22 09:33:43 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_K_Win32.dll
MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.04.15 17:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009.08.12 00:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013.01.19 17:07:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 17:40:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.21 18:09:48 | 000,807,896 | ---- | M] (Mister Group) [On_Demand | Running] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.29 17:41:20 | 000,388,168 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avisfltr.sys -- (avisfltr)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.07 15:55:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.31 00:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.07 23:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009.05.07 23:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.09.30 17:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}&lang=Deutsch (Deutschland)
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = https://www.pagessyndication.com/google/?q={searchTerms}&lang=Deutsch (Deutschland)
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{7E393A76-B290-4911-9C41-B78C9344EC21}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.20 11:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.02 10:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.26 11:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M]
 
[2013.01.19 17:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 17:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.15 10:44:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.31 16:08:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-776483207-145609781-3413881836-1003..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group)
O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1740A04-164B-48FB-8F7B-8644309CAE82}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 13:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
[2013.02.04 12:36:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- \JRT
[2013.02.03 15:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2013.02.03 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2013.01.31 16:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.31 16:31:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.01.31 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.31 15:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.31 15:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.31 15:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- \Qoobox
[2013.01.31 15:35:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.01.25 08:42:59 | 000,000,000 | -H-D | C] -- C:\Users\jo\Documents\Freemake_do_not_remove_this_folder
[2013.01.19 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.13 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.11 14:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\On-ScreenKeyboardPortable
[2013.01.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.11 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.01.07 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\gopro
[2009.08.26 06:27:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 13:26:10 | 001,640,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.04 13:26:10 | 000,711,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.04 13:26:10 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.04 13:26:10 | 000,152,690 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.04 13:26:10 | 000,125,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe
[2013.02.04 13:20:39 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.02.04 13:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 13:19:47 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 12:39:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 10:04:30 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013.02.03 15:02:55 | 000,000,000 | ---- | M] () -- C:\Users\jo\defogger_reenable
[2013.01.31 16:08:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.26 17:27:29 | 014,822,190 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv
[2013.01.23 12:05:56 | 000,088,267 | ---- | M] () -- C:\Users\jo\Documents\Hardcopy.pdf
[2013.01.23 11:42:07 | 000,169,328 | ---- | M] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf
[2013.01.22 17:19:23 | 005,056,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.21 18:07:17 | 001,618,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.13 12:06:49 | 014,338,402 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv
[2013.01.13 11:42:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.11 11:27:54 | 014,773,407 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv
 
========== Files Created - No Company Name ==========
 
[2013.02.03 15:02:55 | 000,000,000 | ---- | C] () -- C:\Users\jo\defogger_reenable
[2013.01.31 16:31:34 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.31 15:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.31 15:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.31 15:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.31 15:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.31 15:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.26 17:27:15 | 014,822,190 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv
[2013.01.23 11:42:04 | 000,169,328 | ---- | C] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf
[2013.01.13 11:52:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.13 11:42:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.13 11:42:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.13 11:35:23 | 014,338,402 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv
[2013.01.11 11:27:41 | 014,773,407 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv
[2012.10.17 09:31:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.05.23 20:01:54 | 000,000,355 | ---- | C] () -- C:\Users\jo\Netzwerk - Verknüpfung.lnk
[2012.04.02 13:18:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012.04.01 10:41:54 | 000,017,408 | ---- | C] () -- C:\Users\jo\AppData\Local\WebpageIcons.db
[2012.02.23 19:03:22 | 000,000,218 | ---- | C] () -- C:\Users\jo\.recently-used.xbel
[2011.12.19 13:59:04 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini
[2011.10.12 16:18:58 | 000,000,000 | ---- | C] () -- C:\Users\jo\AppData\Local\{45511484-10CE-4BDD-B175-20E8C66390BC}
[2011.04.19 15:37:29 | 000,000,049 | ---- | C] () -- C:\Windows\VCDWizardDLL.INI
[2011.02.15 10:55:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.08 13:55:34 | 000,002,793 | ---- | C] () -- C:\Users\jo\jo2.wmi
[2010.08.14 12:42:59 | 000,005,120 | ---- | C] () -- C:\Users\jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.25 09:20:21 | 000,001,457 | ---- | C] () -- C:\Users\jo\AppData\Local\RecConfig.xml
[2010.02.18 18:51:54 | 000,007,598 | ---- | C] () -- C:\Users\jo\AppData\Local\Resmon.ResmonCfg
[2009.11.27 09:42:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.09 01:38:10 | 000,002,716 | RHS- | C] () -- \Patch.rev
[2009.09.08 15:51:25 | 1554,743,296 | -HS- | C] () -- \hiberfil.sys
[2009.08.22 11:16:37 | 000,000,174 | RHS- | C] () -- \Preload.rev
[2009.07.27 21:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009.07.27 21:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr
[2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
[2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
[2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
[2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
[2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
 
