Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.02.2013, 19:00   #1
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Hallo liebes TB-Team,
habe seit kurzer Zeit Probleme mit Google Chrome. Sobald ich einen weiteren tab öffne, hängen sich alle bisher geöffneten auf. Erst eine Aktualisierung haucht ihnen wieder Leben ein. Mein Internetschutz (A1) zeigte mir nichts Verdächtiges an.
Da ich PC-Laie bin, war ich ratlos. Bis dato hat das immer mein Ex-Schwager gemacht, nun muss ich das wohl selber hinbekommen. Bei der Suche nach einer Lösung für mein ´hängendes Chrome-Problem´ bin ich schließlich auf eure Seite gestoßen.
Ich hab auch gleich mal ein paar eurer Anleitungen durchgeführt und - BINGO - bin gleich fündig geworden.
Also zuerst hab ich mal updates all meiner Programme durchgeführt,
dann mit adwCleaner alle Werbungen,Toolbars ect. entfernt .
Schließlich hab ich mit MalwarebytesAnti-Malware gestern und heute mehrere Scans gemacht. Und hier kam heraus, dass ich einige PUPs an Bord habe.
Die Log-files hänge ich hier an:

QuickScan:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sigrid :: SIGRID-HP [Administrator]

Schutz: Aktiviert

05.02.2013 12:11:13
mbam-log-2013-02-05 (12-11-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238725
Laufzeit: 6 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Herzogs\Downloads\installer_lionheart_kings_crusade.exe (PUP.Adbundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Herzogs\Downloads\minecraft setup (1).exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Herzogs\Downloads\minecraft setup.exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Herzogs\Downloads\SoftonicDownloader_fuer_samsung-kies(1).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Herzogs\Downloads\SoftonicDownloader_fuer_samsung-kies.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Vollständiger Suchlauf:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sigrid :: SIGRID-HP [Administrator]

Schutz: Aktiviert

05.02.2013 13:00:59
mbam-log-2013-02-05 (13-00-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438094
Laufzeit: 1 Stunde(n), 21 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und eigenartig vom zweiten user heute noch (Quickscan)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Herzogs :: SIGRID-HP [limited]

Protection: Enabled

06.02.2013 15:58:49
mbam-log-2013-02-06 (15-58-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168765
Time elapsed: 13 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Den letzten Virus habe ich IRRTÜMLICH gelöscht und leider NICHT IN QUARANTÄNE gesteckt, die ersten 5 stecken in Quarantäne!!

Jetzt erhoffe ich mir Hilfe von euch. Mal schauen, ob ich es schaffe. Bitte Geduld haben mit mir....

Jetzt werde ich noch eure Anweisungen für Hilfesuchende befolgen und euch die logfiles hier posten.

defogger gedownloaded und durchgeführt:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:12 on 06/02/2013 (Sigrid)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL (hab aber nicht ´all users´ angehakt beim quickscan??)

OTL.txt
Code:
ATTFilter
OTL logfile created on: 06.02.2013 17:33:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sigrid\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 34,10% Memory free
7,87 Gb Paging File | 4,70 Gb Available in Paging File | 59,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442,57 Gb Total Space | 360,71 Gb Free Space | 81,50% Space Free | Partition Type: NTFS
Drive E: | 17,90 Gb Total Space | 2,72 Gb Free Space | 15,19% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,12 Gb Free Space | 42,60% Space Free | Partition Type: FAT32
 
Computer Name: SIGRID-HP | User Name: Sigrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.06 17:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Desktop\OTL (1).exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.06.20 12:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012.04.05 18:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
PRC - [2012.04.05 17:41:46 | 001,323,008 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2011.11.10 15:02:18 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2011.11.07 16:06:55 | 001,531,280 | ---- | M] (IKARUS Security Software GmbH) -- C:\Program Files (x86)\A1 Internetschutz\bin\guardxservice.exe
PRC - [2011.10.27 09:13:07 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011.05.23 10:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.03.16 11:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011.02.23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.01.28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011.01.26 18:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.17 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.01.17 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 04:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010.11.11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013.01.09 13:47:43 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.09 13:47:43 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.09 08:24:55 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 08:24:31 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.09 08:24:25 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 08:24:13 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 08:24:08 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 08:24:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 08:24:04 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 08:23:59 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.04.05 18:21:02 | 000,200,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
MOD - [2011.09.05 08:57:34 | 000,366,136 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.14 16:16:51 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2012.11.14 16:16:48 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2012.04.05 17:41:46 | 001,323,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2012.02.28 12:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012.02.15 03:14:30 | 002,602,576 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2011.11.10 15:02:24 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011.07.15 14:09:38 | 000,137,272 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011.03.28 07:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.29 14:31:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.25 17:13:19 | 000,462,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.13 16:25:39 | 005,663,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.06.20 12:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012.02.15 03:00:24 | 002,268,240 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011.11.07 16:06:55 | 001,531,280 | ---- | M] (IKARUS Security Software GmbH) [Auto | Running] -- C:\Program Files (x86)\A1 Internetschutz\bin\guardxservice.exe -- (GuardX)
SRV - [2011.09.05 08:57:24 | 000,476,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011.08.11 19:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011.05.23 10:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011.02.23 23:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.01.26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.01.17 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.01.17 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 04:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.01.07 04:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.11.11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.14 16:32:26 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.11.14 16:16:55 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.04.05 18:33:24 | 000,100,808 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012.04.05 18:32:56 | 000,158,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.28 12:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.02.28 12:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.03.28 08:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.28 07:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.07 15:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011.01.31 11:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.27 06:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.08 16:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.01.07 04:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.01.07 04:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.01.07 04:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.01.07 04:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.01.07 04:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.01.07 04:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.01.07 04:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.21 18:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.12.21 06:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd)
DRV:64bit: - [2010.12.21 06:55:02 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.12.21 06:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.12.03 01:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.12.02 09:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.30 17:32:38 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.11 08:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 21:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.11.07 16:03:24 | 000,036,816 | ---- | M] (IKARUS Security Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\A1 Internetschutz\bin\ntguard_x64.sys -- (NTGUARD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.05.10 23:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{CFC3649F-BDE7-4CBE-BCE3-D8D98D1ACD5A}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9432544508284016&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.arccosine.com/"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://internetschutz.aon.at/webschutz/webschutz.pac"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..browser.search.selectedEngine: "Arccosine"
FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sigrid\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sigrid\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.11.14 16:31:01 | 000,000,000 | ---D | M]
 
[2011.09.17 21:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigrid\AppData\Roaming\mozilla\Extensions
[2013.02.05 10:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigrid\AppData\Roaming\mozilla\Firefox\Profiles\nawjmtdv.default\extensions
[2012.01.07 16:47:04 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Sigrid\AppData\Roaming\mozilla\firefox\profiles\nawjmtdv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\SIGRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAWJMTDV.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.at/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.at/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IKARUS-GuardX] C:\Program Files (x86)\A1 Internetschutz\bin\guardxkickoff_x64.exe (IKARUS Security Software GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [HP Photosmart 5510 series (NET) #2] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA3EEED6-564C-4DE2-B334-BB7734ECD7E8}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD162DB0-0FFC-446F-B7C1-8113F88E6B73}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.06 17:12:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sigrid\Desktop\OTL (1).exe
[2013.02.05 22:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.05 22:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.05 22:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.05 22:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.02.05 22:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.05 22:38:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.05 12:10:07 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Roaming\Malwarebytes
[2013.02.05 12:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 12:10:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.02.05 12:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.05 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.05 09:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.05 09:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.05 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.02.05 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.02.05 09:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.05 08:45:22 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Local\Secunia PSI
[2013.02.05 08:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.05 00:12:19 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Roaming\QuickScan
[2013.01.29 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.28 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.01.28 21:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.01.09 20:16:47 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\Documents\A_RU
[2011.02.23 23:10:36 | 000,020,432 | ---- | C] (Intel Corporation) -- C:\Users\Sigrid\AppData\Roaming\JomCap.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 17:30:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.02.06 17:30:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.06 17:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Desktop\OTL (1).exe
[2013.02.06 17:12:22 | 000,000,000 | ---- | M] () -- C:\Users\Sigrid\defogger_reenable
[2013.02.06 17:03:00 | 000,001,128 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1002UA.job
[2013.02.06 17:02:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1001UA.job
[2013.02.06 16:14:49 | 000,001,076 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1002Core.job
[2013.02.06 16:00:28 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 16:00:28 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 15:59:58 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.06 15:59:58 | 000,698,764 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.06 15:59:58 | 000,652,706 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.06 15:59:58 | 000,148,788 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.06 15:59:58 | 000,121,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.06 15:52:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.06 15:52:05 | 4226,138,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.05 22:43:11 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.05 21:44:05 | 000,000,432 | ---- | M] () -- C:\windows\BRWMARK.INI
[2013.02.05 18:02:02 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1001Core.job
[2013.02.05 15:04:20 | 000,050,477 | ---- | M] () -- C:\Users\Sigrid\Desktop\Defogger.exe
[2013.02.05 12:10:02 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 09:43:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.05 09:08:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.05 08:45:09 | 000,001,066 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.03 10:44:06 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSigrid.job
[2013.02.01 17:14:10 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 4530s_Y5336AN_0U_QCNU1353DZQ_E636603-A42_4A_I167C_SHP_V22.1A_B68SRR F.09_T110513_W748-1_L407_M4031_J500_7Intel_86A7_92.30_#110503_N10EC8168;168C002B_(LH297EA#ABD)_XMOBILE_CN10_Z_2A0001D02.MRK
[2013.02.01 17:14:10 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 4530s_Y5336AN_0U_QCNU1353DZQ_E636603-A42_4A_I167C_SHP_V22.1A_B68SRR F.09_T110513_W748-1_L407_M4031_J500_7Intel_86A7_92.30_#110503_N10EC8168;168C002B_(LH297EA#ABD)_XMOBILE_CN10_Z_2A0001D02.MRK
[2013.01.31 20:06:14 | 000,002,331 | ---- | M] () -- C:\Users\Sigrid\Desktop\Google Chrome.lnk
[2013.01.29 17:08:04 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSIGRID-HP$.job
[2013.01.11 16:38:00 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForHerzogs.job
[2013.01.09 08:18:01 | 000,440,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.01.09 07:22:37 | 001,594,122 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.06 17:12:22 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\defogger_reenable
[2013.02.05 22:43:11 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.05 15:04:17 | 000,050,477 | ---- | C] () -- C:\Users\Sigrid\Desktop\Defogger.exe
[2013.02.05 12:10:02 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 09:43:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.05 09:08:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.05 08:45:09 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.05 08:45:09 | 000,001,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.29 13:38:02 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.03.09 14:35:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2012.02.24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2012.02.22 01:24:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011.11.10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011.11.10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011.11.10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011.11.04 06:50:24 | 000,000,419 | ---- | C] () -- C:\windows\ODBC.INI
[2011.11.04 06:50:24 | 000,000,210 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011.10.21 21:37:43 | 000,000,017 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\resmon.resmoncfg
[2011.10.12 14:47:54 | 000,012,288 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.27 19:20:59 | 000,554,496 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll
[2011.09.27 16:28:49 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.09.27 16:28:49 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011.09.05 08:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011.09.04 14:04:01 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfdbga.sys
[2011.09.04 13:52:36 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.09.04 13:49:48 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.09.04 13:48:47 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.09.04 13:48:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011.08.30 10:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011.08.30 10:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2011.08.30 10:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2011.08.24 14:55:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011.08.24 14:30:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011.05.30 20:58:34 | 000,185,168 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011.05.30 20:58:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011.05.03 19:44:05 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfccea.sys
[2011.05.03 19:19:46 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfccdc.sys
[2011.05.03 18:49:07 | 001,594,122 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.03.28 20:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.03.17 18:05:12 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.02.25 23:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011.02.21 09:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.13 20:59:37 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\.minecraft
[2012.01.16 11:01:01 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\A1 Servicecenter
[2013.02.05 09:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Amazon
[2011.09.15 19:55:26 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\DigitalPersona
[2012.06.03 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\DVDVideoSoft
[2012.10.21 20:44:56 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\FreeVideoConverter
[2011.09.17 21:59:56 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\IDT
[2012.05.24 22:02:17 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\ImgBurn
[2012.01.28 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\IrfanView
[2012.01.16 11:27:09 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\mquadr.at
[2011.10.09 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\OLYMPUS
[2011.09.17 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\OpenOffice.org
[2012.06.23 08:06:38 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Origin
[2013.02.05 00:12:47 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\QuickScan
[2011.10.18 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Samsung
[2011.09.15 21:24:04 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Synaptics
[2011.09.17 21:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Thunderbird
[2011.09.27 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Tobit
[2013.02.05 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\uTorrent
[2012.04.23 00:15:06 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Visan
 
