Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 03.02.2013, 22:17   #1
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Icon26

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Guten Abend,

ich finde es unglaublich toll, dass Ihr hier hilflosen Usern selbstlos bei Problemen helft. Habe hier hin und wieder mal gelesen, brauche dieses mal jedoch Eure Hilfe:

Ich hatte seit einigen Wochen mit Problemen an meinem Laptop zu kämpfen. Die CPU Auslastung war ständig auf knapp 100% obwohl ich keine Anwendung laufen hatte und im Taskmanager war nichts zu sehen. Ich habe daraufhin meinen Autostart stark bereinigt und Virenscans durchgeführt (Avira Free Antivir). Dieser fand auch einen Trojaner Namens: TR/Dropper.Gen . Meine Firefox Startseite hatte ich zeitweise wieder auf meine Seite einstellen müssen, weil sie wohl durch den Trojaner geändert wurde.

Nun dachte ich sei das Problem durch Virenscan u. Quarantäne erledigt, jedoch zeigte sich beim Öffnen meiner Webcam folgende Fehlermeldung:

Server ist ausgelastet
Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie auf "Wechseln zu", um zu der anderen Anwendung zu wechseln und das Problem zu beheben.

Was anscheinend auf einen Trojanerbefall hindeutet?

Ich habe gelesen, ich solle Java deaktivieren, was ich nun auch getan habe. Ich bin jedoch leider ein wenig damit überfordert, meinen Laptop wieder Viren/Trojanerfrei zu bekommen. Ich wäre Euch wirklich unglaublich dankbar, wenn mir jemand dabei helfen könnte.

Vielen vielen Dank!

LG compaq

Alt 04.02.2013, 10:31   #2
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


hi
1. öffne Avira, Verwaltung, Quarantäne, poste alle Fundmeldungen mit Pfadangaben.
2.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 04.02.2013, 14:14   #3
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Danke, dass Du dich meines Problems annimmst.

Code:
ATTFilter
Avira Quarantäne Meldungen:


Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\573b2f8b-3aebc4f7
Status:	Infiziert
Quarantäne-Objekt:	306b259d.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	JA
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Ternub.Gen
Datum/Uhrzeit:	03.01.2013, 16:29


Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3cdc150a-742310b1
Status:	Infiziert
Quarantäne-Objekt:	24661e11.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	TR/Expl.Java.CVE20100840.W
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\599cce57-123b2907
Status:	Infiziert
Quarantäne-Objekt:	416917f6.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/2011-3544.EB
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\334e64d-43b9ceb6
Status:	Infiziert
Quarantäne-Objekt:	53640eea.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Ternub.Gen
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b040aca-10f5ebf9
Status:	Infiziert
Quarantäne-Objekt:	16ae65b7.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Jovab.Gen
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4fcff255-682a9cb3
Status:	Infiziert
Quarantäne-Objekt:	6dcb6e07.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/2012-1723.GK
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1d47e9f2-5d0324a1
Status:	Infiziert
Quarantäne-Objekt:	72c042f9.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2012-4681.A.14
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\60f656c7-20742d38
Status:	Infiziert
Quarantäne-Objekt:	4cc5235a.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2012-0507
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\4c9a72c6-60190649
Status:	Infiziert
Quarantäne-Objekt:	78f831bf.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2011-3544
Datum/Uhrzeit:	03.01.2013, 16:29


Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2fe3821e-7b1d0bac
Status:	Infiziert
Quarantäne-Objekt:	555e734a.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Jovab.Gen
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\2a82af31-46d656cc
Status:	Infiziert
Quarantäne-Objekt:	5f9e6da9.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2011-3544.CF
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\76a555a2-3749c1cf
Status:	Infiziert
Quarantäne-Objekt:	5b4843bd.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2012-0507
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\26f783ff-1eacde61
Status:	Infiziert
Quarantäne-Objekt:	1e9a7e48.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/2011-3544.EL.1
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\37101a68-4a9aa9f6
Status:	Infiziert
Quarantäne-Objekt:	2aa17a29.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/2012-0507.CW
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\931579a-20498553
Status:	Infiziert
Quarantäne-Objekt:	19200e96.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	BDS/Java.KBJ
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\63367df4-4b1487e9
Status:	Infiziert
Quarantäne-Objekt:	0ed9029a.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2012-0507
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\63f68c9d-6ccba63a
Status:	Infiziert
Quarantäne-Objekt:	10760a3d.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Ternub.Gen
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\69172239-616b7466
Status:	Infiziert
Quarantäne-Objekt:	3d741cb7.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/Java.Ternub.a.10
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2e27e4b7-56ac732a
Status:	Infiziert
Quarantäne-Objekt:	426e2ee2.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/CVE-2011-3544.CF
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4afe85ab-7b9561b7
Status:	Infiziert
Quarantäne-Objekt:	46a05633.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Ternub.Gen
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7d529308-6806333d
Status:	Infiziert
Quarantäne-Objekt:	54030b32.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.55.166
Meldung:	EXP/JAVA.Ternub.Gen
Datum/Uhrzeit:	03.01.2013, 16:29

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\Local\Mozilla\Firefox\Profiles\r5is1kv7.default\Cache\5\04\169E5d01
Status:	Infiziert
Quarantäne-Objekt:	54edf509.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.224
Virendefinitionsdatei:	7.11.54.174
Meldung:	JS/BlacoleRef.W.79
Datum/Uhrzeit:	26.12.2012, 20:51

Typ:	Datei
Quelle:	H:\Formatierung\MsgPlusLive-460.exe
Status:	Infiziert
Quarantäne-Objekt:	559502a9.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.222
Virendefinitionsdatei:	7.11.53.248
Meldung:	TR/SwizDrop-I.A.4
Datum/Uhrzeit:	15.12.2012, 18:10

Typ:	Datei
Quelle:	H:\Formatierung\MsgPlusLive-460.exe
Status:	Infiziert
Quarantäne-Objekt:	55d305e1.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.222
Virendefinitionsdatei:	7.11.53.248
Meldung:	TR/SwizDrop-I.A.4
Datum/Uhrzeit:	15.12.2012, 18:10

Typ:	Datei
Quelle:	C:\Users\Armin\AppData\Local\Mozilla\Firefox\Profiles\r5is1kv7.default\Cache\E\FD\A4F7Cd01
Status:	Infiziert
Quarantäne-Objekt:	4b2bf3ae.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.02.10.08
Virendefinitionsdatei:	7.11.24.194
Meldung:	JS/Agent.cja.3
Datum/Uhrzeit:	09.03.2012, 02:17

Code:
ATTFilter
Extras.TxtOTL EXTRAS Logfile:


	
Code: 

 
ATTFilter


  

	
OTL Extras logfile created on: 04.02.2013 13:42:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Armin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 0,21 Gb Available Physical Memory | 5,58% Memory free
7,49 Gb Paging File | 3,09 Gb Available in Paging File | 41,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 105,60 Gb Free Space | 37,11% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive G: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,82% Space Free | Partition Type: FAT
 