========== ZeroAccess Check ==========
 
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.13 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\AAV
[2009.11.23 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\ACD Systems
[2009.08.22 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Acer
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010.11.13 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo
[2011.09.20 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\backup
[2010.10.24 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Buhl Data Service GmbH
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2009.08.26 08:16:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSobi
[2011.09.20 11:17:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\explauncher
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2012.12.20 11:52:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Freemake
[2013.01.30 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro
[2010.04.02 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo
[2011.09.18 15:21:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Kingsoft
[2011.09.20 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\launcher
[2012.02.21 12:46:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\LogCollector
[2011.05.25 17:46:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\MicroWorld
[2010.03.12 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\NtiDvdCopy
[2009.08.22 10:39:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\OEM
[2013.01.12 14:20:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\On-ScreenKeyboardPortable
[2012.12.29 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2009.11.23 16:35:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sandlot Games
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2013.02.03 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemExplorer
[2009.11.27 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2012.07.01 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\TinyWall
[2010.12.24 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\TomTom
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.06.18 08:58:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\vsosdk
[2011.11.06 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\AppData
[2012.12.30 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\LocalLow
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2009.11.23 16:23:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2012.09.06 12:33:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.03.25 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\jo\.gnubg
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Anwendungsdaten
[2010.05.25 16:52:33 | 000,000,000 | -H-D | M] -- C:\Users\jo\AppData
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Contacts
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Cookies
[2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Desktop
[2013.02.03 17:02:56 | 000,000,000 | R--D | M] -- C:\Users\jo\Documents
[2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Downloads
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Druckumgebung
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Eigene Dateien
[2012.12.31 16:22:53 | 000,000,000 | R--D | M] -- C:\Users\jo\Favorites
[2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\lang
[2012.11.07 13:49:23 | 000,000,000 | R--D | M] -- C:\Users\jo\Links
[2010.03.11 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\jo\LocalCDDB
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Lokale Einstellungen
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Music
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Netzwerkumgebung
[2009.12.21 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\jo\NTI-Shadow
[2011.01.17 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\jo\Option
[2013.02.03 12:18:03 | 000,000,000 | R--D | M] -- C:\Users\jo\Pictures
[2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\Plugins
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Recent
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Saved Games
[2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Searches
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\SendTo
[2012.09.06 12:33:41 | 000,000,000 | R--D | M] -- C:\Users\jo\SkyDrive
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Startmenü
[2012.12.31 11:17:37 | 000,000,000 | ---D | M] -- C:\Users\jo\Tracing
[2013.01.30 17:46:27 | 000,000,000 | R--D | M] -- C:\Users\jo\Videos
[2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Vorlagen
[2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013.02.03 16:59:27 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012.12.30 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents
[2011.07.14 15:54:02 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.03.04 14:43:19 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2010.03.13 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Public\OEM
[2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010.08.17 19:43:43 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV
[2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\Users\All Users\TEMP:AB689DEA
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\Users\All Users\TEMP:93DE1838
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 125 bytes -> C:\Users\All Users\TEMP:E3C56885
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885

< End of report >
         

Alt 04.02.2013, 13:48   #12
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von TDSSKiller.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 04.02.2013, 14:29   #13
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Internet Explorer\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: jo
->Temp folder emptied: 2345201 bytes
->Temporary Internet Files folder emptied: 17618567 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7232703 bytes
->Google Chrome cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1589121 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 468758424 bytes
 
Total Files Cleaned = 475.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_153559