========== Purity Check ==========
 
 

< End of report >
         
und OTL Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 06.02.2013 17:33:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sigrid\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 34,10% Memory free
7,87 Gb Paging File | 4,70 Gb Available in Paging File | 59,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442,57 Gb Total Space | 360,71 Gb Free Space | 81,50% Space Free | Partition Type: NTFS
Drive E: | 17,90 Gb Total Space | 2,72 Gb Free Space | 15,19% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,12 Gb Free Space | 42,60% Space Free | Partition Type: FAT32
 
Computer Name: SIGRID-HP | User Name: Sigrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19850CB9-D072-468F-9F19-7A51CAC6CA8A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3E162A04-A4CB-4DD9-B1FA-21CB20557A6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{92D21149-C10A-48CF-A1AA-4271503E5AFB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A4522E36-05CF-4099-B431-21A021329DDD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBF3722-E668-452C-9C25-D43FB1ADACE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{13C5E228-2EE3-4F21-BEAE-B06A0CE11F12}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{20EA26EF-1884-46B7-9481-39CF6B7A9A97}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 webassistent\a1breitband.exe | 
"{297B61F5-3E51-40D9-99B2-CDAA649F9FF1}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{378F5AE0-29BE-4FB1-A025-622573ED7744}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3F0AC9E2-C588-4500-9294-EEE86A35ADF3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{48ED2D7E-DD5A-4D88-A03B-A11A4CE877B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5171C3C2-172A-4F2F-A788-06A321D31B56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{57E8F132-15BD-431A-9BAA-1146B838C928}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{59CD49BA-0989-4048-B260-51604FA0593D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5D4D9A57-BD4C-44E4-BEF4-AA031320437D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6BF5ED7F-5CA3-467E-BBC5-F5F2E6788874}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{8D16E8B9-D64E-4A14-BA02-8B46A966D1E8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8ED94668-C5DE-4616-8750-B98B4A2A6B58}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{95A344D3-1429-470D-B4CA-229884D51356}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9EFD2F86-2FFC-4C49-A085-60D3171A2140}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 webassistent\a1breitband.exe | 
"{A4FFD0DA-718E-4E5C-8B2A-C5FA5F6FCE95}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{AF338039-A379-4990-B285-CA1D7A670766}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CC0A0ABE-5B68-4A8A-85CF-8C8F46D846CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D4A8C3C8-98E0-42E1-AACD-C7E83F189836}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{E959D829-80FE-48EF-BD51-4B3A90BC0B05}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{F124DF39-7C8D-4009-8140-CD46127956C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F188D9B5-C7AE-45DE-B9DD-995DC0669C0D}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"TCP Query User{91BEFA86-87DF-4B4A-9F2F-50E90DC1C36C}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{E56F9F8C-9300-480C-A150-D192D4C366F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F1045235-4AF1-4D85-A27C-722DBFDC5B7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{3B46DABF-7FA5-4177-9B85-BF612FEE239C}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{640A4423-226C-4E09-8FBF-51D23A623DB3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CC10F49D-45F9-4749-99AC-51C58A30B99B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{555ECC75-AB3B-6434-8900-2BBA4F91F107}" = ccc-utility64
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63E42DE7-C468-31B0-E373-173C67C87B88}" = ATI Catalyst Install Manager
"{65C1BEAD-B50B-498C-BB6B-CDE4F30584B1}" = HP 3D DriveGuard
"{697E5298-CF76-43A3-AC9D-6AE2FA0F2B43}" = Validity Fingerprint Sensor Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A25B75A1-D9B5-43FC-86F7-6E85DC5AB37E}" = Studie zur Verbesserung von HP Photosmart 5510 series Produkten
"{AB6268C0-EDA4-46C3-8A1C-11D86A5A8E93}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B617B439-87A2-4109-94A6-BD768B259F83}" = HP ProtectTools Security Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9355D03-2C06-401B-8A16-F6500379AE21}" = HP Power Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}" = WMV9/VC-1 Video Playback
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F10409-00BB-8843-4813-37FDDD972CB1}" = CCC Help Chinese Standard
"{08FB6F00-7D8D-5474-B70D-607638405BEB}" = CCC Help Korean
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{12379137-5A34-8311-A00C-4571E468F507}" = CCC Help Polish
"{1392513C-F92A-2893-E263-071E943CB4B8}" = Catalyst Control Center InstallProxy
"{1529490E-DC67-A7DA-E7FE-789B929E67F0}" = CCC Help Norwegian
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2E07A6AE-C2EC-05DB-8344-B562E5D9E341}" = CCC Help Swedish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E918CE9-BDA6-282D-0E19-E11DF8004ABE}" = CCC Help Thai
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4441B01C-0AF2-6EE7-CDB3-AD0DB41E7147}" = CCC Help Hungarian
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{668643A5-48DD-B0E9-62E1-1FDA18D54F66}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69EA3784-E961-76A2-6C11-7B83AA50E56A}" = CCC Help Czech
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}" = HP Documentation
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}" = HP QuickWeb
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71543470-E3F8-6A06-08C8-783CD286D2BA}" = CCC Help German
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{76BAC71B-00A7-BBFA-5DAE-EEB0DF9F4098}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7CF1347C-61F6-C495-127C-912FD6CB432D}" = CCC Help Japanese
"{801EAD7A-7202-4BE4-84A1-299202AD17C0}" = HP ESU for Microsoft Windows 7
"{80C45B94-2BA0-8E23-95A7-8A9FCD836EFD}" = PX Profile Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BE1D9F-FC67-E84E-F73A-BC7125E3B717}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.9
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A1EFCBD2-B171-E24D-FAD2-4E711A312DEF}" = CCC Help Danish
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB9F8790-4ECB-1BFA-1B80-21DCD40664C3}" = CCC Help Greek
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AE6BF609-EF6A-8764-85EE-6CC65602D88E}" = CCC Help Chinese Traditional
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B26B64E8-DB83-7904-2DF9-F92A7ABC14D9}" = Catalyst Control Center Localization All
"{B3E31950-C92F-BCD9-963D-A520887A262A}" = CCC Help Turkish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE211EBE-AC92-515C-D122-A9DD0BC9FFA9}" = Catalyst Control Center
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6CD49BC-E6A5-F247-0489-F3188F300A8E}" = Catalyst Control Center Profiles Mobile
"{C7C60D93-E5B7-82D7-44A4-E3EE404B56A3}" = CCC Help Dutch
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBD548E9-E421-7B51-5732-2F63B37589E2}" = CCC Help French
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D2A2E5CD-801A-4B8D-8119-F79449A09B67}" = HP System Default Settings
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7922D23-642E-0649-A3C9-38F9E0FA263E}" = CCC Help Russian
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF63FA79-75AE-45D6-715E-81E92F134702}" = CCC Help Italian
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2531547-0789-690E-9F12-3EDBDBC64DA8}" = CCC Help Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F07E6C5F-6AE1-72B3-8659-08E2ABB86DF8}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonInternetschutz.3" = A1 Internetschutz 2.0.69
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ImgBurn" = ImgBurn
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VIP Access SDK" = VIP Access SDK (1.0.1.5) 
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2013 19:21:44 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 05.02.2013 19:21:44 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 05.02.2013 19:21:44 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 05.02.2013 19:21:44 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 05.02.2013 19:21:44 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 06.02.2013 11:22:30 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 06.02.2013 11:22:30 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 06.02.2013 12:30:06 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 06.02.2013 12:30:06 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 06.02.2013 12:30:06 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
[ Hewlett-Packard Events ]
Error - 22.06.2012 09:09:55 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 22.06.2012 09:14:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:16:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:24:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:30:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:36:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 23.06.2012 14:57:06 | Computer Name = Sigrid-HP | Source = HPSFMsgr.exe | ID = 2000
Description = 
 
Error - 29.06.2012 04:42:40 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 29.06.2012 04:51:24 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 26.08.2012 10:23:50 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Connection Manager Events ]
Error - 06.02.2013 12:39:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:39:34.556|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:40:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:40:34.549|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:41:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:41:34.549|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:42:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:42:34.548|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:43:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:43:34.550|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:44:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:44:34.547|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:45:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:45:34.551|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:46:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:46:34.549|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:47:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:47:34.549|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 06.02.2013 12:48:34 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/06 17:48:34.552|00001718|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Power Assistant Events ]
Error - 24.11.2012 08:43:30 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 16.12.2012 06:22:27 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 102UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 22.12.2012 03:39:01 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Fensterthread der Systemereignisse konnte nicht erstellt werden.
 
Error - 22.12.2012 15:18:31 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 27.12.2012 12:39:49 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 102UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 28.12.2012 17:03:47 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 28.12.2012 17:03:47 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 04.01.2013 15:18:12 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 11.01.2013 15:00:33 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 11.01.2013 15:00:34 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
[ HP Software Framework Events ]
Error - 02.11.2012 09:43:55 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.11.02 14:43:55.051|0000115C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 05.12.2012 20:03:15 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.06 01:03:14.340|00001728|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 23.12.2012 18:25:46 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.23 23:25:46.332|00001900|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 24.12.2012 09:53:36 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.24 14:53:36.304|00000304|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 24.12.2012 09:53:36 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.24 14:53:36.492|00000304|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
Error - 26.12.2012 08:12:09 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.26 13:12:09.701|00001B4C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 26.12.2012 08:12:09 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.26 13:12:09.795|00001B4C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
Error - 25.01.2013 20:35:49 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.01.26 01:35:49.392|000016D0|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 25.01.2013 20:35:49 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.01.26 01:35:49.626|000016D0|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
Error - 29.01.2013 08:55:32 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.01.29 13:55:32.363|00000A9C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
[ OSession Events ]
Error - 13.10.2011 03:59:50 | Computer Name = Sigrid-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 335
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.02.2013 07:26:06 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 05.02.2013 07:28:11 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 05.02.2013 12:42:29 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 05.02.2013 17:39:25 | Computer Name = Sigrid-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 05.02.2013 17:40:16 | Computer Name = Sigrid-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 05.02.2013 17:41:16 | Computer Name = Sigrid-HP | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 05.02.2013 19:21:47 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 06.02.2013 10:52:00 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 06.02.2013 10:52:06 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 06.02.2013 10:54:22 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
Gmer muss ich noch machen. Kommt später!
Danke erst mal !

Alt 07.02.2013, 12:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?




Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 07.02.2013, 18:39   #3
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Hallo, danke erst mal für dein Bemühen

Ich bin absoluter Privatanwender, die ProfessionalEdition hab ich von meiner Schwester, die sie über die Uni bezog. Da sie sie selbst jedoch nicht verwendet, bin ich in den Genuss gekommen.