Computer Name: ARMIN-LAPTOP | User Name: Armin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0166EF37-0A6B-480E-AFD2-9D390BBE1123}" = lport=137 | protocol=17 | dir=in | app=system | 
"{17B09F8A-D8FB-4AF0-AA38-944568B4C4DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3997BBC4-E8A3-4DA9-9BE4-2EFC7E3711C5}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{41A1C288-EDDC-4186-8C67-0A48EC462A39}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{49273BCC-B4EB-4118-9EC4-0FB956C33B53}" = lport=139 | protocol=6 | dir=in | app=system | 
"{52D3038D-3B74-47DA-8E5B-6FD3C2A43F6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{60A3A964-FF37-4757-87ED-4A252F44F62E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64604D22-829C-4E4A-964E-FCB244AF0B64}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70C447FE-4D10-490E-B2CD-B5047891AB17}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{72694F1C-F573-48D1-9798-1312AFFB7ADA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7C4469F7-F1A9-45AB-A3B8-89EBB61E9B4B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{83A32FEF-FC91-4EEF-B569-E20AF3840AE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{86A86D73-581B-4497-AC49-6DBC210DE573}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D4C549C-ACD9-401C-B87B-3C971C1A766D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E74ED58-20B7-4F76-ACA4-0518DBD91E8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93B200FC-2246-4745-9D5C-9FA2560D6136}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{947EF68E-5CE6-4E0A-B48B-EB9615885079}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{972F3F86-F940-4BD0-B0E2-F4E5DD12ACB1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9A3BA201-BA6F-484C-87CA-8DCE2D581B3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ADFA61E3-1BAA-4D69-9397-95C014A2105A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B0693071-6701-444C-A87A-13CBAB2A9C20}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{BFCAB58E-5C8A-4926-8685-99DF4213C537}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CE2B75A0-018E-440C-B3EB-EBCE2D3CBCDA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CF6BBF3B-5F2E-4A6F-8FB9-33F19BFD24F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3103142-ED8D-4457-B88F-8F2FCA3BDDE0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E5F6C012-619C-4FBB-AF24-72615B8BA524}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED56CAC5-A259-4458-898B-911A4A627FEF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F060CBEE-112B-478E-A526-54C606FC01F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F07F41B1-4E66-4D95-806D-8D857F5F5CFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F24131C5-FC06-4D23-9553-604DFA38C9AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FA2A5638-B220-44F2-BE1B-BD2F90A7E628}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FE3F1277-7513-401F-9C87-2BF4D33DC170}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002F3E0A-B9BE-4C98-A5B6-D06CEAC0E51C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{04FA3F68-C625-4D46-96D4-0CDDB30B340C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0A8E01CE-0B82-4807-BA39-138981D59256}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0A9E902C-95EC-4DCF-A574-0B4D39BADE27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0ADA636B-C434-42F0-8397-73DF4F6C9900}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C153034-7A4E-405F-84B7-DCC0B13771FF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0E50D943-3646-4013-AF1C-AE4A8E01F66A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{120BC661-E621-4C7A-8936-ADC4A318A93B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{1468F15E-AC06-4B63-8835-ADA38A950DAE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1554E426-09A3-4C5C-A6AD-D4A7CD73D335}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1DBFD2F5-8C23-4136-8115-9C0D6B4C3578}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{221C84D6-AFE6-4008-9836-52D8CBB2A419}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{27A9403D-CBF9-4EB4-8E4E-EF608E278FD0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2BBA941C-ED54-429A-BC8D-27B80BDD92EE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2DE6E28F-96E8-4784-8CC0-05A01E549868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34AB4D45-C10A-4956-B4E3-449A03F16B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{381316F0-9A3A-46FB-9A48-21323A5708CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{384B930D-8466-40CA-AF6A-4FA33FB47355}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{42B0CB9B-C29A-4407-B882-BD5E00EE4F8F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4415EB25-69CA-4C64-A6A3-9916551C4B14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{462FDB54-D25B-427C-8E12-AB3B8EADE142}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4656DDB2-90E6-4D48-9EF7-8E87F4141326}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{48339CA2-B98A-48D7-9BBB-5BB0199FB5D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4D71DCEB-6800-4C82-A1F8-DB5FCBF888D7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4DF1A3C1-F4DC-4A8C-891B-422EA1FBC557}" = protocol=6 | dir=out | app=system | 
"{50FCBB02-B6FE-47A8-B5D0-22AF91112CF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{520A0C42-A4AD-4916-BD67-40ABDD9B1DE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{52FACE37-0C5A-4067-9766-11A0EE87C1A5}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{57DCC33B-6427-4633-9B41-589D3F19DEF6}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{62F26E3D-03D6-4854-BB55-1B7B6C93585F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6D9A2B1C-0E61-49AD-8393-9565498EFD89}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{711CE587-DB69-4206-96A5-4B9DE2739D2B}" = dir=in | app=c:\users\armin\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{730F200B-2F7F-4EBC-8AD3-6A3AEF726F98}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7377AE91-1C1B-49C3-9992-082699116AA3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7A00CB8C-DE8B-4598-B574-B17563FD5096}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{7A69EF44-CF8A-4AB4-9F36-A35A80E8E946}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7DD3C3BF-C4BD-40DE-9692-76F8EE5C2EA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7DFEEF81-CB64-4491-BB1C-53984F9E3770}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8104CA59-70CE-401D-98AB-7592CD246869}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E183816-CF60-49DB-B9FB-80AAD9A03011}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
"{94C63A2A-1495-478B-A368-499EFE94CC66}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe | 
"{96734A13-4097-47F1-9D36-18858480D3EE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9951550A-A5EB-41A7-B83F-0C0A3CE3A24F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C90259F-9873-44FF-8D58-747E622F3468}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe | 
"{A26112D3-A03E-4D69-A225-75A6EBA7835C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2DB7325-124F-4EAC-A38A-D9C75DFB25B5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A6CDB428-D9B3-4AFE-801F-16169CA381DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A701BD8B-47E0-4846-8C6F-89EDB1C5E856}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A71E4130-35CE-4C7A-A224-B78EB59A141A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A78DFFE6-0130-4AEB-BB45-86B23E3C01A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ADFF3138-F176-4D39-AE9D-7CB31EA0548B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B0EE65CB-2B1E-4134-91D4-9990D6650FB6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B1FFE9A3-D9DD-4BC6-A24C-E89794BCA553}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{B38C3BD5-84C8-4734-A556-18CC989A29D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3A8ADF9-29F3-47FB-8240-5BE353E6F39E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B69B255C-9293-4655-8640-4120B7938456}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B6DECAA8-D2FA-4BB4-A494-325A867D2774}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BBEAE053-918A-4E6A-87FC-1F115F61F85A}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe | 
"{BDBCDD92-EB2F-4B0C-B879-75F132F54FCD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF485F73-8FEA-4762-9DEA-01D07C88559F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C8B44305-06F7-4588-9D95-ECA738B62D7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8BCA79D-3CB3-41E7-A712-4A6A0C7E9CA6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | 
"{CF3B858B-5ABA-454B-A330-E7C344AE67B7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D2EFEA3A-D70B-40D7-BAC4-57DCD925EE28}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D4CF4784-AE74-49CD-952F-F49ACCE366B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D89629DF-8618-448E-8225-632A609C221B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DF515258-22F1-49FC-908E-A61A8C83C600}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E313BBDE-3684-4D43-89FB-3C86CA26E624}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E792F77C-55D0-4026-844C-3A41FA42E08B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E857C1D9-8A50-4C58-9F4C-6A2844BF7DB2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EF3416F7-35D5-47CB-9011-24413575B57C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{F13D68A3-25DE-4E04-B5DD-495E342AA644}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F16EF0E3-2DE4-4075-A807-B175E652135B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F3B344E0-903D-4CFD-970D-50E9B070A4BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA9F83AE-1E9A-4632-A6DB-EA4E26936A07}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FB113478-7F1D-4091-A459-65AFA40D81FB}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2 demo\bf2.exe | 
"{FD0E640C-A9B8-4220-B026-606DC827F9ED}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FDFC497C-8021-4826-9366-AC6A2749B244}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{29DFBD81-86E9-46CE-9480-F8542CD65A95}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{6E9548C2-1C94-4D76-9FB5-4011D0640A56}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{9C9BF2FA-BD14-41E8-9563-54E3836CC86A}C:\users\armin\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\users\armin\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe | 
"UDP Query User{4571AB65-97F6-4A4F-A18F-46C7D873AE87}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{4BABE484-9E19-47BD-A40B-5458B70498D3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F089B6F3-B7DC-4916-AC9B-2DEF93699164}C:\users\armin\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\users\armin\appdata\local\xenocode\sandbox\adobe premiere pro cs3\3, 0, 0, 0\2010.01.28t18.06\native\stubexe\8.0.1112\@programfiles@\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{53646626-11D9-33C6-8BB1-472536192DC4}" = Google Talk Plugin
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86391634-A94B-4355-8397-3D85C2F942DA}" = SP45575 - Wallpaper Picture Position Enabler for Windows 7
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9ee7f174-96ab-4a82-8436-e95b07c568ef}" = Nero MediaHome 4 Essentials
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}" = Microsoft Server Speech Text to Speech Voice (de-DE, Hedda)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires" = Microsoft Age of Empires
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PPLive" = PPLive 1.9
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 20:45:12 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9952
 
Error - 03.02.2013 08:33:05 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.02.2013 08:33:05 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1904491
 
Error - 03.02.2013 08:33:05 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1904491
 
Error - 03.02.2013 16:47:54 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.02.2013 16:48:00 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10499
 
Error - 03.02.2013 16:48:00 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10499
 
Error - 04.02.2013 03:40:38 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.02.2013 03:40:39 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14446
 
Error - 04.02.2013 03:40:39 | Computer Name = Armin-LAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14446
 
[ Cisco AnyConnect VPN Client Events ]
Error - 03.02.2013 08:47:06 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 03.02.2013 08:47:06 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 03.02.2013 09:40:34 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 03.02.2013 09:40:35 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 03.02.2013 09:40:40 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.02.2013 09:40:40 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.02.2013 09:40:40 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 03.02.2013 09:40:40 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 03.02.2013 09:40:40 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 03.02.2013 09:40:40 | Computer Name = Armin-LAPTOP | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
[ Hewlett-Packard Events ]
Error - 01.08.2012 16:11:05 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HPSFConfigReader.ConfigHelper.loadXML()

   bei HPSFConfigReader.ConfigHelper..ctor()     bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Message: Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst.  StackTrace:
   bei HPSFConfigReader.ConfigHelper.loadXML()     bei HPSFConfigReader.ConfigHelper..ctor()

   bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Source: HPSFConfigReader    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE  RAM: 3836
Ram
 Utilization: 40  TargetSite: Void loadXML()  
 
Error - 05.08.2012 18:47:10 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 07.08.2012 07:26:21 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 09.08.2012 17:31:08 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 17.08.2012 11:20:34 | Computer Name = Armin-LAPTOP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/5c513cf5_f323_434e_9f3b_69c755535397/rwqzpw0jipwvctpqvqzofyn1_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3836  Ram Utilization:   TargetSite: Void UpdateDetail(System.String)  
 
Error - 19.08.2012 11:57:42 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 19.08.2012 11:58:07 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 31.08.2012 17:12:32 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 01.09.2012 11:29:12 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 02.09.2012 11:30:16 | Computer Name = Armin-LAPTOP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.278|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.438|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.468|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.508|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.548|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.578|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.618|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 19.12.2012 07:39:14 | Computer Name = Armin-LAPTOP | Source = CaslSmBios | ID = 5
Description = 2012.12.19 12:39:14.648|00001420|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
[ OSession Events ]
Error - 17.02.2011 15:33:08 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.02.2011 15:35:38 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.02.2011 20:21:13 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2011 14:35:36 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2011 16:55:01 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6341.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2011 12:49:46 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.05.2011 12:49:50 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.05.2011 14:09:37 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.05.2011 06:58:49 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.01.2013 04:42:29 | Computer Name = Armin-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 318
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.02.2013 16:47:53 | Computer Name = Armin-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst RapiMgr erreicht.
 
Error - 03.02.2013 16:47:53 | Computer Name = Armin-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst EFS erreicht.
 
Error - 03.02.2013 22:02:16 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2007 suites
 (KB2760416)
 
Error - 03.02.2013 22:02:29 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2007 suites
 (KB2596615)
 
Error - 03.02.2013 22:02:29 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2007 suites
 (KB2596785)
 
Error - 03.02.2013 22:02:29 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Update für Microsoft Office 2007 suites (KB2596848)
 
Error - 03.02.2013 22:02:29 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2007 suites
 (KB2596672)
 
Error - 03.02.2013 22:02:29 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2007 suites
 (KB2687311)
 
Error - 03.02.2013 22:06:01 | Computer Name = Armin-LAPTOP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070663 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2007 suites
 (KB2687499)
 
Error - 04.02.2013 03:40:35 | Computer Name = Armin-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
 
< End of report >
         
 
--- --- ---

______Danke für die Hilfe!
__________________
Alt 04.02.2013, 14:14   #4
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Code:
ATTFilter
OTL.TxtOTL Logfile:


	
Code: 

 
ATTFilter


  

	
OTL logfile created on: 04.02.2013 13:42:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Armin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 0,21 Gb Available Physical Memory | 5,58% Memory free
7,49 Gb Paging File | 3,09 Gb Available in Paging File | 41,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 105,60 Gb Free Space | 37,11% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive G: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,82% Space Free | Partition Type: FAT
 
Computer Name: ARMIN-LAPTOP | User Name: Armin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.04 13:39:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Armin\Desktop\OTL.exe
PRC - [2013.01.19 07:40:56 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.01.09 13:27:23 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.08 19:38:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:16:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:16:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.29 13:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.10.29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.19 07:40:54 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.09 13:27:23 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013.01.19 07:40:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 13:27:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012.05.08 22:16:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:16:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.29 13:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.17 16:13:17 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.12.15 19:42:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.22 11:13:05 | 000,045,192 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rsvcdwdr.sys -- (rsvcdwdr)
DRV:64bit: - [2012.11.22 11:13:04 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.11.20 11:00:58 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio.sys -- (WsAudio_Device)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.05.08 22:16:50 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:16:50 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.29 13:35:40 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.09 05:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5DA8E2FE-4E18-4B66-9F05-67EB6994B371}
IE:64bit: - HKLM\..\SearchScopes\{07E434E3-221A-4F4A-97A9-62BFFB3B7BAF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{5DA8E2FE-4E18-4B66-9F05-67EB6994B371}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{8EA50541-C7E3-4373-A2A9-2E535B88BC36}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=6c7e783d-4600-4376-b140-d9772578ff14&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{07E434E3-221A-4F4A-97A9-62BFFB3B7BAF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{5DA8E2FE-4E18-4B66-9F05-67EB6994B371}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{8EA50541-C7E3-4373-A2A9-2E535B88BC36}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=6c7e783d-4600-4376-b140-d9772578ff14&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=6c7e783d-4600-4376-b140-d9772578ff14&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=6c7e783d-4600-4376-b140-d9772578ff14&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=6c7e783d-4600-4376-b140-d9772578ff14&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=6c7e783d-4600-4376-b140-d9772578ff14&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\..\SearchScopes\{07E434E3-221A-4F4A-97A9-62BFFB3B7BAF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\..\SearchScopes\{5DA8E2FE-4E18-4B66-9F05-67EB6994B371}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\..\SearchScopes\{8EA50541-C7E3-4373-A2A9-2E535B88BC36}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=proxy.uni-hamburg.de:3128;https=proxy.uni-hamburg.de:3128;ftp=proxy.uni-hamburg.de:3128
 