Files\Folders moved on Reboot...
C:\Users\jo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
15:41:30.0438 4424  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:41:31.0130 4424  ============================================================
15:41:31.0130 4424  Current date / time: 2013/02/04 15:41:31.0130
15:41:31.0130 4424  SystemInfo:
15:41:31.0130 4424  
15:41:31.0130 4424  OS Version: 6.1.7601 ServicePack: 1.0
15:41:31.0130 4424  Product type: Workstation
15:41:31.0130 4424  ComputerName: JO-PC
15:41:31.0130 4424  UserName: jo
15:41:31.0130 4424  Windows directory: C:\Windows
15:41:31.0130 4424  System windows directory: C:\Windows
15:41:31.0130 4424  Running under WOW64
15:41:31.0130 4424  Processor architecture: Intel x64
15:41:31.0130 4424  Number of processors: 1
15:41:31.0130 4424  Page size: 0x1000
15:41:31.0130 4424  Boot type: Normal boot
15:41:31.0130 4424  ============================================================
15:41:36.0872 4424  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:41:36.0877 4424  ============================================================
15:41:36.0877 4424  \Device\Harddisk0\DR0:
15:41:36.0877 4424  MBR partitions:
15:41:36.0877 4424  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
15:41:36.0877 4424  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x11276EB0
15:41:36.0877 4424  ============================================================
15:41:36.0986 4424  C: <-> \Device\Harddisk0\DR0\Partition2
15:41:36.0986 4424  ============================================================
15:41:36.0986 4424  Initialize success
15:41:36.0986 4424  ============================================================
15:41:47.0044 3268  ============================================================
15:41:47.0044 3268  Scan started
15:41:47.0044 3268  Mode: Manual; 
15:41:47.0044 3268  ============================================================
15:41:47.0880 3268  ================ Scan system memory ========================
15:41:47.0881 3268  System memory - ok
15:41:47.0884 3268  ================ Scan services =============================
15:41:48.0717 3268  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:41:48.0892 3268  1394ohci - ok
15:41:48.0998 3268  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:41:49.0000 3268  ACDaemon - ok
15:41:49.0144 3268  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:41:49.0149 3268  ACPI - ok
15:41:49.0253 3268  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:41:49.0296 3268  AcpiPmi - ok
15:41:49.0538 3268  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:41:49.0539 3268  AdobeARMservice - ok
15:41:49.0834 3268  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:41:49.0836 3268  AdobeFlashPlayerUpdateSvc - ok
15:41:49.0975 3268  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:41:50.0129 3268  adp94xx - ok
15:41:50.0307 3268  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:41:50.0354 3268  adpahci - ok
15:41:50.0501 3268  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:41:50.0541 3268  adpu320 - ok
15:41:50.0598 3268  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:41:50.0628 3268  AeLookupSvc - ok
15:41:50.0871 3268  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
15:41:50.0985 3268  Afc - ok
15:41:51.0086 3268  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:41:51.0170 3268  AFD - ok
15:41:51.0234 3268  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:41:51.0417 3268  agp440 - ok
15:41:51.0488 3268  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:41:51.0490 3268  ALG - ok
15:41:51.0540 3268  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:41:51.0545 3268  aliide - ok
15:41:51.0615 3268  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:41:51.0657 3268  amdide - ok
15:41:51.0716 3268  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:41:51.0745 3268  AmdK8 - ok
15:41:51.0756 3268  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:41:51.0764 3268  AmdPPM - ok
15:41:51.0889 3268  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:41:51.0912 3268  amdsata - ok
15:41:52.0040 3268  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:41:52.0049 3268  amdsbs - ok
15:41:52.0105 3268  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:41:52.0111 3268  amdxata - ok
15:41:52.0498 3268  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:41:52.0499 3268  AntiVirSchedulerService - ok
15:41:52.0630 3268  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:41:52.0631 3268  AntiVirService - ok
15:41:52.0781 3268  [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
15:41:52.0825 3268  ApfiltrService - ok
15:41:52.0876 3268  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:41:52.0887 3268  AppID - ok
15:41:52.0954 3268  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:41:52.0960 3268  AppIDSvc - ok
15:41:53.0018 3268  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:41:53.0029 3268  Appinfo - ok
15:41:53.0091 3268  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:41:53.0155 3268  arc - ok
15:41:53.0168 3268  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:41:53.0179 3268  arcsas - ok
15:41:53.0397 3268  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:41:53.0509 3268  aspnet_state - ok
15:41:53.0550 3268  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:41:53.0555 3268  AsyncMac - ok
15:41:53.0581 3268  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:41:53.0588 3268  atapi - ok
15:41:53.0800 3268  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:41:54.0045 3268  athr - ok
15:41:54.0147 3268  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:41:54.0231 3268  AudioEndpointBuilder - ok
15:41:54.0302 3268  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:41:54.0307 3268  AudioSrv - ok
15:41:54.0555 3268  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:41:54.0566 3268  avgntflt - ok
15:41:54.0888 3268  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:41:54.0921 3268  avipbb - ok
15:41:55.0122 3268  [ 837DC57745D3589E5E8BC6B6E5B008CA ] avisfltr        C:\Windows\system32\DRIVERS\avisfltr.sys
15:41:55.0265 3268  avisfltr - ok
15:41:55.0442 3268  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:41:55.0448 3268  avkmgr - ok
15:41:55.0637 3268  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:41:55.0653 3268  AxInstSV - ok
15:41:55.0694 3268  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:41:55.0890 3268  b06bdrv - ok
15:41:55.0942 3268  [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:41:55.0955 3268  b57nd60a - ok
15:41:56.0028 3268  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:41:56.0073 3268  BCM43XX - ok
15:41:56.0111 3268  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:41:56.0118 3268  BDESVC - ok
15:41:56.0143 3268  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:41:56.0146 3268  Beep - ok
15:41:56.0240 3268  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:41:56.0273 3268  BFE - ok
15:41:56.0331 3268  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:41:56.0349 3268  BITS - ok
15:41:56.0406 3268  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:41:56.0434 3268  blbdrive - ok
15:41:56.0564 3268  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:41:56.0614 3268  bowser - ok
15:41:56.0636 3268  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:41:56.0698 3268  BrFiltLo - ok
15:41:56.0870 3268  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:41:56.0884 3268  BrFiltUp - ok
15:41:56.0954 3268  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:41:56.0962 3268  BridgeMP - ok
15:41:57.0024 3268  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:41:57.0033 3268  Browser - ok
15:41:57.0106 3268  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:41:57.0161 3268  Brserid - ok
15:41:57.0173 3268  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:41:57.0179 3268  BrSerWdm - ok
15:41:57.0190 3268  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:41:57.0195 3268  BrUsbMdm - ok
15:41:57.0206 3268  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:41:57.0211 3268  BrUsbSer - ok
15:41:57.0232 3268  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:41:57.0239 3268  BTHMODEM - ok
15:41:57.0282 3268  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:41:57.0291 3268  bthserv - ok
15:41:57.0402 3268  catchme - ok
15:41:57.0431 3268  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:41:57.0438 3268  cdfs - ok
15:41:57.0475 3268  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:41:57.0488 3268  cdrom - ok
15:41:57.0531 3268  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:41:57.0538 3268  CertPropSvc - ok
15:41:57.0646 3268  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:41:57.0684 3268  circlass - ok
15:41:57.0733 3268  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:41:57.0762 3268  CLFS - ok
15:41:57.0839 3268  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:57.0842 3268  clr_optimization_v2.0.50727_32 - ok
15:41:57.0931 3268  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:41:57.0933 3268  clr_optimization_v2.0.50727_64 - ok
15:41:58.0028 3268  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:41:58.0104 3268  clr_optimization_v4.0.30319_32 - ok
15:41:58.0165 3268  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:41:58.0247 3268  clr_optimization_v4.0.30319_64 - ok
15:41:58.0384 3268  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:41:58.0442 3268  CmBatt - ok