So, nun der logfile des anti-rootkit

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sigrid :: SIGRID-HP [administrator]

07.02.2013 18:27:44
mbar-log-2013-02-07 (18-27-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31032
Time elapsed: 13 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Wie geht´s nun weiter?
__________________

Alt 08.02.2013, 10:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.02.2013, 19:35   #5
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Hier der Logfile von Gmer (erste Versuch scheiterte, beim zweiten war leider der Internetschutz (automatisch) wieder an, der dritte war erfolgreich)

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-08 19:25:09
Windows 6.1.7601 Service Pack 1 x64 
Running: gmer_2.0.18454.exe


---- Registry - GMER 2.0 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b026a86                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b026a86@b05ce5fff74a         0x6C 0x73 0x40 0xF4 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b026a86@60a10afb72b3         0xF9 0xCC 0x30 0x9B ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b026a86@fca13e71b581         0xDA 0x36 0x03 0x54 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b026a86@44f45998cec3         0xCA 0x5A 0xBC 0xCF ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b026a86 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b026a86@b05ce5fff74a             0x6C 0x73 0x40 0xF4 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b026a86@60a10afb72b3             0xF9 0xCC 0x30 0x9B ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b026a86@fca13e71b581             0xDA 0x36 0x03 0x54 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b026a86@44f45998cec3             0xCA 0x5A 0xBC 0xCF ...

---- EOF - GMER 2.0 ----
         
aswMBR kommt noch.

Und hier der logfile von aswMBR (ich hab nur der quickscan laufen lassen, weil der so angehakt war und ich nichts verändern wollte. Sollte ich noch einen gesamtscan von C machen, bitte einfach sagen)

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-08 19:36:32
-----------------------------
19:36:32.933    OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:32.933    Number of processors: 4 586 0x2A07
19:36:32.933    ComputerName: SIGRID-HP  UserName: Sigrid
19:36:34.852    Initialize success
19:40:55.489    AVAST engine defs: 13020800
19:45:35.610    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:45:35.613    Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 3
19:45:36.044    Disk 0 MBR read successfully
19:45:36.046    Disk 0 MBR scan
19:45:36.049    Disk 0 Windows 7 default MBR code
19:45:36.153    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          300 MB offset 2048
19:45:36.296    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       453189 MB offset 616448
19:45:36.394    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        18327 MB offset 928747520
19:45:36.471    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     5115 MB offset 966281216
19:45:36.896    Disk 0 scanning C:\windows\system32\drivers
19:47:31.914    Service scanning
19:48:10.519    Modules scanning
19:48:10.541    Disk 0 trace - called modules:
19:48:10.639    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 
19:48:10.642    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800510f060]
19:48:10.645    3 CLASSPNP.SYS[fffff8800189c43f] -> nt!IofCallDriver -> [0xfffffa8004fc5a60]
19:48:10.649    5 hpdskflt.sys[fffff88001843189] -> nt!IofCallDriver -> [0xfffffa8004b78040]
19:48:10.652    7 ACPI.sys[fffff88000f9e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b7e050]
19:48:12.523    AVAST engine scan C:\windows
19:52:03.877    AVAST engine scan C:\windows\system32
20:06:33.197    AVAST engine scan C:\windows\system32\drivers
20:06:57.020    AVAST engine scan C:\Users\Sigrid
20:16:11.687    AVAST engine scan C:\ProgramData
20:18:15.139    Scan finished successfully
20:20:26.273    Disk 0 MBR has been saved successfully to "C:\Users\Sigrid\Desktop\MBR.dat"
20:20:26.289    The log file has been saved successfully to "C:\Users\Sigrid\Desktop\aswMBR.txt"
         


Alt 10.02.2013, 19:28   #6
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Hallo cosinus,
wollt noch erwähnen, dass ich seit einiger zeit beim hochfahren des laptops immer die meldung bekomme "selfupdate funktioniert nicht mehr". hab ich da irgendwo ein ´totes´ programm oder kann das auch ein/der virus sein?
wie find ich das raus, um welches update es sich da handelt?

Alt 11.02.2013, 09:18   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Zitat:
) [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService)
Ist wohl das hier, kenn ich nicht das Programm