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1007\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=de_DE&c=94&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2515217932-3858544039-3057619197-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: nogroovesharkads%40tobbi.tk:2.0.6
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?q="
FF - prefs.js..network.proxy.backup.ftp: "206.130.99.82"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "206.130.99.82"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "206.130.99.82"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "206.130.99.82"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "206.130.99.82"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "206.130.99.82"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "206.130.99.82"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Armin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Armin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Armin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Armin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Armin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Armin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.13 11:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 07:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 22:20:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 07:40:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 22:20:37 | 000,000,000 | ---D | M]
 
[2010.07.16 21:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\Extensions
[2010.07.16 21:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.02.01 11:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\Firefox\Profiles\r5is1kv7.default\extensions
[2013.01.30 18:47:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Armin\AppData\Roaming\mozilla\Firefox\Profiles\r5is1kv7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.01.12 03:22:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Armin\AppData\Roaming\mozilla\Firefox\Profiles\r5is1kv7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.25 09:03:58 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Armin\AppData\Roaming\mozilla\Firefox\Profiles\r5is1kv7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.11.13 18:34:49 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\firefox\profiles\r5is1kv7.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012.09.02 23:46:21 | 000,003,284 | ---- | M] () (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\firefox\profiles\r5is1kv7.default\extensions\nogroovesharkads@tobbi.tk.xpi
[2012.10.25 15:11:16 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\firefox\profiles\r5is1kv7.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi
[2013.02.01 11:29:58 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Armin\AppData\Roaming\mozilla\firefox\profiles\r5is1kv7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.19 07:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.19 07:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.01.19 07:40:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.19 07:40:56 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.13 08:27:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 21:14:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.13 08:27:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.13 08:27:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.13 08:27:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.13 08:27:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000..\Run: [Facebook Update] C:\Users\Armin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2515217932-3858544039-3057619197-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2515217932-3858544039-3057619197-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2515217932-3858544039-3057619197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E2F83C6-37BC-4978-9C64-D6829C2FB6BC}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE019616-52A6-4C93-A2D1-DA560099DFA5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35f77ebd-4279-11e0-bea2-f1f141dfabe8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{35f77ec8-4279-11e0-bea2-f1f141dfabe8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{35f77ede-4279-11e0-bea2-f1f141dfabe8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5a8e23dd-b993-11df-9c51-00269e40ac98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{72783c95-a0a3-11df-aa31-00269e40ac98}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{72783ca2-a0a3-11df-aa31-00269e40ac98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74ba1ccd-50f4-11df-a61d-00269e40ac98}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{83e3790a-6ac3-11e0-91be-ff8dacd0349c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d323bbd7-ce3f-11df-bd0c-00269e40ac98}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d323bbda-ce3f-11df-bd0c-00269e40ac98}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df513eed-6aa2-11e0-989a-f3228e0e62e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B208AE84-919B-2F8F-453E-A69BAC64AD0D} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^Users^Armin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Armin\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Armin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk -  - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Armin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: Nero MediaHome 4 - hkey= - key= - C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QPService - hkey= - key= - C:\Program Files (x86)\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UIExec - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 13:38:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Armin\Desktop\OTL.exe
[2013.02.03 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\{C4668640-8202-4C48-B3E1-6AF9A91C0B20}
[2013.02.03 00:44:26 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\{B38AE8FC-02D0-426F-BCAA-0BE62531E3D3}
[2013.01.29 08:50:28 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\{2216F36D-02FB-4092-B5D7-A064943DB81E}
[2013.01.29 08:41:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.28 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\Armin\Desktop\2013-01-28
[2013.01.24 18:05:26 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Roaming\Malwarebytes
[2013.01.24 18:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.24 18:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.24 18:05:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.24 18:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.24 18:04:54 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\Programs
[2013.01.24 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2013.01.23 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\Armin\Desktop\baurecht
[2013.01.23 19:02:09 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\{40B6F24C-C504-4DE5-B7EA-E966F2BADB1E}
[2013.01.19 18:59:11 | 000,000,000 | ---D | C] -- C:\Users\Armin\Desktop\11  16
[2013.01.19 07:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.16 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\{B4183CB2-0831-4763-9AF2-602C5D2317F8}
[2013.01.08 01:06:03 | 000,000,000 | ---D | C] -- C:\Users\Armin\AppData\Local\{FA85F4ED-8F9C-40BF-AC16-B72297594B6F}
[4 C:\Users\Armin\Desktop\*.tmp files -> C:\Users\Armin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 13:39:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Armin\Desktop\OTL.exe
[2013.02.04 13:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 13:21:56 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000Core.job
[2013.02.04 13:21:29 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000UA.job
[2013.02.04 13:21:27 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000UA.job
[2013.02.04 13:21:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 13:21:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 00:45:03 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000Core.job
[2013.02.03 14:51:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 14:51:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 14:41:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.03 14:40:39 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.02.03 14:40:20 | 3016,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.02 19:55:17 | 000,041,425 | ---- | M] () -- C:\Users\Armin\Desktop\kapitel7.pdf
[2013.01.31 08:53:35 | 001,578,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.31 08:53:35 | 000,688,960 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.31 08:53:35 | 000,644,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 08:53:35 | 000,139,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.31 08:53:35 | 000,113,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.30 19:14:50 | 000,172,909 | ---- | M] () -- C:\Users\Armin\Desktop\SKA-AStA Ausgaben.pdf
[2013.01.28 11:30:26 | 000,014,893 | ---- | M] () -- C:\Users\Armin\Desktop\Bestaetigung_Bildupload.pdf
[2013.01.28 11:27:44 | 000,034,587 | ---- | M] () -- C:\Users\Armin\Desktop\ArminR.jpg
[2013.01.26 16:43:01 | 000,054,914 | ---- | M] () -- C:\Users\Armin\Desktop\428251_440249606048641_1716783831_n.jpg
[2013.01.24 23:52:20 | 000,001,053 | ---- | M] () -- C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 23:51:56 | 000,001,021 | ---- | M] () -- C:\Users\Armin\Desktop\Dropbox.lnk
[2013.01.24 00:25:56 | 013,979,648 | ---- | M] () -- C:\Users\Armin\Desktop\MSSpeech_TTS_de-DE_Hedda.msi
[2013.01.21 21:43:03 | 462,159,846 | ---- | M] () -- C:\3590F75ABA9E485486C100C1A9D4FF06HTNWLLZNDRPJFOCZ
[2013.01.21 17:15:30 | 000,022,696 | ---- | M] () -- C:\Users\Armin\Desktop\72_HBauO.pdf
[2013.01.20 19:58:14 | 000,007,604 | ---- | M] () -- C:\Users\Armin\AppData\Local\Resmon.ResmonCfg
[2013.01.16 09:42:04 | 000,079,418 | ---- | M] () -- C:\Users\Armin\Desktop\jzs-GMBHR-2007-20-1065-1-A-01.rtf
[2013.01.14 19:27:56 | 000,002,720 | ---- | M] () -- C:\Users\Armin\Desktop\steffen1.jpg
[2013.01.10 11:33:35 | 000,076,800 | ---- | M] () -- C:\Users\Armin\Desktop\gsShowInvoice.pdf
[2013.01.10 03:40:17 | 000,450,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 00:26:53 | 005,242,350 | ---- | M] () -- C:\Users\Armin\Desktop\Jahresverwaltungsbericht_PDF_05-06-2012_mit_Vorwort.pdf
[2013.01.07 23:55:46 | 000,528,518 | ---- | M] () -- C:\Users\Armin\Desktop\1357599132255.png
[2013.01.07 23:54:08 | 000,304,453 | ---- | M] () -- C:\Users\Armin\Desktop\1357596822699.jpg
[2013.01.07 22:10:30 | 000,376,950 | ---- | M] () -- C:\Users\Armin\Desktop\hh.jpg
[4 C:\Users\Armin\Desktop\*.tmp files -> C:\Users\Armin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.02 19:53:57 | 000,041,425 | ---- | C] () -- C:\Users\Armin\Desktop\kapitel7.pdf
[2013.01.30 19:14:31 | 000,172,909 | ---- | C] () -- C:\Users\Armin\Desktop\SKA-AStA Ausgaben.pdf
[2013.01.28 11:30:26 | 000,014,893 | ---- | C] () -- C:\Users\Armin\Desktop\Bestaetigung_Bildupload.pdf
[2013.01.28 11:27:43 | 000,034,587 | ---- | C] () -- C:\Users\Armin\Desktop\ArminR.jpg
[2013.01.26 16:42:59 | 000,054,914 | ---- | C] () -- C:\Users\Armin\Desktop\428251_440249606048641_1716783831_n.jpg
[2013.01.24 00:25:43 | 013,979,648 | ---- | C] () -- C:\Users\Armin\Desktop\MSSpeech_TTS_de-DE_Hedda.msi
[2013.01.23 17:39:23 | 001,275,425 | ---- | C] () -- C:\Users\Armin\Desktop\IMAG0290.jpg
[2013.01.23 17:33:08 | 000,001,053 | ---- | C] () -- C:\Users\Armin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.21 21:43:03 | 462,159,846 | ---- | C] () -- C:\3590F75ABA9E485486C100C1A9D4FF06HTNWLLZNDRPJFOCZ
[2013.01.21 17:15:16 | 000,022,696 | ---- | C] () -- C:\Users\Armin\Desktop\72_HBauO.pdf
[2013.01.16 09:41:50 | 000,079,418 | ---- | C] () -- C:\Users\Armin\Desktop\jzs-GMBHR-2007-20-1065-1-A-01.rtf
[2013.01.14 19:27:47 | 000,002,720 | ---- | C] () -- C:\Users\Armin\Desktop\steffen1.jpg
[2013.01.10 11:33:11 | 000,076,800 | ---- | C] () -- C:\Users\Armin\Desktop\gsShowInvoice.pdf
[2013.01.09 00:26:43 | 005,242,350 | ---- | C] () -- C:\Users\Armin\Desktop\Jahresverwaltungsbericht_PDF_05-06-2012_mit_Vorwort.pdf
[2013.01.07 23:55:43 | 000,528,518 | ---- | C] () -- C:\Users\Armin\Desktop\1357599132255.png
[2013.01.07 23:53:46 | 000,304,453 | ---- | C] () -- C:\Users\Armin\Desktop\1357596822699.jpg
[2013.01.07 22:09:56 | 000,376,950 | ---- | C] () -- C:\Users\Armin\Desktop\hh.jpg
[2011.08.09 22:19:08 | 000,007,604 | ---- | C] () -- C:\Users\Armin\AppData\Local\Resmon.ResmonCfg
[2011.03.31 18:58:35 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.02.14 12:13:08 | 000,001,854 | ---- | C] () -- C:\Users\Armin\AppData\Roaming\GhostObjGAFix.xml
[2010.02.26 23:14:32 | 000,003,584 | ---- | C] () -- C:\Users\Armin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.08 20:23:41 | 000,000,000 | ---- | C] () -- C:\Users\Armin\AppData\Roaming\wklnhst.dat
[2009.09.07 00:47:41 | 000,002,066 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.31 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\.minecraft
[2012.12.17 17:24:40 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Aimersoft Video Converter Ultimate
[2010.01.30 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Canon
[2013.01.13 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\DAEMON Tools Lite
[2013.02.03 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Dropbox
[2010.02.26 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\GetRightToGo
[2010.01.12 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\GrabPro
[2012.01.21 10:22:10 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\HTC
[2011.09.24 18:33:54 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.03.07 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\iWin
[2010.02.26 22:48:15 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\ManyCam
[2012.12.15 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\OpenCandy
[2010.01.30 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\OpenOffice.org
[2011.02.21 00:42:50 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Opera
[2010.01.12 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Orbit
[2010.06.11 14:44:10 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\PPLive
[2012.05.08 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\PrimoPDF
[2013.01.25 09:04:26 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\QuickScan
[2013.01.13 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Samsung
[2011.05.01 07:38:09 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\think-cell
[2010.07.16 21:23:35 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\TomTom
[2012.04.03 14:25:41 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\Windows Live Writer
[2010.01.09 19:12:49 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\WindSolutions
[2011.11.25 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Armin\AppData\Roaming\_MDLogs
[2011.10.04 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\HTC
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.20 22:56:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.08.16 20:58:11 | 000,000,000 | ---D | M] -- C:\00e3034017aa811e3c
[2009.08.26 05:11:02 | 000,000,000 | -HSD | M] -- C:\boot
[2010.01.30 15:38:14 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2013.01.30 08:42:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.06.26 04:01:42 | 000,000,000 | ---D | M] -- C:\d0cef667500c60e9e3
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.08 20:10:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.01.12 23:41:08 | 000,000,000 | ---D | M] -- C:\downloads
[2011.03.19 23:59:27 | 000,000,000 | ---D | M] -- C:\Games
[2009.09.07 00:52:58 | 000,000,000 | -H-D | M] -- C:\HP
[2011.02.22 16:19:45 | 000,000,000 | ---D | M] -- C:\inetpub
[2009.08.25 16:55:52 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.06.11 14:44:19 | 000,000,000 | ---D | M] -- C:\pfsvoddata
[2012.12.15 01:16:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.24 18:05:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.01.24 18:05:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.08 20:10:11 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.08 20:11:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.19 12:29:11 | 000,000,000 | ---D | M] -- C:\SwSetup
[2013.02.04 13:46:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.08 20:11:51 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2013.01.02 17:08:18 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.24 23:48:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.02.20 20:55:23 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000Core.job
[2010.02.20 20:55:24 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000UA.job
[2011.10.09 02:24:38 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000Core.job
[2011.10.09 02:24:39 | 000,001,138 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2515217932-3858544039-3057619197-1000UA.job
[2012.04.03 21:19:18 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.18 13:55:08 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.11.18 13:55:09 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.04 14:03:16 | 004,456,448 | -HS- | M] () -- C:\Users\Armin\ntuser.dat
[2013.02.04 14:03:15 | 000,262,144 | -HS- | M] () -- C:\Users\Armin\ntuser.dat.LOG1
[2010.01.08 20:10:22 | 000,000,000 | -HS- | M] () -- C:\Users\Armin\ntuser.dat.LOG2
[2010.01.08 21:49:23 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.01.08 21:49:23 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.01.08 21:49:23 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.10.25 10:38:18 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{2d941d6b-fe82-11e0-805c-00269e40ac98}.TM.blf
[2011.10.25 10:38:18 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{2d941d6b-fe82-11e0-805c-00269e40ac98}.TMContainer00000000000000000001.regtrans-ms
[2011.10.25 10:38:18 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{2d941d6b-fe82-11e0-805c-00269e40ac98}.TMContainer00000000000000000002.regtrans-ms
[2011.12.02 22:03:34 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{333a1a11-1cf0-11e1-9df1-00269e40ac98}.TM.blf
[2011.12.02 22:03:34 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{333a1a11-1cf0-11e1-9df1-00269e40ac98}.TMContainer00000000000000000001.regtrans-ms
[2011.12.02 22:03:34 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{333a1a11-1cf0-11e1-9df1-00269e40ac98}.TMContainer00000000000000000002.regtrans-ms
[2012.01.16 14:14:27 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{5883acdf-403e-11e1-96cb-00269e40ac98}.TM.blf
[2012.01.16 14:14:27 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{5883acdf-403e-11e1-96cb-00269e40ac98}.TMContainer00000000000000000001.regtrans-ms
[2012.01.16 14:14:27 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{5883acdf-403e-11e1-96cb-00269e40ac98}.TMContainer00000000000000000002.regtrans-ms
[2010.08.20 12:43:20 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\NTUSER.DAT{7df168e5-ac48-11df-8218-00269e40ac98}.TM.blf
[2010.08.20 12:43:20 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\NTUSER.DAT{7df168e5-ac48-11df-8218-00269e40ac98}.TMContainer00000000000000000001.regtrans-ms
[2010.08.20 12:43:20 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\NTUSER.DAT{7df168e5-ac48-11df-8218-00269e40ac98}.TMContainer00000000000000000002.regtrans-ms
[2010.11.04 13:44:29 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{8567ed72-e807-11df-a1b1-818d841a57e0}.TM.blf
[2010.11.04 13:44:29 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{8567ed72-e807-11df-a1b1-818d841a57e0}.TMContainer00000000000000000001.regtrans-ms
[2010.11.04 13:44:29 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{8567ed72-e807-11df-a1b1-818d841a57e0}.TMContainer00000000000000000002.regtrans-ms
[2010.11.23 01:43:21 | 000,065,536 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{ed3b8899-f697-11df-9228-c61c440184ea}.TM.blf
[2010.11.23 01:43:21 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{ed3b8899-f697-11df-9228-c61c440184ea}.TMContainer00000000000000000001.regtrans-ms
[2010.11.23 01:43:21 | 000,524,288 | -HS- | M] () -- C:\Users\Armin\ntuser.dat{ed3b8899-f697-11df-9228-c61c440184ea}.TMContainer00000000000000000002.regtrans-ms
[2010.01.08 20:10:22 | 000,000,020 | -HS- | M] () -- C:\Users\Armin\ntuser.ini
[2010.01.30 16:17:29 | 000,000,000 | ---- | M] () -- C:\Users\Armin\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
 