15:41:58.0534 3268  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:41:58.0621 3268  cmdide - ok
15:41:58.0678 3268  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:41:58.0711 3268  CNG - ok
15:41:58.0787 3268  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:41:58.0793 3268  Compbatt - ok
15:41:58.0857 3268  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:41:58.0863 3268  CompositeBus - ok
15:41:58.0875 3268  COMSysApp - ok
15:41:58.0977 3268  cpuz135 - ok
15:41:59.0025 3268  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:41:59.0031 3268  crcdisk - ok
15:41:59.0120 3268  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:41:59.0137 3268  CryptSvc - ok
15:41:59.0221 3268  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:41:59.0230 3268  DcomLaunch - ok
15:41:59.0295 3268  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:41:59.0348 3268  defragsvc - ok
15:41:59.0407 3268  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:41:59.0415 3268  DfsC - ok
15:41:59.0523 3268  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:41:59.0556 3268  Dhcp - ok
15:41:59.0602 3268  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:41:59.0608 3268  discache - ok
15:41:59.0645 3268  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:41:59.0653 3268  Disk - ok
15:41:59.0869 3268  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
15:41:59.0874 3268  DKbFltr - ok
15:41:59.0954 3268  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:41:59.0997 3268  Dnscache - ok
15:42:00.0080 3268  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:42:00.0100 3268  dot3svc - ok
15:42:00.0175 3268  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:42:00.0177 3268  DPS - ok
15:42:00.0293 3268  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:42:00.0346 3268  drmkaud - ok
15:42:00.0466 3268  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:42:00.0488 3268  DXGKrnl - ok
15:42:00.0643 3268  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:42:00.0653 3268  EapHost - ok
15:42:00.0793 3268  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:42:01.0023 3268  ebdrv - ok
15:42:01.0061 3268  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:42:01.0063 3268  EFS - ok
15:42:01.0135 3268  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:42:01.0160 3268  elxstor - ok
15:42:01.0238 3268  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:42:01.0246 3268  ErrDev - ok
15:42:01.0506 3268  [ 2F6D55DC521C557880116B51925A792A ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:42:01.0507 3268  ETService - ok
15:42:01.0677 3268  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:42:01.0710 3268  EventSystem - ok
15:42:01.0911 3268  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:42:01.0920 3268  exfat - ok
15:42:01.0955 3268  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:42:01.0965 3268  fastfat - ok
15:42:02.0021 3268  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:42:02.0037 3268  Fax - ok
15:42:02.0150 3268  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:42:02.0156 3268  fdc - ok
15:42:02.0219 3268  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:42:02.0224 3268  fdPHost - ok
15:42:02.0241 3268  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:42:02.0248 3268  FDResPub - ok
15:42:02.0284 3268  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:42:02.0292 3268  FileInfo - ok
15:42:02.0316 3268  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:42:02.0321 3268  Filetrace - ok
15:42:02.0355 3268  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:42:02.0362 3268  flpydisk - ok
15:42:02.0441 3268  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:42:02.0572 3268  FltMgr - ok
15:42:02.0702 3268  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:42:02.0736 3268  FontCache - ok
15:42:02.0847 3268  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:42:02.0849 3268  FontCache3.0.0.0 - ok
15:42:02.0987 3268  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:42:02.0994 3268  FsDepends - ok
15:42:03.0185 3268  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:42:03.0193 3268  fssfltr - ok
15:42:03.0283 3268  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:42:03.0294 3268  Fs_Rec - ok
15:42:03.0391 3268  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:42:03.0646 3268  fvevol - ok
15:42:03.0694 3268  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:42:03.0704 3268  gagp30kx - ok
15:42:03.0818 3268  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:42:03.0894 3268  gpsvc - ok
15:42:04.0007 3268  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:42:04.0451 3268  hcw85cir - ok
15:42:04.0732 3268  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:42:04.0864 3268  HdAudAddService - ok
15:42:04.0927 3268  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:42:04.0928 3268  HDAudBus - ok
15:42:05.0012 3268  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:42:05.0017 3268  HidBatt - ok
15:42:05.0029 3268  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:42:05.0036 3268  HidBth - ok
15:42:05.0049 3268  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:42:05.0055 3268  HidIr - ok
15:42:05.0158 3268  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:42:05.0166 3268  hidserv - ok
15:42:05.0206 3268  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:42:05.0214 3268  HidUsb - ok
15:42:05.0279 3268  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:42:05.0288 3268  hkmsvc - ok
15:42:05.0352 3268  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:42:05.0444 3268  HomeGroupListener - ok
15:42:05.0476 3268  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:42:05.0489 3268  HomeGroupProvider - ok
15:42:05.0522 3268  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:42:05.0532 3268  HpSAMD - ok
15:42:05.0581 3268  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:42:05.0627 3268  HTTP - ok
15:42:05.0709 3268  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:42:05.0715 3268  hwpolicy - ok
15:42:05.0824 3268  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:42:05.0832 3268  i8042prt - ok
15:42:05.0984 3268  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:42:05.0989 3268  IAANTMON - ok
15:42:06.0066 3268  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:42:06.0069 3268  iaStor - ok
15:42:06.0139 3268  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:42:06.0161 3268  iaStorV - ok
15:42:06.0240 3268  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:42:06.0261 3268  idsvc - ok
15:42:06.0547 3268  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:42:06.0839 3268  igfx - ok
15:42:06.0954 3268  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:42:06.0971 3268  iirsp - ok
15:42:07.0046 3268  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:42:07.0170 3268  IKEEXT - ok
15:42:07.0301 3268  [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
15:42:07.0306 3268  int15 - ok
15:42:07.0497 3268  [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:42:07.0770 3268  IntcAzAudAddService - ok
15:42:07.0819 3268  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:42:07.0904 3268  intelide - ok
15:42:08.0073 3268  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:42:08.0074 3268  intelppm - ok
15:42:08.0118 3268  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:42:08.0369 3268  IPBusEnum - ok
15:42:08.0473 3268  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:42:08.0481 3268  IpFilterDriver - ok
15:42:08.0529 3268  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:42:08.0537 3268  iphlpsvc - ok
15:42:08.0624 3268  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:42:08.0633 3268  IPMIDRV - ok
15:42:08.0724 3268  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:42:08.0733 3268  IPNAT - ok
15:42:08.0754 3268  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:42:08.0759 3268  IRENUM - ok
15:42:08.0800 3268  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:42:08.0805 3268  isapnp - ok
15:42:08.0858 3268  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:42:08.0900 3268  iScsiPrt - ok
15:42:08.0988 3268  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:42:09.0005 3268  kbdclass - ok
15:42:09.0131 3268  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:42:09.0138 3268  kbdhid - ok
15:42:09.0200 3268  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:42:09.0202 3268  KeyIso - ok
15:42:09.0267 3268  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:42:09.0278 3268  KSecDD - ok
15:42:09.0369 3268  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:42:09.0480 3268  KSecPkg - ok
15:42:09.0550 3268  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:42:09.0554 3268  ksthunk - ok
15:42:09.0655 3268  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:42:09.0711 3268  KtmRm - ok
15:42:09.0746 3268  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
15:42:09.0752 3268  L1E - ok
15:42:09.0821 3268  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:42:09.0867 3268  LanmanServer - ok
15:42:09.0912 3268  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:42:09.0923 3268  LanmanWorkstation - ok
15:42:09.0980 3268  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:42:09.0987 3268  lltdio - ok
15:42:10.0053 3268  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:42:10.0096 3268  lltdsvc - ok
15:42:10.0115 3268  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:42:10.0122 3268  lmhosts - ok
15:42:10.0362 3268  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:42:10.0370 3268  LSI_FC - ok