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2013, 10:06   #8
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Hier der logfile vom TDSSKiller
Code:
ATTFilter
09:37:13.0413 8236  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:37:13.0897 8236  ============================================================
09:37:13.0897 8236  Current date / time: 2013/02/11 09:37:13.0897
09:37:13.0897 8236  SystemInfo:
09:37:13.0897 8236  
09:37:13.0897 8236  OS Version: 6.1.7601 ServicePack: 1.0
09:37:13.0897 8236  Product type: Workstation
09:37:13.0897 8236  ComputerName: SIGRID-HP
09:37:13.0897 8236  UserName: Sigrid
09:37:13.0897 8236  Windows directory: C:\windows
09:37:13.0897 8236  System windows directory: C:\windows
09:37:13.0897 8236  Running under WOW64
09:37:13.0897 8236  Processor architecture: Intel x64
09:37:13.0897 8236  Number of processors: 4
09:37:13.0897 8236  Page size: 0x1000
09:37:13.0897 8236  Boot type: Normal boot
09:37:13.0897 8236  ============================================================
09:37:14.0958 8236  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:37:14.0973 8236  ============================================================
09:37:14.0973 8236  \Device\Harddisk0\DR0:
09:37:14.0973 8236  MBR partitions:
09:37:14.0973 8236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
09:37:14.0973 8236  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x37522800
09:37:14.0973 8236  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x375B9000, BlocksNum 0x23CB800
09:37:14.0973 8236  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39984800, BlocksNum 0x9FD800
09:37:14.0973 8236  ============================================================
09:37:15.0067 8236  C: <-> \Device\Harddisk0\DR0\Partition2
09:37:15.0223 8236  E: <-> \Device\Harddisk0\DR0\Partition3
09:37:15.0238 8236  F: <-> \Device\Harddisk0\DR0\Partition4
09:37:15.0285 8236  ============================================================
09:37:15.0285 8236  Initialize success
09:37:15.0285 8236  ============================================================
09:37:53.0662 3020  ============================================================
09:37:53.0662 3020  Scan started
09:37:53.0662 3020  Mode: Manual; SigCheck; TDLFS; 
09:37:53.0662 3020  ============================================================
09:37:53.0849 3020  ================ Scan system memory ========================
09:37:53.0849 3020  System memory - ok
09:37:53.0849 3020  ================ Scan services =============================
09:37:54.0130 3020  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:37:54.0286 3020  1394ohci - ok
09:37:54.0317 3020  [ A3D3A95303269011060BBCFB97CA1DD5 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
09:37:54.0364 3020  Accelerometer - ok
09:37:54.0427 3020  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:37:54.0473 3020  ACPI - ok
09:37:54.0520 3020  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:37:54.0614 3020  AcpiPmi - ok
09:37:54.0754 3020  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:37:54.0754 3020  AdobeFlashPlayerUpdateSvc - ok
09:37:54.0785 3020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
09:37:54.0817 3020  adp94xx - ok
09:37:54.0848 3020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
09:37:54.0879 3020  adpahci - ok
09:37:54.0895 3020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
09:37:54.0910 3020  adpu320 - ok
09:37:54.0926 3020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:37:55.0082 3020  AeLookupSvc - ok
09:37:55.0191 3020  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
09:37:55.0347 3020  AESTFilters - ok
09:37:55.0394 3020  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc             C:\windows\syswow64\drivers\Afc.sys
09:37:55.0425 3020  Afc - ok
09:37:55.0472 3020  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
09:37:55.0534 3020  AFD - ok
09:37:55.0581 3020  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
09:37:55.0643 3020  AgereSoftModem - ok
09:37:55.0690 3020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
09:37:55.0706 3020  agp440 - ok
09:37:55.0737 3020  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
09:37:55.0909 3020  ALG - ok
09:37:55.0955 3020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
09:37:55.0987 3020  aliide - ok
09:37:56.0018 3020  [ D5518E3BBFD69520FA3BDD3D05B5B458 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
09:37:56.0158 3020  AMD External Events Utility - ok
09:37:56.0174 3020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
09:37:56.0189 3020  amdide - ok
09:37:56.0205 3020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
09:37:56.0267 3020  AmdK8 - ok
09:37:56.0657 3020  [ BE85FDC481F3BFBC036BB5D96DBBD12D ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
09:37:57.0016 3020  amdkmdag - ok
09:37:57.0063 3020  [ 8E0146E61409C46855F1DD008EAEDD5D ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
09:37:57.0141 3020  amdkmdap - ok
09:37:57.0188 3020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
09:37:57.0235 3020  AmdPPM - ok
09:37:57.0281 3020  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:37:57.0313 3020  amdsata - ok
09:37:57.0328 3020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
09:37:57.0359 3020  amdsbs - ok
09:37:57.0359 3020  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:37:57.0375 3020  amdxata - ok
09:37:57.0422 3020  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
09:37:57.0531 3020  AppID - ok
09:37:57.0562 3020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:37:57.0671 3020  AppIDSvc - ok
09:37:57.0703 3020  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
09:37:57.0796 3020  Appinfo - ok
09:37:57.0937 3020  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:37:58.0015 3020  Apple Mobile Device - ok
09:37:58.0093 3020  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
09:37:58.0155 3020  AppMgmt - ok
09:37:58.0186 3020  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
09:37:58.0217 3020  arc - ok
09:37:58.0233 3020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
09:37:58.0264 3020  arcsas - ok
09:37:58.0311 3020  [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM         C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
09:37:58.0342 3020  ARCVCAM - ok
09:37:58.0451 3020  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:37:58.0514 3020  aspnet_state - ok
09:37:58.0545 3020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:37:58.0607 3020  AsyncMac - ok
09:37:58.0654 3020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
09:37:58.0701 3020  atapi - ok
09:37:58.0717 3020  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\windows\system32\DRIVERS\btath_flt.sys
09:37:58.0732 3020  AthBTPort - ok
09:37:58.0795 3020  [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
09:37:58.0888 3020  Atheros Bt&Wlan Coex Agent - ok
09:37:58.0919 3020  [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
09:37:58.0935 3020  AtherosSvc - ok
09:37:59.0029 3020  [ 675B31FCFAF319C0CBB908FEB6B90471 ] athr            C:\windows\system32\DRIVERS\athrx.sys
09:37:59.0138 3020  athr - ok
09:37:59.0263 3020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:37:59.0419 3020  AudioEndpointBuilder - ok
09:37:59.0434 3020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:37:59.0465 3020  AudioSrv - ok
09:37:59.0528 3020  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:37:59.0621 3020  AxInstSV - ok
09:37:59.0668 3020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
09:37:59.0731 3020  b06bdrv - ok
09:37:59.0762 3020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:37:59.0809 3020  b57nd60a - ok
09:37:59.0840 3020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
09:37:59.0918 3020  BDESVC - ok
09:37:59.0949 3020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
09:38:00.0058 3020  Beep - ok
09:38:00.0105 3020  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
09:38:00.0277 3020  BFE - ok
09:38:00.0292 3020  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
09:38:00.0433 3020  BITS - ok
09:38:00.0464 3020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:38:00.0511 3020  blbdrive - ok
09:38:00.0573 3020  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:38:00.0651 3020  Bonjour Service - ok
09:38:00.0698 3020  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:38:00.0745 3020  bowser - ok
09:38:00.0776 3020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
09:38:00.0854 3020  BrFiltLo - ok
09:38:00.0869 3020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
09:38:00.0901 3020  BrFiltUp - ok
09:38:00.0947 3020  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
09:38:01.0057 3020  Browser - ok
09:38:01.0088 3020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:38:01.0119 3020  Brserid - ok
09:38:01.0150 3020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:38:01.0166 3020  BrSerWdm - ok
09:38:01.0181 3020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:38:01.0228 3020  BrUsbMdm - ok
09:38:01.0244 3020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:38:01.0275 3020  BrUsbSer - ok
09:38:01.0306 3020  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\windows\system32\drivers\btath_a2dp.sys
09:38:01.0322 3020  BTATH_A2DP - ok
09:38:01.0353 3020  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\windows\system32\DRIVERS\btath_bus.sys
09:38:01.0369 3020  BTATH_BUS - ok
09:38:01.0369 3020  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\windows\system32\DRIVERS\btath_hcrp.sys
09:38:01.0384 3020  BTATH_HCRP - ok
09:38:01.0415 3020  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\windows\system32\DRIVERS\btath_lwflt.sys
09:38:01.0431 3020  BTATH_LWFLT - ok
09:38:01.0447 3020  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\windows\system32\DRIVERS\btath_rcp.sys
09:38:01.0462 3020  BTATH_RCP - ok
09:38:01.0493 3020  [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
09:38:01.0509 3020  BtFilter - ok
09:38:01.0556 3020  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
09:38:01.0665 3020  BthEnum - ok
09:38:01.0696 3020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
09:38:01.0727 3020  BTHMODEM - ok
09:38:01.0759 3020  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
09:38:01.0805 3020  BthPan - ok
09:38:01.0852 3020  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
09:38:01.0930 3020  BTHPORT - ok
09:38:01.0961 3020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
09:38:02.0024 3020  bthserv - ok
09:38:02.0055 3020  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
09:38:02.0133 3020  BTHUSB - ok
09:38:02.0164 3020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:38:02.0211 3020  cdfs - ok
09:38:02.0242 3020  cdrbsdrv - ok
09:38:02.0273 3020  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\drivers\cdrom.sys
09:38:02.0367 3020  cdrom - ok
09:38:02.0414 3020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
09:38:02.0554 3020  CertPropSvc - ok
09:38:02.0585 3020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
09:38:02.0648 3020  circlass - ok
09:38:02.0663 3020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
09:38:02.0710 3020  CLFS - ok
09:38:02.0773 3020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:02.0804 3020  clr_optimization_v2.0.50727_32 - ok
09:38:02.0851 3020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:02.0897 3020  clr_optimization_v2.0.50727_64 - ok
09:38:02.0960 3020  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:03.0053 3020  clr_optimization_v4.0.30319_32 - ok
09:38:03.0069 3020  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:03.0085 3020  clr_optimization_v4.0.30319_64 - ok
09:38:03.0116 3020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:38:03.0147 3020  CmBatt - ok
09:38:03.0163 3020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:38:03.0194 3020  cmdide - ok
09:38:03.0241 3020  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
09:38:03.0303 3020  CNG - ok
09:38:03.0350 3020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
09:38:03.0381 3020  Compbatt - ok
09:38:03.0412 3020  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
09:38:03.0459 3020  CompositeBus - ok
09:38:03.0475 3020  COMSysApp - ok
09:38:03.0490 3020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
09:38:03.0490 3020  crcdisk - ok
09:38:03.0521 3020  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:38:03.0615 3020  CryptSvc - ok
09:38:03.0662 3020  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
09:38:03.0740 3020  CSC - ok
09:38:03.0771 3020  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
09:38:03.0802 3020  CscService - ok
09:38:03.0833 3020  [ 2E3374F9F0B5A3247B779978980C24CB ] DAMDrv          C:\windows\system32\DRIVERS\DAMDrv64.sys
09:38:03.0927 3020  DAMDrv - ok
09:38:03.0958 3020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:38:04.0005 3020  DcomLaunch - ok
09:38:04.0052 3020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
09:38:04.0192 3020  defragsvc - ok
09:38:04.0239 3020  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:38:04.0333 3020  DfsC - ok
09:38:04.0364 3020  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
09:38:04.0395 3020  Dhcp - ok
09:38:04.0411 3020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
09:38:04.0504 3020  discache - ok
09:38:04.0535 3020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
09:38:04.0535 3020  Disk - ok
09:38:04.0567 3020  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:38:04.0598 3020  Dnscache - ok
09:38:04.0629 3020  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
09:38:04.0707 3020  dot3svc - ok
09:38:04.0847 3020  [ 0B9134A45E88DCF0657382F277242F62 ] DpHost          C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
09:38:04.0925 3020  DpHost - ok
09:38:04.0972 3020  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
09:38:05.0081 3020  DPS - ok
09:38:05.0113 3020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:38:05.0128 3020  drmkaud - ok
09:38:05.0175 3020  [ AE2661B8ADFA325AF0EA096D969533F3 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:38:05.0237 3020  DXGKrnl - ok
09:38:05.0253 3020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
09:38:05.0300 3020  EapHost - ok
09:38:05.0393 3020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
09:38:05.0487 3020  ebdrv - ok
09:38:05.0503 3020  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
09:38:05.0549 3020  EFS - ok
09:38:05.0581 3020  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
09:38:05.0674 3020  ehRecvr - ok
09:38:05.0705 3020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
09:38:05.0768 3020  ehSched - ok
09:38:05.0815 3020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
09:38:05.0861 3020  elxstor - ok
09:38:05.0893 3020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:38:05.0924 3020  ErrDev - ok
09:38:05.0955 3020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
09:38:06.0080 3020  EventSystem - ok
09:38:06.0127 3020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
09:38:06.0173 3020  exfat - ok
09:38:06.0189 3020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:38:06.0236 3020  fastfat - ok
09:38:06.0298 3020  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
09:38:06.0376 3020  Fax - ok
09:38:06.0392 3020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
09:38:06.0439 3020  fdc - ok
09:38:06.0470 3020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
09:38:06.0563 3020  fdPHost - ok
09:38:06.0579 3020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
09:38:06.0704 3020  FDResPub - ok
09:38:06.0719 3020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:38:06.0735 3020  FileInfo - ok
09:38:06.0735 3020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:38:06.0797 3020  Filetrace - ok
09:38:07.0000 3020  [ A814979613C50457ED25FD60C872EBBC ] FLCDLOCK        c:\Windows\SysWOW64\flcdlock.exe
09:38:07.0265 3020  FLCDLOCK - ok
09:38:07.0328 3020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
09:38:07.0375 3020  flpydisk - ok
09:38:07.0421 3020  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:38:07.0468 3020  FltMgr - ok
09:38:07.0499 3020  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
09:38:07.0655 3020  FontCache - ok
09:38:07.0702 3020  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:07.0749 3020  FontCache3.0.0.0 - ok
09:38:07.0780 3020  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:38:07.0796 3020  FsDepends - ok
09:38:07.0843 3020  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:38:07.0936 3020  Fs_Rec - ok
09:38:07.0983 3020  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:38:07.0999 3020  fvevol - ok
09:38:08.0030 3020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
09:38:08.0045 3020  gagp30kx - ok
09:38:08.0108 3020  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:38:08.0170 3020  GEARAspiWDM - ok
09:38:08.0248 3020  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
09:38:08.0311 3020  gpsvc - ok
09:38:08.0420 3020  [ A35D26CE801B70039E9B00E0D6CA9807 ] GuardX          C:\Program Files (x86)\A1 Internetschutz\bin\guardxservice.exe
09:38:08.0498 3020  GuardX - ok
09:38:08.0529 3020  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:38:08.0545 3020  gusvc - ok
09:38:08.0560 3020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:38:08.0607 3020  hcw85cir - ok
09:38:08.0638 3020  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:38:08.0716 3020  HdAudAddService - ok
09:38:08.0732 3020  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
09:38:08.0763 3020  HDAudBus - ok
09:38:08.0779 3020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
09:38:08.0810 3020  HidBatt - ok
09:38:08.0825 3020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
09:38:08.0857 3020  HidBth - ok
09:38:08.0872 3020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
09:38:08.0903 3020  HidIr - ok
09:38:08.0919 3020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
09:38:09.0013 3020  hidserv - ok
09:38:09.0059 3020  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
09:38:09.0075 3020  HidUsb - ok
09:38:09.0122 3020  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:38:09.0200 3020  hkmsvc - ok
09:38:09.0247 3020  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:38:09.0340 3020  HomeGroupListener - ok
09:38:09.0387 3020  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:38:09.0418 3020  HomeGroupProvider - ok
09:38:09.0465 3020  [ E8F8A94109429A327521C83AE2C25941 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
09:38:09.0527 3020  HP Power Assistant Service - ok
09:38:09.0668 3020  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:38:09.0746 3020  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
09:38:09.0746 3020  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
09:38:09.0824 3020  [ C5D2F308E1C12A5C328EF549696DBC05 ] hpCMSrv         C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
09:38:10.0245 3020  hpCMSrv - ok
09:38:10.0307 3020  [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
09:38:10.0448 3020  HPDayStarterService - ok
09:38:10.0510 3020  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:38:10.0651 3020  HPDrvMntSvc.exe - ok