--- --- ---

Alt 04.02.2013, 14:20   #5
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


hmm da ist die Meldung nicht zu sehen.
öffne Avira, ereignisse und schau, ob du das ereigniss mit
TR/Dropper.Gen
findest, poste es bitte.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 14:58   #6
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


In der Datei 'C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\hiddata.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

am 24.01.2013

Und wie sieht der Rest so aus? Also die Scan-Logs?

Danke Dir!

Alt 04.02.2013, 16:12   #7
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


hi, sieht ok aus.
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\hiddata.exe
ist die noch in der Quarantäne?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 16:52   #8
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Ich glaube nicht, ich habe die Datei gelöscht.

Meine Webcam gibt mir immer noch die Fehlermeldung, wenn ich das Cam-Programm öffne.

aber

Alt 04.02.2013, 16:53   #9
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


hi
geh mal auf die hp seite, und update driver + Hilfsprogramme
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 17:11   #10
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Habe ich. Alles aktuell!

Und was mache ich jetzt?


Alt 04.02.2013, 17:12   #11
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


nicht andauernd fragen was du jetzt machst, währe ein anfang.
ich sags auch so.
de und reinstaliere mal die Software der kamera.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 17:36   #12
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


Habe ich. Fehlermeldung ist nicht mehr zu sehen.

Alt 04.02.2013, 17:40   #13
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


hi
schaun wir mal weiter.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.02.2013, 17:59   #14
hpcompaq
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