15:42:10.0415 3268  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:42:10.0422 3268  LSI_SAS - ok
15:42:10.0434 3268  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:42:10.0441 3268  LSI_SAS2 - ok
15:42:10.0483 3268  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:42:10.0492 3268  LSI_SCSI - ok
15:42:10.0514 3268  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:42:10.0523 3268  luafv - ok
15:42:10.0533 3268  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:42:10.0540 3268  megasas - ok
15:42:10.0565 3268  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:42:10.0587 3268  MegaSR - ok
15:42:10.0632 3268  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:42:10.0639 3268  MMCSS - ok
15:42:10.0698 3268  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:42:10.0704 3268  Modem - ok
15:42:10.0772 3268  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:42:10.0773 3268  monitor - ok
15:42:10.0932 3268  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:42:10.0940 3268  mouclass - ok
15:42:10.0999 3268  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:42:11.0046 3268  mouhid - ok
15:42:11.0132 3268  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:42:11.0141 3268  mountmgr - ok
15:42:11.0328 3268  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:42:11.0330 3268  MozillaMaintenance - ok
15:42:11.0448 3268  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:42:11.0500 3268  mpio - ok
15:42:11.0578 3268  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:42:11.0584 3268  mpsdrv - ok
15:42:11.0657 3268  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:42:11.0688 3268  MpsSvc - ok
15:42:11.0989 3268  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:42:12.0025 3268  MRxDAV - ok
15:42:12.0111 3268  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:42:12.0121 3268  mrxsmb - ok
15:42:12.0380 3268  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:42:12.0392 3268  mrxsmb10 - ok
15:42:12.0424 3268  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:42:12.0440 3268  mrxsmb20 - ok
15:42:12.0468 3268  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:42:12.0474 3268  msahci - ok
15:42:12.0523 3268  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:42:12.0533 3268  msdsm - ok
15:42:12.0656 3268  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:42:12.0659 3268  MSDTC - ok
15:42:12.0773 3268  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:42:12.0778 3268  Msfs - ok
15:42:12.0801 3268  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:42:12.0805 3268  mshidkmdf - ok
15:42:12.0893 3268  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:42:12.0901 3268  msisadrv - ok
15:42:12.0948 3268  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:42:12.0959 3268  MSiSCSI - ok
15:42:12.0973 3268  msiserver - ok
15:42:13.0011 3268  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:42:13.0015 3268  MSKSSRV - ok
15:42:13.0043 3268  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:42:13.0047 3268  MSPCLOCK - ok
15:42:13.0089 3268  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:42:13.0093 3268  MSPQM - ok
15:42:13.0191 3268  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:42:13.0247 3268  MsRPC - ok
15:42:13.0333 3268  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:42:13.0334 3268  mssmbios - ok
15:42:13.0392 3268  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:42:13.0395 3268  MSTEE - ok
15:42:13.0408 3268  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:42:13.0412 3268  MTConfig - ok
15:42:13.0449 3268  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:42:13.0456 3268  Mup - ok
15:42:13.0497 3268  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:42:13.0504 3268  napagent - ok
15:42:13.0566 3268  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:42:13.0609 3268  NativeWifiP - ok
15:42:13.0670 3268  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:42:13.0703 3268  NDIS - ok
15:42:13.0750 3268  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:42:13.0756 3268  NdisCap - ok
15:42:13.0777 3268  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:42:13.0782 3268  NdisTapi - ok
15:42:13.0925 3268  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:42:13.0941 3268  Ndisuio - ok
15:42:14.0009 3268  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:42:14.0042 3268  NdisWan - ok
15:42:14.0094 3268  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:42:14.0100 3268  NDProxy - ok
15:42:14.0151 3268  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:42:14.0157 3268  NetBIOS - ok
15:42:14.0256 3268  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:42:14.0334 3268  NetBT - ok
15:42:14.0381 3268  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:42:14.0383 3268  Netlogon - ok
15:42:14.0434 3268  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:42:14.0500 3268  Netman - ok
15:42:14.0620 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:14.0679 3268  NetMsmqActivator - ok
15:42:14.0831 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:14.0832 3268  NetPipeActivator - ok
15:42:14.0924 3268  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:42:15.0357 3268  netprofm - ok
15:42:15.0589 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:15.0591 3268  NetTcpActivator - ok
15:42:15.0604 3268  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:15.0607 3268  NetTcpPortSharing - ok
15:42:15.0841 3268  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
15:42:16.0114 3268  netw5v64 - ok
15:42:16.0227 3268  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:42:16.0279 3268  nfrd960 - ok
15:42:16.0346 3268  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:42:16.0443 3268  NlaSvc - ok
15:42:16.0481 3268  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:42:16.0486 3268  Npfs - ok
15:42:16.0554 3268  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:42:16.0561 3268  nsi - ok
15:42:16.0591 3268  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:42:16.0597 3268  nsiproxy - ok
15:42:16.0701 3268  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:42:16.0915 3268  Ntfs - ok
15:42:16.0967 3268  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:42:16.0971 3268  Null - ok
15:42:17.0026 3268  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:42:17.0035 3268  nvraid - ok
15:42:17.0097 3268  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:42:17.0107 3268  nvstor - ok
15:42:17.0161 3268  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:42:17.0170 3268  nv_agp - ok
15:42:17.0195 3268  [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
15:42:17.0197 3268  O2FLASH - ok
15:42:17.0304 3268  [ 26DA4B40670AD436F7DAEC053A2A9ECA ] O2MDRDR         C:\Windows\system32\DRIVERS\o2mdx64.sys
15:42:17.0311 3268  O2MDRDR - ok
15:42:17.0419 3268  [ 2E69A2ADC12DAA7AC7B4FFD8601E88B0 ] O2SDRDR         C:\Windows\system32\DRIVERS\o2sdx64.sys
15:42:17.0459 3268  O2SDRDR - ok
15:42:17.0532 3268  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:42:17.0540 3268  ohci1394 - ok
15:42:17.0673 3268  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:17.0676 3268  ose - ok
15:42:17.0731 3268  [ 5F79934084DF6DC0635578864376CE54 ] OV550I          C:\Windows\system32\Drivers\ov550ivx.sys
15:42:17.0741 3268  OV550I - ok
15:42:17.0790 3268  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:42:17.0797 3268  p2pimsvc - ok
15:42:17.0826 3268  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:42:17.0859 3268  p2psvc - ok
15:42:17.0892 3268  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:42:17.0901 3268  Parport - ok
15:42:17.0958 3268  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:42:17.0966 3268  partmgr - ok
15:42:18.0015 3268  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:42:18.0028 3268  PcaSvc - ok
15:42:18.0058 3268  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:42:18.0069 3268  pci - ok
15:42:18.0115 3268  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:42:18.0120 3268  pciide - ok
15:42:18.0310 3268  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:42:18.0322 3268  pcmcia - ok
15:42:18.0431 3268  [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
15:42:18.0437 3268  pcouffin - ok
15:42:18.0533 3268  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:42:18.0561 3268  pcw - ok
15:42:18.0602 3268  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:42:18.0637 3268  PEAUTH - ok
15:42:18.0708 3268  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:42:18.0710 3268  PerfHost - ok
15:42:18.0818 3268  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:42:19.0026 3268  pla - ok
15:42:19.0076 3268  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:42:19.0128 3268  PlugPlay - ok
15:42:19.0156 3268  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:42:19.0166 3268  PNRPAutoReg - ok
15:42:19.0202 3268  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:42:19.0205 3268  PNRPsvc - ok
15:42:19.0383 3268  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:42:19.0449 3268  PolicyAgent - ok
15:42:19.0536 3268  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:42:19.0539 3268  Power - ok
15:42:19.0614 3268  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:42:19.0623 3268  PptpMiniport - ok
15:42:19.0687 3268  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:42:19.0702 3268  Processor - ok
15:42:19.0779 3268  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:42:19.0834 3268  ProfSvc - ok