09:38:10.0682 3020  [ 4EC5F601B46C00DF87323CD58E8AA1A3 ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
09:38:10.0760 3020  hpdskflt - ok
09:38:10.0807 3020  [ 4968C0728E257B3B6210244A9CDE2A08 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
09:38:11.0103 3020  hpHotkeyMonitor - ok
09:38:11.0134 3020  [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
09:38:11.0134 3020  HpqKbFiltr - ok
09:38:11.0197 3020  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:38:11.0571 3020  hpqwmiex - ok
09:38:11.0602 3020  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:38:11.0618 3020  HpSAMD - ok
09:38:11.0649 3020  [ 3A63CD2EAC2188CF2660A8E8DA701AB7 ] hpsrv           C:\windows\system32\Hpservice.exe
09:38:11.0727 3020  hpsrv - ok
09:38:11.0789 3020  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:38:11.0867 3020  HTTP - ok
09:38:11.0899 3020  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:38:11.0914 3020  hwpolicy - ok
09:38:11.0977 3020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
09:38:11.0992 3020  i8042prt - ok
09:38:12.0055 3020  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
09:38:12.0070 3020  iaStor - ok
09:38:12.0117 3020  [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:38:12.0133 3020  IAStorDataMgrSvc - ok
09:38:12.0164 3020  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:38:12.0179 3020  iaStorV - ok
09:38:12.0242 3020  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:12.0273 3020  idsvc - ok
09:38:12.0289 3020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
09:38:12.0304 3020  iirsp - ok
09:38:12.0335 3020  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
09:38:12.0460 3020  IKEEXT - ok
09:38:12.0491 3020  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
09:38:12.0569 3020  IntcDAud - ok
09:38:12.0616 3020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
09:38:12.0663 3020  intelide - ok
09:38:12.0881 3020  [ EFE5A0AF39A8E179624117C521F1E012 ] intelkmd        C:\windows\system32\DRIVERS\igdpmd64.sys
09:38:13.0256 3020  intelkmd - ok
09:38:13.0287 3020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:38:13.0318 3020  intelppm - ok
09:38:13.0349 3020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:38:13.0396 3020  IPBusEnum - ok
09:38:13.0443 3020  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:38:13.0490 3020  IpFilterDriver - ok
09:38:13.0537 3020  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:38:13.0568 3020  iphlpsvc - ok
09:38:13.0599 3020  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:38:13.0615 3020  IPMIDRV - ok
09:38:13.0646 3020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:38:13.0739 3020  IPNAT - ok
09:38:13.0786 3020  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:38:13.0849 3020  iPod Service - ok
09:38:13.0895 3020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:38:13.0973 3020  IRENUM - ok
09:38:14.0020 3020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:38:14.0051 3020  isapnp - ok
09:38:14.0083 3020  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:38:14.0129 3020  iScsiPrt - ok
09:38:14.0254 3020  [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:38:14.0473 3020  jhi_service - ok
09:38:14.0519 3020  [ 0B44199365A69696109AB9A5855E0841 ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys
09:38:14.0535 3020  JMCR - ok
09:38:14.0566 3020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
09:38:14.0582 3020  kbdclass - ok
09:38:14.0613 3020  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
09:38:14.0644 3020  kbdhid - ok
09:38:14.0675 3020  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
09:38:14.0675 3020  KeyIso - ok
09:38:14.0722 3020  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:38:14.0738 3020  KSecDD - ok
09:38:14.0769 3020  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:38:14.0878 3020  KSecPkg - ok
09:38:14.0909 3020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:38:14.0956 3020  ksthunk - ok
09:38:14.0972 3020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
09:38:15.0065 3020  KtmRm - ok
09:38:15.0112 3020  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
09:38:15.0190 3020  LanmanServer - ok
09:38:15.0221 3020  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:38:15.0299 3020  LanmanWorkstation - ok
09:38:15.0346 3020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:38:15.0424 3020  lltdio - ok
09:38:15.0440 3020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:38:15.0502 3020  lltdsvc - ok
09:38:15.0502 3020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:38:15.0549 3020  lmhosts - ok
09:38:15.0596 3020  [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:38:15.0923 3020  LMS - ok
09:38:16.0017 3020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
09:38:16.0064 3020  LSI_FC - ok
09:38:16.0095 3020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
09:38:16.0111 3020  LSI_SAS - ok
09:38:16.0126 3020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
09:38:16.0142 3020  LSI_SAS2 - ok
09:38:16.0157 3020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
09:38:16.0173 3020  LSI_SCSI - ok
09:38:16.0204 3020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
09:38:16.0251 3020  luafv - ok
09:38:16.0298 3020  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
09:38:16.0376 3020  MBAMProtector - ok
09:38:16.0423 3020  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:38:16.0657 3020  MBAMScheduler - ok
09:38:16.0703 3020  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:38:17.0015 3020  MBAMService - ok
09:38:17.0140 3020  [ 9B6B1F995F70AD951496088B16BC6782 ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
09:38:17.0421 3020  McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - warning
09:38:17.0421 3020  McAfee Endpoint Encryption Agent - detected UnsignedFile.Multi.Generic (1)
09:38:17.0437 3020  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
09:38:17.0499 3020  Mcx2Svc - ok
09:38:17.0515 3020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
09:38:17.0530 3020  megasas - ok
09:38:17.0578 3020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
09:38:17.0594 3020  MegaSR - ok
09:38:17.0625 3020  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
09:38:17.0640 3020  MEIx64 - ok
09:38:17.0687 3020  [ 1D0535ABA49C80D20807DB748CA756DF ] MfeEpeOpal      C:\windows\system32\drivers\MfeEpeOpal.sys
09:38:17.0718 3020  MfeEpeOpal - ok
09:38:17.0750 3020  [ 01446E52580019F8A9C77BB6840BC1FC ] MfeEpePc        C:\windows\system32\drivers\MfeEpePc.sys
09:38:17.0828 3020  MfeEpePc - ok
09:38:17.0921 3020  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:38:17.0984 3020  Microsoft Office Groove Audit Service - ok
09:38:17.0999 3020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
09:38:18.0062 3020  MMCSS - ok
09:38:18.0093 3020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
09:38:18.0140 3020  Modem - ok
09:38:18.0155 3020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:38:18.0186 3020  monitor - ok
09:38:18.0202 3020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
09:38:18.0218 3020  mouclass - ok
09:38:18.0249 3020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:38:18.0280 3020  mouhid - ok
09:38:18.0311 3020  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:38:18.0358 3020  mountmgr - ok
09:38:18.0389 3020  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
09:38:18.0405 3020  mpio - ok
09:38:18.0420 3020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:38:18.0467 3020  mpsdrv - ok
09:38:18.0498 3020  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:38:18.0545 3020  MpsSvc - ok
09:38:18.0592 3020  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:38:18.0686 3020  MRxDAV - ok
09:38:18.0717 3020  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:38:18.0764 3020  mrxsmb - ok
09:38:18.0779 3020  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:38:18.0810 3020  mrxsmb10 - ok
09:38:18.0826 3020  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:38:18.0873 3020  mrxsmb20 - ok
09:38:18.0904 3020  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
09:38:18.0920 3020  msahci - ok
09:38:18.0951 3020  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:38:18.0966 3020  msdsm - ok
09:38:18.0982 3020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
09:38:19.0044 3020  MSDTC - ok
09:38:19.0076 3020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:38:19.0107 3020  Msfs - ok
09:38:19.0138 3020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:38:19.0169 3020  mshidkmdf - ok
09:38:19.0185 3020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:38:19.0216 3020  msisadrv - ok
09:38:19.0232 3020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:38:19.0278 3020  MSiSCSI - ok
09:38:19.0278 3020  msiserver - ok
09:38:19.0310 3020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:38:19.0356 3020  MSKSSRV - ok
09:38:19.0372 3020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:38:19.0403 3020  MSPCLOCK - ok
09:38:19.0419 3020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:38:19.0466 3020  MSPQM - ok
09:38:19.0481 3020  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:38:19.0512 3020  MsRPC - ok
09:38:19.0544 3020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
09:38:19.0559 3020  mssmbios - ok
09:38:19.0575 3020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:38:19.0637 3020  MSTEE - ok
09:38:19.0653 3020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
09:38:19.0684 3020  MTConfig - ok
09:38:19.0700 3020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
09:38:19.0715 3020  Mup - ok
09:38:19.0762 3020  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
09:38:19.0809 3020  napagent - ok
09:38:19.0871 3020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:38:19.0934 3020  NativeWifiP - ok
09:38:20.0012 3020  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
09:38:20.0043 3020  NDIS - ok
09:38:20.0105 3020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:38:20.0168 3020  NdisCap - ok
09:38:20.0183 3020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:38:20.0277 3020  NdisTapi - ok
09:38:20.0324 3020  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:38:20.0386 3020  Ndisuio - ok
09:38:20.0417 3020  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:38:20.0480 3020  NdisWan - ok
09:38:20.0511 3020  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:38:20.0573 3020  NDProxy - ok
09:38:20.0589 3020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:38:20.0682 3020  NetBIOS - ok
09:38:20.0714 3020  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:38:20.0776 3020  NetBT - ok
09:38:20.0792 3020  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
09:38:20.0807 3020  Netlogon - ok
09:38:20.0838 3020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
09:38:20.0948 3020  Netman - ok
09:38:20.0994 3020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:21.0057 3020  NetMsmqActivator - ok
09:38:21.0072 3020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:21.0088 3020  NetPipeActivator - ok
09:38:21.0119 3020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
09:38:21.0150 3020  netprofm - ok
09:38:21.0182 3020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:21.0182 3020  NetTcpActivator - ok
09:38:21.0182 3020  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:21.0197 3020  NetTcpPortSharing - ok
09:38:21.0228 3020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
09:38:21.0244 3020  nfrd960 - ok
09:38:21.0275 3020  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
09:38:21.0322 3020  NlaSvc - ok
09:38:21.0369 3020  [ 7983D9201788407C4D1FC4D0BAA04E32 ] nmwcdnsux64     C:\windows\system32\drivers\nmwcdnsux64.sys
09:38:21.0431 3020  nmwcdnsux64 - ok
09:38:21.0447 3020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:38:21.0494 3020  Npfs - ok
09:38:21.0509 3020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
09:38:21.0587 3020  nsi - ok
09:38:21.0603 3020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:38:21.0650 3020  nsiproxy - ok
09:38:21.0696 3020  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:38:21.0743 3020  Ntfs - ok
09:38:21.0759 3020  [ BE703961C6FFE6B8FA2E158CA94F41DC ] NTGUARD         C:\Program Files (x86)\A1 Internetschutz\bin\ntguard_x64.sys
09:38:21.0774 3020  NTGUARD - ok
09:38:21.0790 3020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
09:38:21.0837 3020  Null - ok
09:38:21.0884 3020  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:38:21.0915 3020  nvraid - ok
09:38:21.0930 3020  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:38:21.0946 3020  nvstor - ok
09:38:21.0977 3020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:38:21.0993 3020  nv_agp - ok
09:38:22.0071 3020  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:38:22.0196 3020  odserv - ok
09:38:22.0227 3020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:38:22.0258 3020  ohci1394 - ok
09:38:22.0289 3020  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:22.0289 3020  ose - ok
09:38:22.0320 3020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:38:22.0383 3020  p2pimsvc - ok
09:38:22.0398 3020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
09:38:22.0430 3020  p2psvc - ok
09:38:22.0461 3020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
09:38:22.0476 3020  Parport - ok
09:38:22.0492 3020  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:38:22.0508 3020  partmgr - ok
09:38:22.0539 3020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
09:38:22.0632 3020  PcaSvc - ok
09:38:22.0679 3020  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
09:38:22.0679 3020  pci - ok
09:38:22.0710 3020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
09:38:22.0742 3020  pciide - ok
09:38:22.0773 3020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
09:38:22.0773 3020  pcmcia - ok
09:38:22.0804 3020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
09:38:22.0820 3020  pcw - ok
09:38:22.0866 3020  pdfcDispatcher - ok
09:38:22.0898 3020  [ 4A8CC4D25525F456069887D5E8C53225 ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
09:38:22.0976 3020  PdiService - ok
09:38:22.0991 3020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:38:23.0038 3020  PEAUTH - ok
09:38:23.0085 3020  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
09:38:23.0163 3020  PeerDistSvc - ok
09:38:23.0256 3020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:38:23.0319 3020  PerfHost - ok
09:38:23.0366 3020  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
09:38:23.0522 3020  pla - ok
09:38:23.0553 3020  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:38:23.0615 3020  PlugPlay - ok
09:38:23.0631 3020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:38:23.0662 3020  PNRPAutoReg - ok
09:38:23.0678 3020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:38:23.0693 3020  PNRPsvc - ok
09:38:23.0724 3020  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:38:23.0787 3020  PolicyAgent - ok
09:38:23.0834 3020  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\windows\system32\umpo.dll
09:38:23.0943 3020  Power - ok
09:38:23.0974 3020  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:38:24.0021 3020  PptpMiniport - ok
09:38:24.0036 3020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
09:38:24.0068 3020  Processor - ok
09:38:24.0099 3020  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
09:38:24.0192 3020  ProfSvc - ok
09:38:24.0208 3020  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:38:24.0224 3020  ProtectedStorage - ok
09:38:24.0270 3020  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:38:24.0317 3020  Psched - ok
09:38:24.0380 3020  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\windows\system32\DRIVERS\psi_mf.sys
09:38:24.0473 3020  PSI - ok
09:38:24.0520 3020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
09:38:24.0582 3020  ql2300 - ok
09:38:24.0614 3020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
09:38:24.0629 3020  ql40xx - ok
09:38:24.0645 3020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
09:38:24.0676 3020  QWAVE - ok
09:38:24.0692 3020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:38:24.0707 3020  QWAVEdrv - ok
09:38:24.0723 3020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:38:24.0770 3020  RasAcd - ok
09:38:24.0785 3020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:38:24.0832 3020  RasAgileVpn - ok
09:38:24.0863 3020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
09:38:24.0957 3020  RasAuto - ok
09:38:25.0004 3020  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:38:25.0082 3020  Rasl2tp - ok
09:38:25.0097 3020  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
09:38:25.0144 3020  RasMan - ok
09:38:25.0175 3020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:38:25.0222 3020  RasPppoe - ok
09:38:25.0238 3020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:38:25.0269 3020  RasSstp - ok
09:38:25.0300 3020  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:38:25.0331 3020  rdbss - ok
09:38:25.0362 3020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
09:38:25.0394 3020  rdpbus - ok
09:38:25.0409 3020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:38:25.0456 3020  RDPCDD - ok
09:38:25.0487 3020  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
09:38:25.0534 3020  RDPDR - ok
09:38:25.0550 3020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:38:25.0581 3020  RDPENCDD - ok
09:38:25.0596 3020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:38:25.0643 3020  RDPREFMP - ok
09:38:25.0674 3020  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
09:38:25.0768 3020  RdpVideoMiniport - ok
09:38:25.0784 3020  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:38:25.0830 3020  RDPWD - ok
09:38:25.0862 3020  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:38:25.0877 3020  rdyboost - ok
09:38:25.0908 3020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:38:25.0971 3020  RemoteAccess - ok
09:38:26.0018 3020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:38:26.0080 3020  RemoteRegistry - ok
09:38:26.0111 3020  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
09:38:26.0127 3020  RFCOMM - ok
09:38:26.0142 3020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:38:26.0205 3020  RpcEptMapper - ok
09:38:26.0236 3020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
09:38:26.0252 3020  RpcLocator - ok
09:38:26.0283 3020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
09:38:26.0345 3020  RpcSs - ok
09:38:26.0376 3020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:38:26.0439 3020  rspndr - ok
09:38:26.0470 3020  [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
09:38:26.0501 3020  RTL8167 - ok
09:38:26.0532 3020  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
09:38:26.0564 3020  s3cap - ok
09:38:26.0579 3020  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
09:38:26.0579 3020  SamSs - ok
09:38:26.0626 3020  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:38:26.0642 3020  sbp2port - ok
09:38:26.0657 3020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:38:26.0704 3020  SCardSvr - ok
09:38:26.0735 3020  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:38:26.0782 3020  scfilter - ok
09:38:26.0829 3020  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