5 Funde:
Code:
ATTFilter
17:54:18.0425 5548  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:54:18.0679 5548  ============================================================
17:54:18.0679 5548  Current date / time: 2013/02/04 17:54:18.0679
17:54:18.0679 5548  SystemInfo:
17:54:18.0679 5548  
17:54:18.0679 5548  OS Version: 6.1.7601 ServicePack: 1.0
17:54:18.0679 5548  Product type: Workstation
17:54:18.0679 5548  ComputerName: ARMIN-LAPTOP
17:54:18.0679 5548  UserName: Armin
17:54:18.0679 5548  Windows directory: C:\Windows
17:54:18.0679 5548  System windows directory: C:\Windows
17:54:18.0679 5548  Running under WOW64
17:54:18.0679 5548  Processor architecture: Intel x64
17:54:18.0679 5548  Number of processors: 2
17:54:18.0679 5548  Page size: 0x1000
17:54:18.0679 5548  Boot type: Normal boot
17:54:18.0679 5548  ============================================================
17:54:20.0627 5548  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:54:20.0635 5548  Drive \Device\Harddisk1\DR1 - Size: 0x78180000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:54:20.0645 5548  ============================================================
17:54:20.0645 5548  \Device\Harddisk0\DR0:
17:54:20.0647 5548  MBR partitions:
17:54:20.0647 5548  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:54:20.0647 5548  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23920000
17:54:20.0647 5548  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23984000, BlocksNum 0x1A76800
17:54:20.0647 5548  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
17:54:20.0647 5548  \Device\Harddisk1\DR1:
17:54:20.0647 5548  MBR partitions:
17:54:20.0647 5548  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xFD, BlocksNum 0x3C0B03
17:54:20.0647 5548  ============================================================
17:54:20.0680 5548  C: <-> \Device\Harddisk0\DR0\Partition2
17:54:20.0727 5548  D: <-> \Device\Harddisk0\DR0\Partition3
17:54:20.0727 5548  ============================================================
17:54:20.0727 5548  Initialize success
17:54:20.0727 5548  ============================================================
17:55:01.0008 5592  ============================================================
17:55:01.0008 5592  Scan started
17:55:01.0008 5592  Mode: Manual; SigCheck; TDLFS; 
17:55:01.0008 5592  ============================================================
17:55:01.0639 5592  ================ Scan system memory ========================
17:55:01.0639 5592  System memory - ok
17:55:01.0639 5592  ================ Scan services =============================
17:55:01.0807 5592  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:55:01.0970 5592  1394ohci - ok
17:55:02.0020 5592  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:55:02.0054 5592  ACPI - ok
17:55:02.0097 5592  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:55:02.0120 5592  AcpiPmi - ok
17:55:02.0202 5592  [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:55:02.0232 5592  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:55:02.0232 5592  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:55:02.0382 5592  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:55:02.0394 5592  AdobeARMservice - ok
17:55:02.0592 5592  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:55:02.0607 5592  AdobeFlashPlayerUpdateSvc - ok
17:55:02.0676 5592  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:55:02.0736 5592  adp94xx - ok
17:55:02.0788 5592  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:55:02.0848 5592  adpahci - ok
17:55:02.0871 5592  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:55:02.0895 5592  adpu320 - ok
17:55:02.0944 5592  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:55:03.0104 5592  AeLookupSvc - ok
17:55:03.0191 5592  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
17:55:03.0329 5592  AESTFilters - ok
17:55:03.0394 5592  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:55:03.0479 5592  AFD - ok
17:55:03.0539 5592  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
17:55:03.0719 5592  AgereSoftModem - ok
17:55:03.0784 5592  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:55:03.0814 5592  agp440 - ok
17:55:03.0851 5592  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:55:03.0961 5592  ALG - ok
17:55:04.0006 5592  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:55:04.0023 5592  aliide - ok
17:55:04.0085 5592  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:55:04.0148 5592  AMD External Events Utility - ok
17:55:04.0187 5592  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:55:04.0207 5592  amdide - ok
17:55:04.0234 5592  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:55:04.0306 5592  AmdK8 - ok
17:55:04.0339 5592  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:55:04.0398 5592  AmdPPM - ok
17:55:04.0473 5592  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:55:04.0498 5592  amdsata - ok
17:55:04.0533 5592  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:55:04.0568 5592  amdsbs - ok
17:55:04.0588 5592  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:55:04.0609 5592  amdxata - ok
17:55:04.0715 5592  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:55:04.0735 5592  AntiVirSchedulerService - ok
17:55:04.0805 5592  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:55:04.0820 5592  AntiVirService - ok
17:55:04.0965 5592  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
17:55:05.0006 5592  AppHostSvc - ok
17:55:05.0056 5592  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:55:05.0288 5592  AppID - ok
17:55:05.0316 5592  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:55:05.0389 5592  AppIDSvc - ok
17:55:05.0450 5592  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:55:05.0540 5592  Appinfo - ok
17:55:05.0622 5592  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:55:05.0635 5592  Apple Mobile Device - ok
17:55:05.0687 5592  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:55:05.0710 5592  arc - ok
17:55:05.0738 5592  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:55:05.0762 5592  arcsas - ok
17:55:05.0804 5592  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:55:05.0871 5592  AsyncMac - ok
17:55:05.0916 5592  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:55:05.0928 5592  atapi - ok
17:55:06.0093 5592  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
17:55:06.0334 5592  athr - ok
17:55:06.0397 5592  [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:55:06.0445 5592  AtiHdmiService - ok
17:55:06.0603 5592  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:55:06.0920 5592  atikmdag - ok
17:55:06.0948 5592  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
17:55:06.0978 5592  AtiPcie - ok
17:55:07.0035 5592  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:55:07.0143 5592  AudioEndpointBuilder - ok
17:55:07.0158 5592  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:55:07.0218 5592  AudioSrv - ok
17:55:07.0329 5592  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:55:07.0356 5592  avgntflt - ok
17:55:07.0401 5592  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:55:07.0451 5592  avipbb - ok
17:55:07.0479 5592  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:55:07.0500 5592  avkmgr - ok
17:55:07.0579 5592  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:55:07.0702 5592  AxInstSV - ok
17:55:07.0755 5592  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:55:07.0810 5592  b06bdrv - ok
17:55:07.0843 5592  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:55:07.0939 5592  b57nd60a - ok
17:55:08.0014 5592  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:55:08.0124 5592  BDESVC - ok
17:55:08.0141 5592  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:55:08.0222 5592  Beep - ok
17:55:08.0314 5592  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:55:08.0420 5592  BFE - ok
17:55:08.0488 5592  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:55:08.0592 5592  BITS - ok
17:55:08.0647 5592  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:55:08.0680 5592  blbdrive - ok
17:55:08.0762 5592  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:55:08.0782 5592  Bonjour Service - ok
17:55:08.0834 5592  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:55:08.0941 5592  bowser - ok
17:55:08.0981 5592  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:55:09.0016 5592  BrFiltLo - ok
17:55:09.0036 5592  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:55:09.0086 5592  BrFiltUp - ok
17:55:09.0116 5592  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:55:09.0171 5592  Browser - ok
17:55:09.0208 5592  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:55:09.0273 5592  Brserid - ok
17:55:09.0357 5592  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:55:09.0452 5592  BrSerWdm - ok
17:55:09.0504 5592  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:55:09.0552 5592  BrUsbMdm - ok
17:55:09.0582 5592  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:55:09.0617 5592  BrUsbSer - ok
17:55:09.0659 5592  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:55:09.0694 5592  BTHMODEM - ok
17:55:09.0746 5592  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:55:09.0813 5592  bthserv - ok
17:55:09.0841 5592  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:55:09.0916 5592  cdfs - ok
17:55:09.0993 5592  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:55:10.0033 5592  cdrom - ok
17:55:10.0073 5592  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:55:10.0147 5592  CertPropSvc - ok
17:55:10.0210 5592  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:55:10.0285 5592  circlass - ok
17:55:10.0345 5592  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:55:10.0370 5592  CLFS - ok
17:55:10.0457 5592  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:10.0477 5592  clr_optimization_v2.0.50727_32 - ok
17:55:10.0523 5592  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:55:10.0546 5592  clr_optimization_v2.0.50727_64 - ok
17:55:10.0714 5592  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:55:10.0729 5592  clr_optimization_v4.0.30319_32 - ok
17:55:10.0801 5592  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:55:10.0824 5592  clr_optimization_v4.0.30319_64 - ok
17:55:10.0866 5592  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:55:10.0886 5592  CmBatt - ok
17:55:10.0913 5592  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:55:10.0935 5592  cmdide - ok
17:55:10.0984 5592  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:55:11.0074 5592  CNG - ok
17:55:11.0169 5592  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:55:11.0186 5592  Com4QLBEx - ok
17:55:11.0256 5592  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:55:11.0276 5592  Compbatt - ok
17:55:11.0338 5592  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:55:11.0375 5592  CompositeBus - ok
17:55:11.0388 5592  COMSysApp - ok
17:55:11.0408 5592  CpqDfw - ok
17:55:11.0445 5592  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:55:11.0476 5592  crcdisk - ok
17:55:11.0537 5592  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:55:11.0635 5592  CryptSvc - ok
17:55:11.0735 5592  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
17:55:11.0752 5592  CVirtA - ok
17:55:11.0797 5592  [ DB0459AFD124CE5CCB649E33F95D715F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
17:55:11.0839 5592  dc3d - ok
17:55:11.0897 5592  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:55:11.0984 5592  DcomLaunch - ok
17:55:12.0022 5592  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:55:12.0116 5592  defragsvc - ok
17:55:12.0196 5592  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:55:12.0308 5592  DfsC - ok
17:55:12.0385 5592  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:55:12.0477 5592  Dhcp - ok
17:55:12.0537 5592  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:55:12.0617 5592  discache - ok
17:55:12.0667 5592  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:55:12.0710 5592  Disk - ok
17:55:12.0786 5592  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
17:55:12.0809 5592  DNE - ok
17:55:12.0874 5592  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:55:12.0969 5592  Dnscache - ok
17:55:13.0039 5592  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:55:13.0152 5592  dot3svc - ok
17:55:13.0189 5592  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:55:13.0314 5592  DPS - ok
17:55:13.0356 5592  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:55:13.0405 5592  drmkaud - ok
17:55:13.0455 5592  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:55:13.0487 5592  dtsoftbus01 - ok
17:55:13.0552 5592  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:55:13.0605 5592  DXGKrnl - ok
17:55:13.0647 5592  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:55:13.0726 5592  EapHost - ok
17:55:13.0856 5592  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:55:14.0038 5592  ebdrv - ok
17:55:14.0083 5592  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:55:14.0121 5592  EFS - ok
17:55:14.0216 5592  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:55:14.0313 5592  ehRecvr - ok
17:55:14.0340 5592  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:55:14.0398 5592  ehSched - ok
17:55:14.0457 5592  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:55:14.0527 5592  elxstor - ok
17:55:14.0567 5592  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:55:14.0609 5592  ErrDev - ok
17:55:14.0674 5592  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:55:14.0805 5592  EventSystem - ok
17:55:14.0878 5592  ewusbnet - ok
17:55:14.0910 5592  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:55:14.0980 5592  exfat - ok
17:55:15.0032 5592  ezSharedSvc - ok
17:55:15.0052 5592  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:55:15.0181 5592  fastfat - ok
17:55:15.0247 5592  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:55:15.0374 5592  Fax - ok
17:55:15.0404 5592  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:55:15.0459 5592  fdc - ok
17:55:15.0519 5592  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:55:15.0571 5592  fdPHost - ok
17:55:15.0594 5592  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:55:15.0706 5592  FDResPub - ok
17:55:15.0768 5592  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:55:15.0790 5592  FileInfo - ok
17:55:15.0827 5592  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:55:15.0927 5592  Filetrace - ok
17:55:15.0974 5592  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:55:16.0015 5592  flpydisk - ok
17:55:16.0094 5592  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:55:16.0184 5592  FltMgr - ok
17:55:16.0257 5592  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:55:16.0366 5592  FontCache - ok
17:55:16.0436 5592  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:55:16.0500 5592  FontCache3.0.0.0 - ok
17:55:16.0541 5592  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:55:16.0581 5592  FsDepends - ok
17:55:16.0641 5592  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:55:16.0658 5592  Fs_Rec - ok
17:55:16.0720 5592  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:55:16.0762 5592  fvevol - ok
17:55:16.0832 5592  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:55:16.0856 5592  gagp30kx - ok
17:55:16.0913 5592  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:55:16.0928 5592  GEARAspiWDM - ok
17:55:16.0988 5592  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:55:17.0274 5592  gpsvc - ok
17:55:17.0420 5592  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:17.0433 5592  gupdate - ok
17:55:17.0438 5592  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:17.0449 5592  gupdatem - ok
17:55:17.0469 5592  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:55:17.0818 5592  hcw85cir - ok
17:55:17.0894 5592  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:55:18.0556 5592  HdAudAddService - ok
17:55:18.0623 5592  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:55:18.0726 5592  HDAudBus - ok
17:55:18.0932 5592  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:55:19.0258 5592  HidBatt - ok
17:55:19.0300 5592  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:55:19.0773 5592  HidBth - ok
17:55:19.0837 5592  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:55:19.0890 5592  HidIr - ok
17:55:19.0935 5592  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:55:20.0065 5592  hidserv - ok
17:55:20.0157 5592  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:55:20.0179 5592  HidUsb - ok
17:55:20.0234 5592  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:55:20.0301 5592  hkmsvc - ok
17:55:20.0353 5592  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:55:20.0423 5592  HomeGroupListener - ok
17:55:20.0473 5592  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:55:20.0521 5592  HomeGroupProvider - ok
17:55:20.0628 5592  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:55:20.0666 5592  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
17:55:20.0666 5592  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
17:55:20.0713 5592  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:55:20.0778 5592  HpqKbFiltr - ok
17:55:20.0906 5592  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:55:20.0971 5592  hpqwmiex - ok
17:55:21.0023 5592  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:55:21.0051 5592  HpSAMD - ok
17:55:21.0088 5592  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:55:21.0164 5592  HTCAND64 - ok