15:42:19.0851 3268  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:42:19.0853 3268  ProtectedStorage - ok
15:42:19.0904 3268  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:42:19.0907 3268  Psched - ok
15:42:20.0000 3268  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:42:20.0113 3268  ql2300 - ok
15:42:20.0121 3268  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:42:20.0136 3268  ql40xx - ok
15:42:20.0176 3268  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:42:20.0241 3268  QWAVE - ok
15:42:20.0276 3268  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:42:20.0282 3268  QWAVEdrv - ok
15:42:20.0332 3268  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:42:20.0337 3268  RasAcd - ok
15:42:20.0381 3268  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:42:20.0428 3268  RasAgileVpn - ok
15:42:20.0489 3268  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:42:20.0498 3268  RasAuto - ok
15:42:20.0540 3268  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:42:20.0548 3268  Rasl2tp - ok
15:42:20.0635 3268  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:42:20.0669 3268  RasMan - ok
15:42:20.0749 3268  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:42:20.0758 3268  RasPppoe - ok
15:42:20.0854 3268  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:42:20.0862 3268  RasSstp - ok
15:42:20.0909 3268  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:42:20.0953 3268  rdbss - ok
15:42:21.0010 3268  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:42:21.0112 3268  rdpbus - ok
15:42:21.0139 3268  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:42:21.0143 3268  RDPCDD - ok
15:42:21.0169 3268  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:42:21.0173 3268  RDPENCDD - ok
15:42:21.0226 3268  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:42:21.0230 3268  RDPREFMP - ok
15:42:21.0300 3268  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:42:21.0304 3268  RdpVideoMiniport - ok
15:42:21.0368 3268  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:42:21.0378 3268  RDPWD - ok
15:42:21.0458 3268  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:42:21.0470 3268  rdyboost - ok
15:42:21.0635 3268  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:42:21.0644 3268  RemoteAccess - ok
15:42:21.0768 3268  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:42:21.0821 3268  RemoteRegistry - ok
15:42:21.0929 3268  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:42:21.0937 3268  RpcEptMapper - ok
15:42:21.0961 3268  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:42:21.0962 3268  RpcLocator - ok
15:42:22.0002 3268  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:42:22.0007 3268  RpcSs - ok
15:42:22.0062 3268  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:42:22.0069 3268  rspndr - ok
15:42:22.0108 3268  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:42:22.0109 3268  SamSs - ok
15:42:22.0312 3268  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:42:22.0331 3268  sbp2port - ok
15:42:22.0408 3268  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:42:22.0419 3268  SCardSvr - ok
15:42:22.0445 3268  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:42:22.0451 3268  scfilter - ok
15:42:22.0589 3268  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:42:22.0698 3268  Schedule - ok
15:42:22.0735 3268  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:42:22.0737 3268  SCPolicySvc - ok
15:42:22.0778 3268  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
15:42:22.0786 3268  sdbus - ok
15:42:22.0840 3268  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:42:22.0906 3268  SDRSVC - ok
15:42:23.0040 3268  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
15:42:23.0074 3268  SDScannerService - ok
15:42:23.0239 3268  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:42:23.0273 3268  SDUpdateService - ok
15:42:23.0342 3268  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:42:23.0345 3268  SDWSCService - ok
15:42:23.0375 3268  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:42:23.0381 3268  secdrv - ok
15:42:23.0531 3268  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:42:23.0538 3268  seclogon - ok
15:42:23.0596 3268  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:42:23.0605 3268  SENS - ok
15:42:23.0624 3268  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:42:23.0632 3268  SensrSvc - ok
15:42:23.0683 3268  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:42:23.0687 3268  Serenum - ok
15:42:23.0695 3268  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:42:23.0705 3268  Serial - ok
15:42:23.0727 3268  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:42:23.0733 3268  sermouse - ok
15:42:23.0775 3268  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:42:23.0825 3268  SessionEnv - ok
15:42:23.0871 3268  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:42:23.0876 3268  sffdisk - ok
15:42:23.0919 3268  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:42:23.0924 3268  sffp_mmc - ok
15:42:23.0994 3268  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:42:23.0998 3268  sffp_sd - ok
15:42:24.0036 3268  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:24.0042 3268  sfloppy - ok
15:42:24.0133 3268  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:42:24.0188 3268  SharedAccess - ok
15:42:24.0313 3268  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:42:24.0341 3268  ShellHWDetection - ok
15:42:24.0371 3268  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:24.0420 3268  SiSRaid2 - ok
15:42:24.0458 3268  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:24.0492 3268  SiSRaid4 - ok
15:42:24.0615 3268  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:42:24.0622 3268  Smb - ok
15:42:24.0654 3268  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:42:24.0657 3268  SNMPTRAP - ok
15:42:24.0706 3268  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:42:24.0711 3268  spldr - ok
15:42:24.0770 3268  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:42:24.0789 3268  Spooler - ok
15:42:24.0918 3268  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:42:25.0017 3268  sppsvc - ok
15:42:25.0093 3268  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:42:25.0102 3268  sppuinotify - ok
15:42:25.0258 3268  [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:42:25.0261 3268  SQLWriter - ok
15:42:25.0324 3268  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:42:25.0367 3268  srv - ok
15:42:25.0421 3268  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:42:25.0648 3268  srv2 - ok
15:42:25.0685 3268  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:42:25.0696 3268  SrvHsfHDA - ok
15:42:25.0793 3268  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:42:26.0002 3268  SrvHsfV92 - ok
15:42:26.0059 3268  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:42:26.0171 3268  SrvHsfWinac - ok
15:42:26.0264 3268  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:42:26.0326 3268  srvnet - ok
15:42:26.0389 3268  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:42:26.0519 3268  SSDPSRV - ok
15:42:26.0668 3268  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:42:26.0676 3268  SstpSvc - ok
15:42:26.0742 3268  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:42:26.0748 3268  stexstor - ok
15:42:26.0827 3268  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:42:26.0883 3268  stisvc - ok
15:42:26.0949 3268  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:42:26.0954 3268  swenum - ok
15:42:27.0014 3268  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:42:27.0092 3268  swprv - ok
15:42:27.0173 3268  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:42:27.0220 3268  SysMain - ok
15:42:27.0464 3268  [ 756AB3173A28DC66153214B59EBBC271 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
15:42:27.0481 3268  SystemExplorerHelpService - ok
15:42:27.0523 3268  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:42:27.0578 3268  TabletInputService - ok
15:42:27.0735 3268  [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
15:42:27.0740 3268  tap0901 - ok
15:42:27.0857 3268  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:42:27.0902 3268  TapiSrv - ok
15:42:28.0035 3268  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:42:28.0037 3268  TBS - ok
15:42:28.0162 3268  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:42:28.0465 3268  Tcpip - ok
15:42:28.0561 3268  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:42:28.0574 3268  TCPIP6 - ok
15:42:28.0651 3268  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:42:28.0755 3268  tcpipreg - ok
15:42:28.0829 3268  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:42:28.0858 3268  TDPIPE - ok
15:42:28.0926 3268  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:42:28.0930 3268  TDTCP - ok
15:42:28.0992 3268  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:42:29.0045 3268  tdx - ok
15:42:29.0114 3268  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:42:29.0121 3268  TermDD - ok
15:42:29.0191 3268  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:42:29.0244 3268  TermService - ok
15:42:29.0385 3268  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:42:29.0458 3268  Themes - ok
15:42:29.0544 3268  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:42:29.0546 3268  THREADORDER - ok
15:42:29.0658 3268  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:42:29.0693 3268  TrkWks - ok