09:38:26.0907 3020  Schedule - ok
09:38:26.0938 3020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
09:38:26.0969 3020  SCPolicySvc - ok
09:38:27.0016 3020  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\drivers\sdbus.sys
09:38:27.0063 3020  sdbus - ok
09:38:27.0094 3020  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:38:27.0125 3020  SDRSVC - ok
09:38:27.0141 3020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:38:27.0250 3020  secdrv - ok
09:38:27.0281 3020  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
09:38:27.0375 3020  seclogon - ok
09:38:27.0515 3020  [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:38:27.0546 3020  Secunia PSI Agent - ok
09:38:27.0609 3020  [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
09:38:27.0671 3020  Secunia Update Agent - ok
09:38:27.0858 3020  [ 69500F5EAFDE80040F8465CD6E72037E ] SelfUpdateService C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe
09:38:28.0030 3020  SelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
09:38:28.0030 3020  SelfUpdateService - detected UnsignedFile.Multi.Generic (1)
09:38:28.0061 3020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
09:38:28.0155 3020  SENS - ok
09:38:28.0170 3020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:38:28.0186 3020  SensrSvc - ok
09:38:28.0217 3020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
09:38:28.0248 3020  Serenum - ok
09:38:28.0264 3020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
09:38:28.0280 3020  Serial - ok
09:38:28.0326 3020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
09:38:28.0342 3020  sermouse - ok
09:38:28.0373 3020  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
09:38:28.0420 3020  SessionEnv - ok
09:38:28.0436 3020  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:38:28.0482 3020  sffdisk - ok
09:38:28.0498 3020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:38:28.0514 3020  sffp_mmc - ok
09:38:28.0514 3020  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:38:28.0592 3020  sffp_sd - ok
09:38:28.0607 3020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
09:38:28.0638 3020  sfloppy - ok
09:38:28.0670 3020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:38:28.0826 3020  SharedAccess - ok
09:38:28.0857 3020  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:38:28.0904 3020  ShellHWDetection - ok
09:38:28.0919 3020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
09:38:28.0935 3020  SiSRaid2 - ok
09:38:28.0950 3020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
09:38:28.0966 3020  SiSRaid4 - ok
09:38:28.0982 3020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:38:29.0013 3020  Smb - ok
09:38:29.0044 3020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:38:29.0138 3020  SNMPTRAP - ok
09:38:29.0247 3020  [ 43FBAA2C9E6B01B6AFC40B69019C27EC ] SNP2UVC         C:\windows\system32\DRIVERS\snp2uvc.sys
09:38:29.0309 3020  SNP2UVC - ok
09:38:29.0325 3020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
09:38:29.0340 3020  spldr - ok
09:38:29.0372 3020  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
09:38:29.0450 3020  Spooler - ok
09:38:29.0543 3020  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
09:38:29.0606 3020  sppsvc - ok
09:38:29.0637 3020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:38:29.0668 3020  sppuinotify - ok
09:38:29.0699 3020  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
09:38:29.0746 3020  srv - ok
09:38:29.0762 3020  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:38:29.0793 3020  srv2 - ok
09:38:29.0840 3020  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:38:29.0886 3020  srvnet - ok
09:38:29.0933 3020  [ F74634F46692C8315E7F37F698AF3225 ] sscebus         C:\windows\system32\DRIVERS\sscebus.sys
09:38:29.0964 3020  sscebus - ok
09:38:29.0980 3020  [ 82732B391EFD69B0548044BE9CB37BFC ] sscemdfl        C:\windows\system32\DRIVERS\sscemdfl.sys
09:38:29.0996 3020  sscemdfl - ok
09:38:30.0027 3020  [ 43D56ACE4469D90F9790E8352D87D9B5 ] sscemdm         C:\windows\system32\DRIVERS\sscemdm.sys
09:38:30.0042 3020  sscemdm - ok
09:38:30.0042 3020  [ DB504EF6D73F6B8AB5CF8A18560C4E2A ] ssceserd        C:\windows\system32\DRIVERS\ssceserd.sys
09:38:30.0058 3020  ssceserd - ok
09:38:30.0089 3020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:38:30.0136 3020  SSDPSRV - ok
09:38:30.0152 3020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:38:30.0214 3020  SstpSvc - ok
09:38:30.0308 3020  [ D343109DF7DAFEC3C75AC65446F5A1A9 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
09:38:30.0401 3020  STacSV - ok
09:38:30.0417 3020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
09:38:30.0432 3020  stexstor - ok
09:38:30.0479 3020  [ 8C490A03D0E44165D8BB48CEA4787F47 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
09:38:30.0510 3020  STHDA - ok
09:38:30.0542 3020  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
09:38:30.0573 3020  StillCam - ok
09:38:30.0620 3020  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
09:38:30.0682 3020  stisvc - ok
09:38:30.0713 3020  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
09:38:30.0729 3020  storflt - ok
09:38:30.0744 3020  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
09:38:30.0807 3020  StorSvc - ok
09:38:30.0822 3020  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
09:38:30.0838 3020  storvsc - ok
09:38:30.0869 3020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
09:38:30.0885 3020  swenum - ok
09:38:30.0900 3020  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
09:38:31.0010 3020  swprv - ok
09:38:31.0072 3020  [ 48A191AE1F810F3F76F04187BA6B0F14 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:38:31.0119 3020  SynTP - ok
09:38:31.0166 3020  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
09:38:31.0212 3020  SysMain - ok
09:38:31.0290 3020  [ ACAA605B51AD413DE7595194AD0F486F ] SystemStoreService C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe
09:38:31.0368 3020  SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
09:38:31.0368 3020  SystemStoreService - detected UnsignedFile.Multi.Generic (1)
09:38:31.0400 3020  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:38:31.0478 3020  TabletInputService - ok
09:38:31.0493 3020  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
09:38:31.0602 3020  TapiSrv - ok
09:38:31.0618 3020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
09:38:31.0680 3020  TBS - ok
09:38:31.0743 3020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:38:31.0821 3020  Tcpip - ok
09:38:31.0836 3020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:38:31.0868 3020  TCPIP6 - ok
09:38:31.0899 3020  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:38:31.0946 3020  tcpipreg - ok
09:38:31.0961 3020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:38:32.0008 3020  TDPIPE - ok
09:38:32.0024 3020  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:38:32.0055 3020  TDTCP - ok
09:38:32.0086 3020  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:38:32.0133 3020  tdx - ok
09:38:32.0164 3020  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
09:38:32.0164 3020  TermDD - ok
09:38:32.0180 3020  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
09:38:32.0242 3020  TermService - ok
09:38:32.0273 3020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
09:38:32.0320 3020  Themes - ok
09:38:32.0351 3020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
09:38:32.0382 3020  THREADORDER - ok
09:38:32.0398 3020  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\windows\system32\drivers\tpm.sys
09:38:32.0429 3020  TPM - ok
09:38:32.0460 3020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
09:38:32.0523 3020  TrkWks - ok
09:38:32.0570 3020  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:38:32.0663 3020  TrustedInstaller - ok
09:38:32.0694 3020  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:38:32.0741 3020  tssecsrv - ok
09:38:32.0757 3020  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:38:32.0804 3020  TsUsbFlt - ok
09:38:32.0850 3020  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:38:32.0882 3020  tunnel - ok
09:38:32.0913 3020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
09:38:32.0960 3020  uagp35 - ok
09:38:33.0069 3020  [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture     C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
09:38:33.0225 3020  uArcCapture - ok
09:38:33.0256 3020  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:38:33.0272 3020  udfs - ok
09:38:33.0303 3020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:38:33.0350 3020  UI0Detect - ok
09:38:33.0381 3020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:38:33.0381 3020  uliagpkx - ok
09:38:33.0412 3020  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
09:38:33.0428 3020  umbus - ok
09:38:33.0443 3020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
09:38:33.0490 3020  UmPass - ok
09:38:33.0521 3020  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
09:38:33.0568 3020  UmRdpService - ok
09:38:33.0662 3020  [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:38:34.0239 3020  UNS - ok
09:38:34.0286 3020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
09:38:34.0426 3020  upnphost - ok
09:38:34.0457 3020  [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
09:38:34.0504 3020  usbccgp - ok
09:38:34.0535 3020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:38:34.0566 3020  usbcir - ok
09:38:34.0613 3020  [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci         C:\windows\system32\drivers\usbehci.sys
09:38:34.0629 3020  usbehci - ok
09:38:34.0644 3020  [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
09:38:34.0676 3020  usbhub - ok
09:38:34.0707 3020  [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci         C:\windows\system32\drivers\usbohci.sys
09:38:34.0738 3020  usbohci - ok
09:38:34.0769 3020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:38:34.0785 3020  usbprint - ok
09:38:34.0816 3020  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
09:38:34.0847 3020  usbscan - ok
09:38:34.0878 3020  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:38:34.0925 3020  USBSTOR - ok
09:38:34.0956 3020  [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:38:34.0988 3020  usbuhci - ok
09:38:35.0003 3020  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
09:38:35.0034 3020  usbvideo - ok
09:38:35.0066 3020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
09:38:35.0097 3020  UxSms - ok
09:38:35.0112 3020  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
09:38:35.0128 3020  VaultSvc - ok
09:38:35.0206 3020  [ 0AD1CFB05AE55ADEF7D05B91017ED6D1 ] vcsFPService    C:\windows\system32\vcsFPService.exe
09:38:35.0268 3020  vcsFPService - ok
09:38:35.0300 3020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:38:35.0315 3020  vdrvroot - ok
09:38:35.0346 3020  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
09:38:35.0424 3020  vds - ok
09:38:35.0456 3020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:38:35.0487 3020  vga - ok
09:38:35.0487 3020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
09:38:35.0549 3020  VgaSave - ok
09:38:35.0580 3020  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:38:35.0596 3020  vhdmp - ok
09:38:35.0643 3020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
09:38:35.0658 3020  viaide - ok
09:38:35.0674 3020  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
09:38:35.0705 3020  vmbus - ok
09:38:35.0721 3020  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
09:38:35.0736 3020  VMBusHID - ok
09:38:35.0768 3020  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:38:35.0783 3020  volmgr - ok
09:38:35.0830 3020  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:38:35.0861 3020  volmgrx - ok
09:38:35.0877 3020  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:38:35.0908 3020  volsnap - ok
09:38:35.0924 3020  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\windows\system32\DRIVERS\vpchbus.sys
09:38:35.0955 3020  vpcbus - ok
09:38:35.0986 3020  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\windows\system32\DRIVERS\vpcnfltr.sys
09:38:36.0017 3020  vpcnfltr - ok
09:38:36.0048 3020  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\windows\system32\DRIVERS\vpcusb.sys
09:38:36.0095 3020  vpcusb - ok
09:38:36.0126 3020  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\windows\system32\drivers\vpcvmm.sys
09:38:36.0158 3020  vpcvmm - ok
09:38:36.0189 3020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
09:38:36.0204 3020  vsmraid - ok
09:38:36.0251 3020  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
09:38:36.0314 3020  VSS - ok
09:38:36.0345 3020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:38:36.0376 3020  vwifibus - ok
09:38:36.0392 3020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:38:36.0423 3020  vwififlt - ok
09:38:36.0438 3020  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:38:36.0485 3020  vwifimp - ok
09:38:36.0516 3020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
09:38:36.0563 3020  W32Time - ok
09:38:36.0594 3020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
09:38:36.0626 3020  WacomPen - ok
09:38:36.0657 3020  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:38:36.0704 3020  WANARP - ok
09:38:36.0719 3020  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:38:36.0766 3020  Wanarpv6 - ok
09:38:36.0813 3020  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:38:36.0860 3020  WatAdminSvc - ok
09:38:36.0906 3020  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
09:38:36.0953 3020  wbengine - ok
09:38:36.0984 3020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:38:37.0047 3020  WbioSrvc - ok
09:38:37.0078 3020  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:38:37.0156 3020  wcncsvc - ok
09:38:37.0172 3020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:38:37.0203 3020  WcsPlugInService - ok
09:38:37.0218 3020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
09:38:37.0234 3020  Wd - ok
09:38:37.0281 3020  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:38:37.0312 3020  Wdf01000 - ok
09:38:37.0328 3020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:38:37.0468 3020  WdiServiceHost - ok
09:38:37.0468 3020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:38:37.0484 3020  WdiSystemHost - ok
09:38:37.0515 3020  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
09:38:37.0608 3020  WebClient - ok
09:38:37.0624 3020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:38:37.0655 3020  Wecsvc - ok
09:38:37.0671 3020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:38:37.0702 3020  wercplsupport - ok
09:38:37.0733 3020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
09:38:37.0764 3020  WerSvc - ok
09:38:37.0796 3020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:38:37.0827 3020  WfpLwf - ok
09:38:37.0842 3020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:38:37.0858 3020  WIMMount - ok
09:38:37.0874 3020  WinDefend - ok
09:38:37.0889 3020  WinHttpAutoProxySvc - ok
09:38:37.0936 3020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:38:37.0998 3020  Winmgmt - ok
09:38:38.0076 3020  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
09:38:38.0139 3020  WinRM - ok
09:38:38.0186 3020  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
09:38:38.0201 3020  WinUSB - ok
09:38:38.0248 3020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
09:38:38.0279 3020  Wlansvc - ok
09:38:38.0388 3020  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:38:38.0498 3020  wlidsvc - ok
09:38:38.0529 3020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
09:38:38.0576 3020  WmiAcpi - ok
09:38:38.0607 3020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:38:38.0685 3020  wmiApSrv - ok
09:38:38.0716 3020  WMPNetworkSvc - ok
09:38:38.0732 3020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:38:38.0778 3020  WPCSvc - ok
09:38:38.0810 3020  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:38:38.0841 3020  WPDBusEnum - ok
09:38:38.0856 3020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:38:38.0903 3020  ws2ifsl - ok
09:38:38.0919 3020  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
09:38:38.0981 3020  wscsvc - ok
09:38:39.0012 3020  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
09:38:39.0059 3020  WSDPrintDevice - ok
09:38:39.0059 3020  WSearch - ok
09:38:39.0137 3020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
09:38:39.0200 3020  wuauserv - ok
09:38:39.0215 3020  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:38:39.0246 3020  WudfPf - ok
09:38:39.0278 3020  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
09:38:39.0309 3020  WUDFRd - ok
09:38:39.0340 3020  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:38:39.0402 3020  wudfsvc - ok
09:38:39.0434 3020  [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc         C:\windows\System32\wwansvc.dll
09:38:39.0527 3020  WwanSvc - ok
09:38:39.0543 3020  ================ Scan global ===============================
09:38:39.0558 3020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:38:39.0590 3020  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
09:38:39.0605 3020  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
09:38:39.0621 3020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:38:39.0668 3020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:38:39.0683 3020  [Global] - ok
09:38:39.0683 3020  ================ Scan MBR ==================================
09:38:39.0683 3020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:38:39.0948 3020  \Device\Harddisk0\DR0 - ok
09:38:39.0948 3020  ================ Scan VBR ==================================
09:38:39.0964 3020  [ 66EE4E7D21F0964F648988A405B09CB1 ] \Device\Harddisk0\DR0\Partition1
09:38:39.0964 3020  \Device\Harddisk0\DR0\Partition1 - ok
09:38:39.0995 3020  [ E405FC9CDEC55989547866CF0E041AB9 ] \Device\Harddisk0\DR0\Partition2
09:38:39.0995 3020  \Device\Harddisk0\DR0\Partition2 - ok
09:38:40.0026 3020  [ 315220B217A743744F3FB650792CC28A ] \Device\Harddisk0\DR0\Partition3
09:38:40.0026 3020  \Device\Harddisk0\DR0\Partition3 - ok
09:38:40.0042 3020  [ F335CEE4B942CE048406D3058318D7C8 ] \Device\Harddisk0\DR0\Partition4
09:38:40.0042 3020  \Device\Harddisk0\DR0\Partition4 - ok
09:38:40.0042 3020  ============================================================
09:38:40.0042 3020  Scan finished
09:38:40.0042 3020  ============================================================
09:38:40.0073 9512  Detected object count: 4
09:38:40.0073 9512  Actual detected object count: 4
09:39:49.0025 9512  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:49.0025 9512  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:39:49.0025 9512  McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:49.0025 9512  McAfee Endpoint Encryption Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:39:49.0025 9512  SelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:49.0025 9512  SelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:39:49.0041 9512  SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:49.0041 9512  SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
09:41:02.0642 2612  Deinitialize success
         