17:55:21.0237 5592  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:55:21.0410 5592  HTTP - ok
17:55:21.0636 5592  hwdatacard - ok
17:55:21.0674 5592  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:55:21.0686 5592  hwpolicy - ok
17:55:21.0721 5592  hwusbdev - ok
17:55:21.0805 5592  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:55:21.0845 5592  i8042prt - ok
17:55:21.0864 5592  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:55:21.0906 5592  iaStorV - ok
17:55:22.0040 5592  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:55:22.0058 5592  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:55:22.0058 5592  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:55:22.0429 5592  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:55:22.0530 5592  idsvc - ok
17:55:22.0751 5592  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:55:23.0271 5592  igfx - ok
17:55:23.0306 5592  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:55:23.0337 5592  iirsp - ok
17:55:23.0417 5592  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:55:23.0535 5592  IKEEXT - ok
17:55:23.0593 5592  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:55:23.0614 5592  intelide - ok
17:55:23.0649 5592  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:55:23.0755 5592  intelppm - ok
17:55:23.0789 5592  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:55:23.0844 5592  IPBusEnum - ok
17:55:23.0881 5592  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:23.0944 5592  IpFilterDriver - ok
17:55:23.0993 5592  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:55:24.0035 5592  iphlpsvc - ok
17:55:24.0078 5592  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:55:24.0133 5592  IPMIDRV - ok
17:55:24.0173 5592  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:55:24.0278 5592  IPNAT - ok
17:55:24.0414 5592  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:55:24.0478 5592  iPod Service - ok
17:55:24.0504 5592  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:55:24.0556 5592  IRENUM - ok
17:55:24.0615 5592  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:55:24.0635 5592  isapnp - ok
17:55:24.0675 5592  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:55:24.0720 5592  iScsiPrt - ok
17:55:24.0752 5592  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:55:24.0772 5592  kbdclass - ok
17:55:24.0819 5592  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:55:24.0852 5592  kbdhid - ok
17:55:24.0867 5592  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:55:24.0882 5592  KeyIso - ok
17:55:24.0934 5592  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:55:24.0956 5592  KSecDD - ok
17:55:24.0971 5592  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:55:25.0004 5592  KSecPkg - ok
17:55:25.0051 5592  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:55:25.0100 5592  ksthunk - ok
17:55:25.0125 5592  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:55:25.0210 5592  KtmRm - ok
17:55:25.0288 5592  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:55:25.0345 5592  LanmanServer - ok
17:55:25.0395 5592  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:55:25.0440 5592  LanmanWorkstation - ok
17:55:25.0507 5592  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:55:25.0522 5592  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:55:25.0522 5592  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:55:25.0554 5592  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:55:25.0665 5592  lltdio - ok
17:55:25.0716 5592  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:55:25.0804 5592  lltdsvc - ok
17:55:25.0816 5592  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:55:25.0880 5592  lmhosts - ok
17:55:25.0918 5592  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:55:25.0943 5592  LSI_FC - ok
17:55:25.0973 5592  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:55:25.0998 5592  LSI_SAS - ok
17:55:26.0025 5592  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:55:26.0045 5592  LSI_SAS2 - ok
17:55:26.0065 5592  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:55:26.0087 5592  LSI_SCSI - ok
17:55:26.0115 5592  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:55:26.0172 5592  luafv - ok
17:55:26.0219 5592  [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
17:55:26.0234 5592  ManyCam - ok
17:55:26.0272 5592  massfilter - ok
17:55:26.0318 5592  [ 2E7FFDEF8BAFD04CBB517507B821E878 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
17:55:26.0330 5592  mcaudrv_simple - ok
17:55:26.0410 5592  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:55:26.0470 5592  Mcx2Svc - ok
17:55:26.0493 5592  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:55:26.0520 5592  megasas - ok
17:55:26.0560 5592  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:55:26.0607 5592  MegaSR - ok
17:55:26.0737 5592  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:55:26.0757 5592  Microsoft Office Groove Audit Service - ok
17:55:26.0795 5592  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:55:26.0846 5592  MMCSS - ok
17:55:26.0881 5592  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:55:26.0946 5592  Modem - ok
17:55:27.0013 5592  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:55:27.0033 5592  monitor - ok
17:55:27.0088 5592  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:55:27.0108 5592  mouclass - ok
17:55:27.0147 5592  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:55:27.0187 5592  mouhid - ok
17:55:27.0230 5592  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:55:27.0245 5592  mountmgr - ok
17:55:27.0380 5592  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:55:27.0435 5592  MozillaMaintenance - ok
17:55:27.0484 5592  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:55:27.0553 5592  mpio - ok
17:55:27.0614 5592  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:55:27.0676 5592  mpsdrv - ok
17:55:27.0738 5592  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:55:27.0809 5592  MpsSvc - ok
17:55:27.0855 5592  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:55:27.0910 5592  MRxDAV - ok
17:55:27.0971 5592  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:28.0092 5592  mrxsmb - ok
17:55:28.0192 5592  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:28.0293 5592  mrxsmb10 - ok
17:55:28.0314 5592  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:28.0351 5592  mrxsmb20 - ok
17:55:28.0389 5592  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:55:28.0441 5592  msahci - ok
17:55:28.0481 5592  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:55:28.0515 5592  msdsm - ok
17:55:28.0542 5592  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:55:28.0586 5592  MSDTC - ok
17:55:28.0681 5592  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:55:28.0761 5592  Msfs - ok
17:55:28.0798 5592  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:55:28.0862 5592  mshidkmdf - ok
17:55:28.0895 5592  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:55:28.0912 5592  msisadrv - ok
17:55:28.0941 5592  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:55:29.0030 5592  MSiSCSI - ok
17:55:29.0040 5592  msiserver - ok
17:55:29.0086 5592  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:55:29.0165 5592  MSKSSRV - ok
17:55:29.0208 5592  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:29.0281 5592  MSPCLOCK - ok
17:55:29.0300 5592  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:55:29.0393 5592  MSPQM - ok
17:55:29.0455 5592  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:55:29.0492 5592  MsRPC - ok
17:55:29.0554 5592  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:55:29.0569 5592  mssmbios - ok
17:55:29.0602 5592  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:55:29.0674 5592  MSTEE - ok
17:55:29.0716 5592  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:55:29.0769 5592  MTConfig - ok
17:55:29.0819 5592  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:55:29.0846 5592  Mup - ok
17:55:29.0901 5592  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:55:29.0968 5592  napagent - ok
17:55:30.0008 5592  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:55:30.0075 5592  NativeWifiP - ok
17:55:30.0175 5592  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:55:30.0233 5592  NDIS - ok
17:55:30.0260 5592  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:55:30.0331 5592  NdisCap - ok
17:55:30.0362 5592  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:30.0415 5592  NdisTapi - ok
17:55:30.0568 5592  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:30.0770 5592  Ndisuio - ok
17:55:30.0824 5592  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:30.0964 5592  NdisWan - ok
17:55:31.0017 5592  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:55:31.0123 5592  NDProxy - ok
17:55:31.0217 5592  [ D660376BD52DF3D33390ACAE9FA1A54C ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
17:55:31.0245 5592  NeroMediaHomeService.4 - ok
17:55:31.0349 5592  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:55:31.0413 5592  NetBIOS - ok
17:55:31.0461 5592  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:55:31.0552 5592  NetBT - ok
17:55:31.0611 5592  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:55:31.0762 5592  Netlogon - ok
17:55:31.0881 5592  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:55:31.0975 5592  Netman - ok
17:55:32.0022 5592  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:55:32.0163 5592  netprofm - ok
17:55:32.0201 5592  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:32.0287 5592  NetTcpPortSharing - ok
17:55:32.0479 5592  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
17:55:32.0734 5592  netw5v64 - ok
17:55:32.0764 5592  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:55:32.0784 5592  nfrd960 - ok
17:55:32.0814 5592  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:55:32.0899 5592  NlaSvc - ok
17:55:32.0931 5592  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:55:32.0981 5592  Npfs - ok
17:55:33.0001 5592  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:55:33.0052 5592  nsi - ok
17:55:33.0074 5592  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:55:33.0129 5592  nsiproxy - ok
17:55:33.0208 5592  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:55:33.0353 5592  Ntfs - ok
17:55:33.0412 5592  [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
17:55:33.0427 5592  NuidFltr - ok
17:55:33.0460 5592  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:55:33.0523 5592  Null - ok
17:55:33.0561 5592  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:55:33.0584 5592  nvraid - ok
17:55:33.0604 5592  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:55:33.0628 5592  nvstor - ok
17:55:33.0668 5592  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:55:33.0696 5592  nv_agp - ok
17:55:33.0753 5592  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:55:33.0815 5592  odserv - ok
17:55:33.0855 5592  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:55:33.0890 5592  ohci1394 - ok
17:55:33.0930 5592  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:34.0025 5592  ose - ok
17:55:34.0112 5592  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:55:34.0257 5592  p2pimsvc - ok
17:55:34.0333 5592  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:55:34.0366 5592  p2psvc - ok
17:55:34.0386 5592  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:55:34.0446 5592  Parport - ok
17:55:34.0491 5592  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:55:34.0514 5592  partmgr - ok
17:55:34.0531 5592  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:55:34.0581 5592  PcaSvc - ok
17:55:34.0616 5592  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:55:34.0636 5592  pci - ok
17:55:34.0736 5592  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:55:34.0756 5592  pciide - ok
17:55:34.0828 5592  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:55:34.0856 5592  pcmcia - ok
17:55:34.0887 5592  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:55:34.0908 5592  pcw - ok
17:55:34.0938 5592  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:55:35.0040 5592  PEAUTH - ok
17:55:35.0140 5592  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:55:35.0195 5592  PerfHost - ok
17:55:35.0287 5592  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:55:35.0576 5592  pla - ok
17:55:35.0628 5592  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:55:35.0665 5592  PlugPlay - ok
17:55:35.0700 5592  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:55:35.0760 5592  PNRPAutoReg - ok
17:55:35.0820 5592  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:55:35.0843 5592  PNRPsvc - ok
17:55:35.0910 5592  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:55:36.0157 5592  PolicyAgent - ok
17:55:36.0197 5592  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:55:36.0267 5592  Power - ok
17:55:36.0321 5592  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:55:36.0396 5592  PptpMiniport - ok
17:55:36.0443 5592  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:55:36.0471 5592  Processor - ok
17:55:36.0528 5592  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:55:36.0560 5592  ProfSvc - ok
17:55:36.0575 5592  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:55:36.0588 5592  ProtectedStorage - ok
17:55:36.0640 5592  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:55:36.0708 5592  Psched - ok
17:55:36.0785 5592  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:55:36.0888 5592  ql2300 - ok
17:55:36.0934 5592  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:55:36.0959 5592  ql40xx - ok
17:55:36.0989 5592  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:55:37.0037 5592  QWAVE - ok
17:55:37.0064 5592  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:55:37.0119 5592  QWAVEdrv - ok
17:55:37.0201 5592  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
17:55:37.0226 5592  RapiMgr - ok
17:55:37.0255 5592  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:55:37.0488 5592  RasAcd - ok
17:55:37.0538 5592  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:55:37.0605 5592  RasAgileVpn - ok
17:55:37.0640 5592  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:55:37.0694 5592  RasAuto - ok
17:55:37.0732 5592  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:37.0880 5592  Rasl2tp - ok
17:55:37.0957 5592  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:55:38.0012 5592  RasMan - ok
17:55:38.0051 5592  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:38.0114 5592  RasPppoe - ok
17:55:38.0135 5592  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:55:38.0187 5592  RasSstp - ok
17:55:38.0228 5592  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:55:38.0329 5592  rdbss - ok
17:55:38.0358 5592  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:55:38.0405 5592  rdpbus - ok
17:55:38.0423 5592  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:55:38.0495 5592  RDPCDD - ok
17:55:38.0522 5592  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:55:38.0590 5592  RDPENCDD - ok
17:55:38.0601 5592  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:55:38.0662 5592  RDPREFMP - ok
17:55:38.0701 5592  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:55:38.0766 5592  RDPWD - ok
17:55:38.0826 5592  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:55:38.0854 5592  rdyboost - ok
17:55:38.0889 5592  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:55:38.0974 5592  RemoteAccess - ok
17:55:39.0013 5592  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:55:39.0114 5592  RemoteRegistry - ok
17:55:39.0200 5592  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:55:39.0220 5592  RichVideo - ok
17:55:39.0255 5592  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:55:39.0345 5592  RpcEptMapper - ok
17:55:39.0396 5592  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:55:39.0421 5592  RpcLocator - ok
17:55:39.0473 5592  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:55:39.0542 5592  RpcSs - ok
17:55:39.0613 5592  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:55:39.0690 5592  rspndr - ok
17:55:39.0740 5592  [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:55:39.0770 5592  RSUSBSTOR - ok
17:55:39.0807 5592  [ 9CD929A2F91A4D5399537D021AE43947 ] rsvcdwdr        C:\Windows\system32\DRIVERS\rsvcdwdr.sys
17:55:39.0835 5592  rsvcdwdr - ok
17:55:39.0872 5592  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:55:39.0932 5592  RTL8167 - ok
17:55:39.0954 5592  RtsUIR - ok
17:55:39.0977 5592  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:55:39.0997 5592  SamSs - ok
17:55:40.0041 5592  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:55:40.0064 5592  sbp2port - ok
17:55:40.0101 5592  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:55:40.0162 5592  SCardSvr - ok
17:55:40.0208 5592  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:55:40.0264 5592  scfilter - ok
17:55:40.0323 5592  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:55:40.0406 5592  Schedule - ok
17:55:40.0447 5592  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:55:40.0495 5592  SCPolicySvc - ok
17:55:40.0532 5592  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
17:55:40.0564 5592  sdbus - ok
17:55:40.0599 5592  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:55:40.0684 5592  SDRSVC - ok
17:55:40.0711 5592  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:55:40.0813 5592  secdrv - ok
17:55:40.0855 5592  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:55:40.0925 5592  seclogon - ok