15:42:29.0771 3268  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:42:29.0773 3268  TrustedInstaller - ok
15:42:29.0879 3268  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:29.0885 3268  tssecsrv - ok
15:42:30.0016 3268  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:42:30.0023 3268  TsUsbFlt - ok
15:42:30.0071 3268  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:42:30.0074 3268  tunnel - ok
15:42:30.0142 3268  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:42:30.0149 3268  uagp35 - ok
15:42:30.0285 3268  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:42:30.0340 3268  udfs - ok
15:42:30.0479 3268  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:42:30.0481 3268  UI0Detect - ok
15:42:30.0546 3268  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
15:42:30.0553 3268  UimBus - ok
15:42:30.0586 3268  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
15:42:30.0620 3268  Uim_IM - ok
15:42:30.0666 3268  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
15:42:30.0709 3268  Uim_VIM - ok
15:42:30.0804 3268  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:42:30.0811 3268  uliagpkx - ok
15:42:30.0901 3268  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:42:30.0908 3268  umbus - ok
15:42:30.0978 3268  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:42:30.0982 3268  UmPass - ok
15:42:31.0110 3268  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:42:31.0114 3268  Updater Service - ok
15:42:31.0178 3268  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:42:31.0211 3268  upnphost - ok
15:42:31.0386 3268  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:42:31.0399 3268  usbaudio - ok
15:42:31.0428 3268  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:42:31.0437 3268  usbccgp - ok
15:42:31.0516 3268  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:42:31.0537 3268  usbcir - ok
15:42:31.0583 3268  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:42:31.0590 3268  usbehci - ok
15:42:31.0737 3268  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:42:31.0859 3268  usbhub - ok
15:42:31.0890 3268  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:42:31.0937 3268  usbohci - ok
15:42:32.0046 3268  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:42:32.0081 3268  usbprint - ok
15:42:32.0108 3268  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:42:32.0179 3268  usbscan - ok
15:42:32.0245 3268  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:42:32.0278 3268  USBSTOR - ok
15:42:32.0387 3268  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:42:32.0429 3268  usbuhci - ok
15:42:32.0527 3268  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:42:32.0537 3268  usbvideo - ok
15:42:32.0611 3268  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:42:32.0619 3268  UxSms - ok
15:42:32.0648 3268  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:42:32.0650 3268  VaultSvc - ok
15:42:32.0803 3268  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:42:32.0835 3268  vdrvroot - ok
15:42:32.0952 3268  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:42:32.0969 3268  vds - ok
15:42:33.0022 3268  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:42:33.0026 3268  vga - ok
15:42:33.0108 3268  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:42:33.0113 3268  VgaSave - ok
15:42:33.0168 3268  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:42:33.0195 3268  vhdmp - ok
15:42:33.0257 3268  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:42:33.0319 3268  viaide - ok
15:42:33.0357 3268  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:42:33.0365 3268  volmgr - ok
15:42:33.0460 3268  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:42:33.0488 3268  volmgrx - ok
15:42:33.0510 3268  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:42:33.0565 3268  volsnap - ok
15:42:33.0616 3268  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:42:33.0626 3268  vsmraid - ok
15:42:33.0784 3268  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:42:33.0830 3268  VSS - ok
15:42:33.0885 3268  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:42:33.0891 3268  vwifibus - ok
15:42:33.0911 3268  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:42:33.0917 3268  vwififlt - ok
15:42:33.0973 3268  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:42:33.0977 3268  vwifimp - ok
15:42:34.0069 3268  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:42:34.0124 3268  W32Time - ok
15:42:34.0162 3268  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:42:34.0201 3268  WacomPen - ok
15:42:34.0252 3268  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:42:34.0260 3268  WANARP - ok
15:42:34.0301 3268  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:42:34.0302 3268  Wanarpv6 - ok
15:42:34.0400 3268  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:42:34.0448 3268  wbengine - ok
15:42:34.0526 3268  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:42:34.0537 3268  WbioSrvc - ok
15:42:34.0614 3268  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:42:34.0769 3268  wcncsvc - ok
15:42:34.0846 3268  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:42:34.0854 3268  WcsPlugInService - ok
15:42:34.0979 3268  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:42:34.0985 3268  Wd - ok
15:42:35.0040 3268  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:42:35.0068 3268  Wdf01000 - ok
15:42:35.0096 3268  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:42:35.0108 3268  WdiServiceHost - ok
15:42:35.0158 3268  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:42:35.0160 3268  WdiSystemHost - ok
15:42:35.0258 3268  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:42:35.0335 3268  WebClient - ok
15:42:35.0517 3268  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:42:35.0539 3268  Wecsvc - ok
15:42:35.0603 3268  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:42:35.0626 3268  wercplsupport - ok
15:42:35.0667 3268  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:42:35.0703 3268  WerSvc - ok
15:42:35.0738 3268  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:42:35.0759 3268  WfpLwf - ok
15:42:35.0791 3268  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:42:35.0823 3268  WIMMount - ok
15:42:35.0882 3268  WinDefend - ok
15:42:36.0132 3268  [ 0E77040FCFCCBD7B12A16A11ECD3E66F ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
15:42:36.0148 3268  Windows7FirewallService - ok
15:42:36.0158 3268  WinHttpAutoProxySvc - ok
15:42:36.0278 3268  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:42:36.0334 3268  Winmgmt - ok
15:42:36.0435 3268  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:42:36.0544 3268  WinRM - ok
15:42:36.0585 3268  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:42:36.0592 3268  WinUsb - ok
15:42:36.0658 3268  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:42:36.0756 3268  Wlansvc - ok
15:42:36.0975 3268  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:42:37.0077 3268  wlidsvc - ok
15:42:37.0166 3268  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:42:37.0166 3268  WmiAcpi - ok
15:42:37.0292 3268  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:42:37.0297 3268  wmiApSrv - ok
15:42:37.0335 3268  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:42:37.0341 3268  WPCSvc - ok
15:42:37.0410 3268  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:42:37.0421 3268  WPDBusEnum - ok
15:42:37.0514 3268  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:42:37.0536 3268  ws2ifsl - ok
15:42:37.0575 3268  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:42:37.0585 3268  wscsvc - ok
15:42:37.0596 3268  WSearch - ok
15:42:37.0701 3268  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:42:37.0780 3268  wuauserv - ok
15:42:37.0827 3268  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:42:37.0834 3268  WudfPf - ok
15:42:37.0949 3268  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:42:37.0999 3268  WUDFRd - ok
15:42:38.0060 3268  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:42:38.0089 3268  wudfsvc - ok
15:42:38.0209 3268  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:42:38.0318 3268  WwanSvc - ok
15:42:38.0360 3268  ================ Scan global ===============================
15:42:38.0408 3268  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:42:38.0591 3268  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:42:38.0635 3268  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:42:38.0674 3268  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:42:38.0769 3268  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:42:38.0777 3268  [Global] - ok
15:42:38.0781 3268  ================ Scan MBR ==================================
15:42:38.0811 3268  [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
15:42:42.0459 3268  \Device\Harddisk0\DR0 - ok
15:42:42.0463 3268  ================ Scan VBR ==================================
15:42:42.0502 3268  [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
15:42:42.0504 3268  \Device\Harddisk0\DR0\Partition1 - ok
15:42:42.0516 3268  [ 56107C40DBBB03E1EA7359A3E096130D ] \Device\Harddisk0\DR0\Partition2
15:42:42.0518 3268  \Device\Harddisk0\DR0\Partition2 - ok
15:42:42.0522 3268  ============================================================
15:42:42.0522 3268  Scan finished
15:42:42.0522 3268  ============================================================
15:42:42.0540 4876  Detected object count: 0
15:42:42.0540 4876  Actual detected object count: 0
15:42:52.0819 4312  Deinitialize success
         