Alt 11.02.2013, 10:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2013, 11:26   #10
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Und nun hier der logfile von ComboFix

Code:
ATTFilter
ComboFix 13-02-07.02 - Sigrid 11.02.2013  10:50:25.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.43.1031.18.4030.1885 [GMT 1:00]
ausgeführt von:: c:\users\Sigrid\Desktop\ComboFix.exe
AV: A1 Internetschutz *Disabled/Updated* {54915AF1-3B92-EB1D-9EAD-22745B2972A6}
SP: A1 Internetschutz *Disabled/Updated* {EFF0BB15-1DA8-E493-A41D-190620AE381B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\users\Sigrid\AppData\Roaming\JomCap.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-11 bis 2013-02-11  ))))))))))))))))))))))))))))))
.
.
2013-02-08 14:49 . 2013-01-18 11:15	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{85601DB8-06C1-47EF-992A-807795074DA4}\mpengine.dll
2013-02-06 14:58 . 2013-02-06 14:58	--------	d-----w-	c:\users\Herzogs\AppData\Roaming\Malwarebytes
2013-02-05 21:42 . 2013-02-05 21:42	--------	d-----w-	c:\program files\iPod
2013-02-05 21:42 . 2013-02-05 21:43	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-05 21:42 . 2013-02-05 21:42	--------	d-----w-	c:\program files\iTunes
2013-02-05 21:42 . 2013-02-05 21:42	--------	d-----w-	c:\program files (x86)\iTunes
2013-02-05 11:10 . 2013-02-05 11:10	--------	d-----w-	c:\users\Sigrid\AppData\Roaming\Malwarebytes
2013-02-05 11:10 . 2013-02-05 11:10	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-05 11:10 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-05 11:10 . 2013-02-05 11:10	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-05 10:46 . 2013-01-17 00:28	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-02-05 08:43 . 2013-02-05 08:43	--------	d-----w-	c:\program files\CCleaner
2013-02-05 08:17 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-05 08:13 . 2013-02-05 08:13	--------	d-----w-	c:\users\Default\AppData\Roaming\Apple Computer
2013-02-05 08:13 . 2013-02-05 08:13	--------	d-----w-	c:\users\Default\AppData\Local\Apple Computer
2013-02-05 08:07 . 2013-02-05 08:07	--------	d-----w-	c:\program files\Bonjour
2013-02-05 08:07 . 2013-02-05 08:07	--------	d-----w-	c:\program files (x86)\Bonjour
2013-02-05 08:06 . 2013-02-05 08:06	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-02-05 08:06 . 2013-02-05 08:06	--------	d-----w-	c:\users\Default\AppData\Local\Apple
2013-02-05 07:45 . 2013-02-05 07:45	--------	d-----w-	c:\users\Sigrid\AppData\Local\Secunia PSI
2013-02-05 07:45 . 2013-02-05 07:45	--------	d-----w-	c:\program files (x86)\Secunia
2013-02-04 23:12 . 2013-02-04 23:12	--------	d-----w-	c:\users\Sigrid\AppData\Roaming\QuickScan
2013-02-04 22:28 . 2013-02-04 22:28	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-31 18:23 . 2013-01-31 18:23	--------	d-----r-	c:\users\Herzogs\AppData\Roaming\Brother
2013-01-29 21:23 . 2013-01-29 21:23	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-29 12:37 . 2013-02-08 15:31	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-29 11:06 . 2013-01-29 11:11	--------	d--h--w-	c:\windows\msdownld.tmp
2013-01-28 20:10 . 2013-01-28 20:10	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-01-15 05:04 . 2013-01-04 15:53	9060864	----a-w-	c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 15:31 . 2011-09-18 20:07	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-04 22:27 . 2012-08-04 21:18	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-04 22:27 . 2011-09-17 20:07	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-09 06:13 . 2011-10-21 16:38	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 05:14	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 05:14	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:14	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:14	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 05:51	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 05:51	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 05:51	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 05:51	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 05:51	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 05:51	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 05:51	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 05:51	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 05:51	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 05:51	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 05:51	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 05:51	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 05:51	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 05:51	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 05:51	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 05:51	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 05:51	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 05:51	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 05:51	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 05:51	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 05:51	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 05:51	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 05:51	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 05:51	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 05:51	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 05:51	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 05:51	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 05:51	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 05:51	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 05:51	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 05:51	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 05:51	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 05:51	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 05:51	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 05:51	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 05:51	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 05:51	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 05:51	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 05:51	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 05:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 05:51	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 05:51	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 05:51	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"HP Photosmart 5510 series (NET) F94F7668AC79227E37B23B9D4DB5F43E5B5DBABE81F65562A54DDE47"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-28 336384]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IKARUS-GuardX"="c:\program files (x86)\A1 Internetschutz\bin\guardxkickoff_x64.exe" [2011-11-07 5016824]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-27 169528]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09	75360	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GuardX]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntguard.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
R2 SelfUpdateService;Self Update Service;c:\program files (x86)\Freetec\SystemStore\SelfUpdate.exe  -displayname Self Update Service -servicename SelfUpdateService [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-09-05 476728]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-12-21 127488]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-12-21 18944]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-12-21 161280]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-12-21 129024]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 NTGUARD;NTGUARD;c:\program files (x86)\A1 Internetschutz\bin\ntguard_x64.sys [2011-11-07 36816]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-11-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-28 203264]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 GuardX;GuardX;c:\program files (x86)\A1 Internetschutz\bin\guardxservice.exe [2011-11-07 1531280]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2012-06-20 523680]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-04-05 1323008]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-02-15 2602576]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 406632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 15:31]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1001Core.job
- c:\users\Sigrid\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30 16:57]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1001UA.job
- c:\users\Sigrid\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-30 16:57]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1002Core.job
- c:\users\Herzogs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 04:59]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1002UA.job
- c:\users\Herzogs\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 04:59]
.
2013-02-10 c:\windows\Tasks\HPCeeScheduleForHerzogs.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-01-29 c:\windows\Tasks\HPCeeScheduleForSIGRID-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-03 c:\windows\Tasks\HPCeeScheduleForSigrid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-04-05 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-14 1424896]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-07-15 14904]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{9d81af43-de53-48d0-a199-42c2a226b24c} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
Wow6432Node-HKCU-Run-OM_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKLM-Run-File Sanitizer - c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
Wow6432Node-HKLM-Run-DTRun - c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-11  11:14:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-11 10:14
.
Vor Suchlauf: 10 Verzeichnis(se), 389.732.327.424 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 389.429.219.328 Bytes frei
.
- - End Of File - - CD4B2346794DC5AA3877B941EDC06747
         