17:55:40.0965 5592  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:55:41.0038 5592  SENS - ok
17:55:41.0079 5592  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:55:41.0142 5592  SensrSvc - ok
17:55:41.0202 5592  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:55:41.0249 5592  Serenum - ok
17:55:41.0292 5592  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:55:41.0317 5592  Serial - ok
17:55:41.0361 5592  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:55:41.0379 5592  sermouse - ok
17:55:41.0434 5592  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:55:41.0487 5592  SessionEnv - ok
17:55:41.0533 5592  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:55:41.0583 5592  sffdisk - ok
17:55:41.0631 5592  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:55:41.0676 5592  sffp_mmc - ok
17:55:41.0716 5592  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:55:41.0743 5592  sffp_sd - ok
17:55:41.0755 5592  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:55:41.0788 5592  sfloppy - ok
17:55:41.0830 5592  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:55:41.0920 5592  SharedAccess - ok
17:55:41.0985 5592  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:55:42.0194 5592  ShellHWDetection - ok
17:55:42.0260 5592  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:55:42.0333 5592  SiSRaid2 - ok
17:55:42.0404 5592  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:55:42.0430 5592  SiSRaid4 - ok
17:55:42.0466 5592  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:55:42.0646 5592  Smb - ok
17:55:42.0718 5592  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:55:42.0857 5592  SNMPTRAP - ok
17:55:42.0865 5592  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:55:42.0899 5592  spldr - ok
17:55:42.0947 5592  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:55:43.0042 5592  Spooler - ok
17:55:43.0275 5592  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:55:43.0454 5592  sppsvc - ok
17:55:43.0506 5592  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:55:43.0557 5592  sppuinotify - ok
17:55:43.0613 5592  [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd            C:\Windows\System32\Drivers\sptd.sys
17:55:43.0795 5592  sptd - ok
17:55:43.0843 5592  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:55:43.0915 5592  srv - ok
17:55:43.0965 5592  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:55:44.0035 5592  srv2 - ok
17:55:44.0093 5592  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:55:44.0160 5592  SrvHsfHDA - ok
17:55:44.0218 5592  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:55:44.0320 5592  SrvHsfV92 - ok
17:55:44.0384 5592  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:55:44.0447 5592  SrvHsfWinac - ok
17:55:44.0469 5592  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:55:44.0542 5592  srvnet - ok
17:55:44.0579 5592  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:55:44.0637 5592  SSDPSRV - ok
17:55:44.0671 5592  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:55:44.0721 5592  SstpSvc - ok
17:55:44.0936 5592  [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
17:55:44.0971 5592  STacSV - ok
17:55:45.0006 5592  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:55:45.0028 5592  stexstor - ok
17:55:45.0076 5592  [ ED1722F43CE61409EF68340402D6267D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:55:45.0128 5592  STHDA - ok
17:55:45.0188 5592  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:55:45.0251 5592  stisvc - ok
17:55:45.0345 5592  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:55:45.0365 5592  swenum - ok
17:55:45.0405 5592  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:55:45.0488 5592  swprv - ok
17:55:45.0529 5592  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:55:45.0564 5592  SynTP - ok
17:55:45.0649 5592  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:55:45.0754 5592  SysMain - ok
17:55:45.0818 5592  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:55:45.0848 5592  TabletInputService - ok
17:55:45.0898 5592  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:55:45.0980 5592  TapiSrv - ok
17:55:46.0037 5592  [ 048CFE7569D6ADCAB9349BB1A566A79E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
17:55:46.0052 5592  tbhsd - ok
17:55:46.0094 5592  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:55:46.0173 5592  TBS - ok
17:55:46.0249 5592  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:55:46.0403 5592  Tcpip - ok
17:55:46.0456 5592  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:55:46.0517 5592  TCPIP6 - ok
17:55:46.0560 5592  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:55:46.0618 5592  tcpipreg - ok
17:55:46.0670 5592  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:55:46.0708 5592  TDPIPE - ok
17:55:46.0728 5592  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:55:46.0745 5592  TDTCP - ok
17:55:46.0797 5592  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:55:46.0862 5592  tdx - ok
17:55:46.0909 5592  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:55:46.0932 5592  TermDD - ok
17:55:46.0994 5592  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:55:47.0078 5592  TermService - ok
17:55:47.0131 5592  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
17:55:47.0148 5592  TFsExDisk - ok
17:55:47.0173 5592  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:55:47.0213 5592  Themes - ok
17:55:47.0253 5592  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:55:47.0297 5592  THREADORDER - ok
17:55:47.0316 5592  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:55:47.0390 5592  TrkWks - ok
17:55:47.0459 5592  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:55:47.0522 5592  TrustedInstaller - ok
17:55:47.0561 5592  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:55:47.0642 5592  tssecsrv - ok
17:55:47.0726 5592  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:55:47.0763 5592  TsUsbFlt - ok
17:55:47.0833 5592  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:55:47.0917 5592  tunnel - ok
17:55:47.0963 5592  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:55:47.0983 5592  uagp35 - ok
17:55:48.0035 5592  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:55:48.0139 5592  udfs - ok
17:55:48.0177 5592  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:55:48.0224 5592  UI0Detect - ok
17:55:48.0267 5592  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:55:48.0289 5592  uliagpkx - ok
17:55:48.0339 5592  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:55:48.0367 5592  umbus - ok
17:55:48.0409 5592  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:55:48.0462 5592  UmPass - ok
17:55:48.0501 5592  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:55:48.0576 5592  upnphost - ok
17:55:48.0623 5592  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:55:48.0661 5592  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
17:55:48.0661 5592  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
17:55:48.0736 5592  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:55:48.0768 5592  usbaudio - ok
17:55:48.0816 5592  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:55:48.0853 5592  usbccgp - ok
17:55:48.0863 5592  USBCCID - ok
17:55:48.0905 5592  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:55:48.0958 5592  usbcir - ok
17:55:49.0003 5592  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:55:49.0038 5592  usbehci - ok
17:55:49.0083 5592  [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
17:55:49.0100 5592  usbfilter - ok
17:55:49.0160 5592  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:55:49.0198 5592  usbhub - ok
17:55:49.0223 5592  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:55:49.0303 5592  usbohci - ok
17:55:49.0340 5592  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:55:49.0378 5592  usbprint - ok
17:55:49.0420 5592  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:55:49.0455 5592  usbscan - ok
17:55:49.0523 5592  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:55:49.0605 5592  USBSTOR - ok
17:55:49.0645 5592  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:55:49.0678 5592  usbuhci - ok
17:55:49.0735 5592  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:55:49.0758 5592  usbvideo - ok
17:55:49.0808 5592  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
17:55:49.0885 5592  usb_rndisx - ok
17:55:49.0919 5592  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:55:49.0993 5592  UxSms - ok
17:55:50.0029 5592  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:55:50.0047 5592  VaultSvc - ok
17:55:50.0107 5592  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:55:50.0127 5592  vdrvroot - ok
17:55:50.0181 5592  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:55:50.0286 5592  vds - ok
17:55:50.0321 5592  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:55:50.0408 5592  vga - ok
17:55:50.0441 5592  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:55:50.0531 5592  VgaSave - ok
17:55:50.0582 5592  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:55:50.0609 5592  vhdmp - ok
17:55:50.0655 5592  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:55:50.0674 5592  viaide - ok
17:55:50.0714 5592  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:55:50.0736 5592  volmgr - ok
17:55:50.0821 5592  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:55:50.0843 5592  volmgrx - ok
17:55:50.0862 5592  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:55:50.0920 5592  volsnap - ok
17:55:51.0052 5592  [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:55:51.0077 5592  vpnagent - ok
17:55:51.0132 5592  [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
17:55:51.0149 5592  vpnva - ok
17:55:51.0177 5592  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:55:51.0204 5592  vsmraid - ok
17:55:51.0293 5592  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:55:51.0538 5592  VSS - ok
17:55:51.0561 5592  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:55:51.0585 5592  vwifibus - ok
17:55:51.0600 5592  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:55:51.0650 5592  vwififlt - ok
17:55:51.0697 5592  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:55:51.0754 5592  vwifimp - ok
17:55:51.0799 5592  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:55:51.0846 5592  W32Time - ok
17:55:51.0946 5592  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
17:55:51.0986 5592  W3SVC - ok
17:55:52.0011 5592  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:55:52.0028 5592  WacomPen - ok
17:55:52.0096 5592  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:55:52.0199 5592  WANARP - ok
17:55:52.0212 5592  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:55:52.0253 5592  Wanarpv6 - ok
17:55:52.0320 5592  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
17:55:52.0350 5592  WAS - ok
17:55:52.0420 5592  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:55:52.0527 5592  WatAdminSvc - ok
17:55:52.0609 5592  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:55:52.0749 5592  wbengine - ok
17:55:52.0786 5592  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:55:52.0861 5592  WbioSrvc - ok
17:55:52.0948 5592  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
17:55:52.0981 5592  WcesComm - ok
17:55:53.0038 5592  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:55:53.0098 5592  wcncsvc - ok
17:55:53.0116 5592  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:55:53.0192 5592  WcsPlugInService - ok
17:55:53.0224 5592  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:55:53.0249 5592  Wd - ok
17:55:53.0291 5592  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:55:53.0372 5592  Wdf01000 - ok
17:55:53.0423 5592  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:55:53.0558 5592  WdiServiceHost - ok
17:55:53.0563 5592  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:55:53.0588 5592  WdiSystemHost - ok
17:55:53.0638 5592  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:55:53.0701 5592  WebClient - ok
17:55:53.0743 5592  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:55:53.0809 5592  Wecsvc - ok
17:55:53.0827 5592  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:55:53.0874 5592  wercplsupport - ok
17:55:53.0902 5592  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:55:53.0958 5592  WerSvc - ok
17:55:53.0989 5592  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:55:54.0044 5592  WfpLwf - ok
17:55:54.0068 5592  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:55:54.0096 5592  WIMMount - ok
17:55:54.0121 5592  WinDefend - ok
17:55:54.0127 5592  WinHttpAutoProxySvc - ok
17:55:54.0188 5592  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:55:54.0263 5592  Winmgmt - ok
17:55:54.0360 5592  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:55:54.0538 5592  WinRM - ok
17:55:54.0625 5592  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:55:54.0653 5592  WinUsb - ok
17:55:54.0700 5592  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:55:54.0761 5592  Wlansvc - ok
17:55:54.0931 5592  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:55:55.0029 5592  wlidsvc - ok
17:55:55.0096 5592  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:55:55.0123 5592  WmiAcpi - ok
17:55:55.0151 5592  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:55:55.0218 5592  wmiApSrv - ok
17:55:55.0265 5592  WMPNetworkSvc - ok
17:55:55.0298 5592  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:55:55.0325 5592  WPCSvc - ok
17:55:55.0363 5592  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:55:55.0400 5592  WPDBusEnum - ok
17:55:55.0430 5592  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:55:55.0479 5592  ws2ifsl - ok
17:55:55.0529 5592  [ ADD2FE1A9F4EE41A6D724819550D4E1F ] WsAudio_Device  C:\Windows\system32\drivers\VirtualAudio.sys
17:55:55.0552 5592  WsAudio_Device - ok
17:55:55.0564 5592  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:55:55.0614 5592  wscsvc - ok
17:55:55.0644 5592  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
17:55:55.0691 5592  WSDPrintDevice - ok
17:55:55.0731 5592  WSearch - ok
17:55:55.0829 5592  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:55:55.0925 5592  wuauserv - ok
17:55:55.0953 5592  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:55:55.0986 5592  WudfPf - ok
17:55:56.0028 5592  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:55:56.0068 5592  WUDFRd - ok
17:55:56.0093 5592  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:55:56.0126 5592  wudfsvc - ok
17:55:56.0155 5592  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:55:56.0205 5592  WwanSvc - ok
17:55:56.0275 5592  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
17:55:56.0352 5592  yukonw7 - ok
17:55:56.0385 5592  ZTEusbmdm6k - ok
17:55:56.0400 5592  ZTEusbnmea - ok
17:55:56.0420 5592  ZTEusbser6k - ok
17:55:56.0457 5592  ================ Scan global ===============================
17:55:56.0490 5592  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:55:56.0542 5592  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:55:56.0555 5592  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:55:56.0590 5592  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:55:56.0625 5592  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:55:56.0632 5592  [Global] - ok
17:55:56.0632 5592  ================ Scan MBR ==================================
17:55:56.0680 5592  [ 8A0CF4128DEBB0B666500200E61808C1 ] \Device\Harddisk0\DR0
17:55:57.0097 5592  \Device\Harddisk0\DR0 - ok
17:55:57.0107 5592  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
17:55:57.0512 5592  \Device\Harddisk1\DR1 - ok
17:55:57.0517 5592  ================ Scan VBR ==================================
17:55:57.0520 5592  [ B6D529BF572092C7E8B99FD48CB0919E ] \Device\Harddisk0\DR0\Partition1
17:55:57.0522 5592  \Device\Harddisk0\DR0\Partition1 - ok
17:55:57.0539 5592  [ A07558FA1284244B23469C00D929FE43 ] \Device\Harddisk0\DR0\Partition2
17:55:57.0541 5592  \Device\Harddisk0\DR0\Partition2 - ok
17:55:57.0575 5592  [ FA2A32ECB33679F98E134180AFB8052A ] \Device\Harddisk0\DR0\Partition3
17:55:57.0614 5592  \Device\Harddisk0\DR0\Partition3 - ok
17:55:57.0675 5592  [ A71036F3384C3CAC949621827FF33766 ] \Device\Harddisk0\DR0\Partition4
17:55:57.0687 5592  \Device\Harddisk0\DR0\Partition4 - ok
17:55:57.0709 5592  [ B2E4353DDFACD9225B260F9406EFA5AD ] \Device\Harddisk1\DR1\Partition1
17:55:57.0725 5592  \Device\Harddisk1\DR1\Partition1 - ok
17:55:57.0759 5592  ============================================================
17:55:57.0759 5592  Scan finished
17:55:57.0759 5592  ============================================================
17:55:57.0815 4252  Detected object count: 5
17:55:57.0815 4252  Actual detected object count: 5
17:56:11.0073 4252  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:56:11.0076 4252  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:56:11.0078 4252  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:56:11.0078 4252  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:56:11.0086 4252  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:56:11.0086 4252  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:56:11.0088 4252  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:56:11.0088 4252  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:56:11.0091 4252  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:56:11.0091 4252  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 04.02.2013, 20:03   #15
markusg
/// Malware-holic
 
TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Standard

TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


sehr gut
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 2 1 2

Themen zu TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms
100%, aktiv, antivir, anwendung, auslastung, autostart, avira, cpu, cpu auslastung, fehlermeldung, firefox, firefox startseite, folge, free, java, klicke, laptop, probleme, quarantäne, seite, startseite, taskmanager, tr/dropper.gen, trojaner, webcam


« http://www.searchnu.com/413 Trojaner | Adserverplus Virus, kann ich leider nicht löschen und bitte um Hilfe »


Ähnliche Themen: TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms


  1. Fehlermeldung beim booten. RunDLL Problem beim starten von ... Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2016 (23)
  2. Windows 7: Beim Öffnen von Programmen erscheint die Fehlermeldung "ungültiges Bild"
    Log-Analyse und Auswertung - 22.06.2015 (7)
  3. Windows 7: Fehlermeldung beim öffnen jedes Programms & Systemstart: "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DDL"
    Log-Analyse und Auswertung - 17.03.2015 (9)
  4. Fehlermeldung " ungültiges Bild" beim öffnen von jedem programm!
    Log-Analyse und Auswertung - 05.02.2015 (21)
  5. Fehlermeldung beim Neustart und beim Öffnen von Firefox - kein Internet-Zugriff
    Log-Analyse und Auswertung - 03.02.2015 (7)
  6. Öffnen nichtgewollter Internetseiten beim Öffnen neuen Tabs
    Plagegeister aller Art und deren Bekämpfung - 21.01.2015 (13)
  7. Win 7: beim Start kommt eine Fehlermeldung: Regsvr32 Fehler beim laden des Moduls
    Alles rund um Windows - 11.06.2014 (1)
  8. Fehlermeldung beim Starten und Verzögerung beim Ausschalten
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (7)
  9. Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung
    Log-Analyse und Auswertung - 27.01.2014 (3)
  10. XP - IE8 - Beim Öffnen des Browsers - Fehlermeldung
    Plagegeister aller Art und deren Bekämpfung - 15.11.2013 (10)
  11. Fehlermeldung beim booten. RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (21)
  12. RUNDLL-Fehlermeldung und PC stürzt beim Öffnen eines bestimmten Ordners immer ab
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (16)
  13. Nach dem Neustart einer Bereinigung mit ESETOnline Scan kommt die Fehlermeldung beim Start: Problem beim Starten von install_0_msi.exe
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (30)
  14. Fehlermeldung beim Systemstart: Problem beim Starten von C/User...appdata..exe
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (25)
  15. TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden!
    Plagegeister aller Art und deren Bekämpfung - 09.10.2011 (22)
  16. Fehlermeldung beim Starten von Windows Vista PC "Fehler beim Laden von C.\User\***\sshas21.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (13)
  17. Fehlermeldung beim Öffnen von worddokume in office xp und office 2003
    Alles rund um Windows - 24.08.2006 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms - Guten Abend, ich finde es unglaublich toll, dass Ihr hier hilflosen Usern selbstlos bei Problemen helft. Habe hier hin und wieder mal gelesen, brauche dieses mal jedoch Eure Hilfe: Ich - TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms...
Archiv
Du betrachtest: TR/Dropper.Gen und Fehlermeldung beim Öffnen d. Webcamprogramms auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132