Geändert von Roadmaster (04.02.2013 um 14:44 Uhr)

Alt 04.02.2013, 16:22   #14
M-K-D-B
/// TB-Ausbilder
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Servus,



Wie läuft dein Rechner momentan?



Schritt 1
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 05.02.2013, 09:11   #15
Roadmaster
 
Deutsche Post Mail - Standard

Deutsche Post Mail



Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
jo :: JO-PC [Administrator]

04.02.2013 18:20:59
mbam-log-2013-02-04 (18-20-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222693
Laufzeit: 6 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=47de8d525c1aeb4ebd81d4d141d2da6a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-04 07:10:04
# local_time=2013-02-04 08:10:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 277025 111634854 0 0
# scanned=135134
# found=0
# cleaned=0
# scan_time=4413
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.57  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.5.502.146  
 Adobe Reader XI  
 Mozilla Firefox (18.0.1) 
 Mozilla Thunderbird (3.1.20) Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Windows7FirewallControl Windows7FirewallService.exe   
 Windows7FirewallControl Windows7FirewallControl.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Antwort

Themen zu Deutsche Post Mail
ads -, deutsche, deutsche post, fehler, klicke, launch, link, mail, online, problem, schrift, thread



Ähnliche Themen: Deutsche Post Mail


  1. Trojaner durch Fake- Deutsche Post Mail eingefangen
    Log-Analyse und Auswertung - 10.01.2015 (14)
  2. E-Mail Deutsche Post - ein Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  3. Deutsche Post Trojaner - Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (10)
  4. Misteriöse e-mail von: Deutsche Post !
    Diskussionsforum - 12.02.2013 (11)
  5. Deutsche Post E-Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (5)
  6. Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
    Log-Analyse und Auswertung - 22.01.2013 (19)
  7. Deutsche Post Trojaner
    Log-Analyse und Auswertung - 05.01.2013 (18)
  8. Vermutlich Deutsche Post Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (19)
  9. Deutsche Post Email Anhang geöffnet
    Log-Analyse und Auswertung - 31.12.2012 (24)
  10. Deutsche Post-mail mit Rogue.PCDefenderPlus
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (20)
  11. Trojaner durch Deutsche Post E-Mail
    Log-Analyse und Auswertung - 14.11.2012 (3)
  12. Deutsche Post Etikett-Email
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (9)
  13. Trojaner aus Deutsche Post Fake Mail
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (22)
  14. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  15. E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (33)
  16. Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  17. Trojaner nach falscher Deutsche-Post e-mail.
    Log-Analyse und Auswertung - 13.06.2012 (1)

Zum Thema Deutsche Post Mail - Hallo, ich habe exakt das gleiche Problem wie in dem Thread: deutsche post fehler in der lieferanschrift - aber keine zip datei Ja, ich bin ein Depp, auf den Link - Deutsche Post Mail...
Archiv
Du betrachtest: Deutsche Post Mail auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.