Alt 11.02.2013, 12:15   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2013, 12:48   #12
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



adwcleaner logfile

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 11/02/2013 um 12:19:41 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Sigrid - SIGRID-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sigrid\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\nawjmtdv.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Herzogs\AppData\Roaming\Mozilla\Firefox\Profiles\rs53m760.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Herzogs\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8650 octets] - [05/02/2013 10:45:35]
AdwCleaner[R2].txt - [8769 octets] - [05/02/2013 10:49:42]
AdwCleaner[R3].txt - [1849 octets] - [05/02/2013 11:24:38]
AdwCleaner[S1].txt - [343 octets] - [05/02/2013 10:48:05]
AdwCleaner[S2].txt - [8509 octets] - [05/02/2013 10:51:58]
AdwCleaner[S3].txt - [1911 octets] - [05/02/2013 11:25:36]
AdwCleaner[S4].txt - [1506 octets] - [11/02/2013 12:19:41]

########## EOF - C:\AdwCleaner[S4].txt - [1566 octets] ##########
         
und die zwei otl-logfiles

Code:
ATTFilter
OTL logfile created on: 11.02.2013 12:25:40 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sigrid\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,37% Memory free
7,87 Gb Paging File | 5,34 Gb Available in Paging File | 67,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442,57 Gb Total Space | 362,49 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Drive E: | 17,90 Gb Total Space | 2,72 Gb Free Space | 15,19% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,12 Gb Free Space | 42,60% Space Free | Partition Type: FAT32
 
Computer Name: SIGRID-HP | User Name: Sigrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sigrid\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
PRC - C:\Program Files (x86)\A1 Internetschutz\bin\guardxservice.exe (IKARUS Security Software GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SystemStoreService) -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SelfUpdateService) -- C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (GuardX) -- C:\Program Files (x86)\A1 Internetschutz\bin\guardxservice.exe (IKARUS Security Software GmbH)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (uArcCapture) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MfeEpeOpal) -- C:\windows\SysNative\drivers\MfeEpeOpal.sys (McAfee, Inc.)
DRV:64bit: - (MfeEpePc) -- C:\windows\SysNative\drivers\MfeEpePc.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Company)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (ssceserd) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation)
DRV:64bit: - (sscebus) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NTGUARD) -- C:\Program Files (x86)\A1 Internetschutz\bin\ntguard_x64.sys (IKARUS Security Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cdrbsdrv) -- C:\windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/4
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\..\SearchScopes\{CFC3649F-BDE7-4CBE-BCE3-D8D98D1ACD5A}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9432544508284016&q={searchTerms}
IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.arccosine.com/"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.4.0.0
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://internetschutz.aon.at/webschutz/webschutz.pac"
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..browser.search.selectedEngine: "Arccosine"
FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sigrid\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sigrid\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.11.14 16:31:01 | 000,000,000 | ---D | M]
 
[2011.09.17 21:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigrid\AppData\Roaming\mozilla\Extensions
[2013.02.05 10:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sigrid\AppData\Roaming\mozilla\Firefox\Profiles\nawjmtdv.default\extensions
[2012.01.07 16:47:04 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Sigrid\AppData\Roaming\mozilla\firefox\profiles\nawjmtdv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\SIGRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAWJMTDV.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.at/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.at/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sigrid\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Herzogs\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herzogs\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herzogs\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Herzogs\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Herzogs\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
 
O1 HOSTS File: ([2013.02.11 11:09:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IKARUS-GuardX] C:\Program Files (x86)\A1 Internetschutz\bin\guardxkickoff_x64.exe (IKARUS Security Software GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4157386011-1825002390-482303840-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4157386011-1825002390-482303840-1001..\Run: [HP Photosmart 5510 series (NET) #2] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\Herzogs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\..Trusted Domains: blank ([]about in Local intranet)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA3EEED6-564C-4DE2-B334-BB7734ECD7E8}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD162DB0-0FFC-446F-B7C1-8113F88E6B73}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.11 11:14:14 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.02.11 11:09:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.11 10:47:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.02.11 10:47:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.02.11 10:47:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.02.11 10:47:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.11 10:46:52 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.02.11 10:20:24 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\Sigrid\Desktop\ComboFix.exe
[2013.02.11 09:29:28 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sigrid\Desktop\tdsskiller.exe
[2013.02.08 16:27:01 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sigrid\Desktop\aswMBR.exe
[2013.02.07 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\Desktop\mbar-1.01.0.1017
[2013.02.06 17:12:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sigrid\Desktop\OTL (1).exe
[2013.02.05 22:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.05 22:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.05 22:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.05 22:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.02.05 22:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.05 22:38:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.05 12:10:07 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Roaming\Malwarebytes
[2013.02.05 12:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 12:10:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.02.05 12:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.05 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.05 09:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.05 09:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.05 09:17:03 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013.02.05 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.02.05 09:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.02.05 09:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.02.05 08:45:22 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Local\Secunia PSI
[2013.02.05 08:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.02.05 00:12:19 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Roaming\QuickScan
[2013.02.04 23:28:25 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.02.04 23:28:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.02.04 23:28:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.02.04 23:28:10 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.29 22:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.29 13:37:59 | 000,697,712 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.01.28 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.01.28 21:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.11 12:30:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.11 12:29:50 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.11 12:29:50 | 000,698,764 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.11 12:29:50 | 000,652,706 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.11 12:29:50 | 000,148,788 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.11 12:29:50 | 000,121,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.11 12:29:41 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 12:29:41 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.11 12:23:18 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.02.11 12:21:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.02.11 12:21:13 | 4226,138,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.11 12:18:01 | 000,587,659 | ---- | M] () -- C:\Users\Sigrid\Desktop\adwcleaner.exe
[2013.02.11 12:03:00 | 000,001,128 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1002UA.job
[2013.02.11 12:02:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1001UA.job
[2013.02.11 11:09:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.02.11 10:20:55 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\Sigrid\Desktop\ComboFix.exe
[2013.02.11 09:29:39 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sigrid\Desktop\tdsskiller.exe
[2013.02.11 09:26:51 | 000,048,216 | ---- | M] () -- C:\Users\Sigrid\Desktop\unseren_augen_verborgen.pdf
[2013.02.11 08:30:51 | 000,000,432 | ---- | M] () -- C:\windows\BRWMARK.INI
[2013.02.10 18:52:27 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1001Core.job
[2013.02.10 16:37:02 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForHerzogs.job
[2013.02.10 16:03:01 | 000,001,076 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4157386011-1825002390-482303840-1002Core.job
[2013.02.08 23:09:08 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2013.02.08 21:14:39 | 000,007,597 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\resmon.resmoncfg
[2013.02.08 20:20:26 | 000,000,512 | ---- | M] () -- C:\Users\Sigrid\Desktop\MBR.dat
[2013.02.08 16:31:06 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.02.08 16:31:06 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.08 16:28:21 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sigrid\Desktop\aswMBR.exe
[2013.02.08 16:22:42 | 000,365,568 | ---- | M] () -- C:\Users\Sigrid\Desktop\gmer_2.0.18454.exe
[2013.02.07 17:56:28 | 013,562,257 | ---- | M] () -- C:\Users\Sigrid\Desktop\mbar-1.01.0.1017.zip
[2013.02.06 17:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Desktop\OTL (1).exe
[2013.02.06 17:12:22 | 000,000,000 | ---- | M] () -- C:\Users\Sigrid\defogger_reenable
[2013.02.05 22:43:11 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.05 15:04:20 | 000,050,477 | ---- | M] () -- C:\Users\Sigrid\Desktop\Defogger.exe
[2013.02.05 12:10:02 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 09:43:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.05 09:08:57 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.05 08:45:09 | 000,001,066 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.04 23:28:00 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 23:27:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013.02.04 23:27:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013.02.04 23:27:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013.02.04 23:27:53 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013.02.04 23:27:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013.02.03 10:44:06 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSigrid.job
[2013.02.01 17:14:10 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 4530s_Y5336AN_0U_QCNU1353DZQ_E636603-A42_4A_I167C_SHP_V22.1A_B68SRR F.09_T110513_W748-1_L407_M4031_J500_7Intel_86A7_92.30_#110503_N10EC8168;168C002B_(LH297EA#ABD)_XMOBILE_CN10_Z_2A0001D02.MRK
[2013.02.01 17:14:10 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 4530s_Y5336AN_0U_QCNU1353DZQ_E636603-A42_4A_I167C_SHP_V22.1A_B68SRR F.09_T110513_W748-1_L407_M4031_J500_7Intel_86A7_92.30_#110503_N10EC8168;168C002B_(LH297EA#ABD)_XMOBILE_CN10_Z_2A0001D02.MRK
[2013.01.31 20:06:14 | 000,002,331 | ---- | M] () -- C:\Users\Sigrid\Desktop\Google Chrome.lnk
[2013.01.29 17:08:04 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForSIGRID-HP$.job
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.11 12:17:52 | 000,587,659 | ---- | C] () -- C:\Users\Sigrid\Desktop\adwcleaner.exe
[2013.02.11 10:47:23 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.02.11 10:47:23 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.02.11 10:47:23 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.02.11 10:47:23 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.02.11 10:47:23 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.02.11 09:26:49 | 000,048,216 | ---- | C] () -- C:\Users\Sigrid\Desktop\unseren_augen_verborgen.pdf
[2013.02.08 20:20:26 | 000,000,512 | ---- | C] () -- C:\Users\Sigrid\Desktop\MBR.dat
[2013.02.08 16:22:36 | 000,365,568 | ---- | C] () -- C:\Users\Sigrid\Desktop\gmer_2.0.18454.exe
[2013.02.07 17:55:33 | 013,562,257 | ---- | C] () -- C:\Users\Sigrid\Desktop\mbar-1.01.0.1017.zip
[2013.02.06 17:12:22 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\defogger_reenable
[2013.02.05 22:43:11 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.05 15:04:17 | 000,050,477 | ---- | C] () -- C:\Users\Sigrid\Desktop\Defogger.exe
[2013.02.05 12:10:02 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 09:43:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.05 09:08:57 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.05 08:45:09 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.02.05 08:45:09 | 000,001,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.29 13:38:02 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.03.09 14:35:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2012.02.24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2012.02.22 01:24:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011.11.10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011.11.10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011.11.10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011.11.04 06:50:24 | 000,000,419 | ---- | C] () -- C:\windows\ODBC.INI
[2011.11.04 06:50:24 | 000,000,210 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011.10.21 21:37:43 | 000,007,597 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\resmon.resmoncfg
[2011.10.12 14:47:54 | 000,012,288 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.27 19:20:59 | 000,554,496 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll
[2011.09.27 16:28:49 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.09.27 16:28:49 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011.09.05 08:57:34 | 000,366,136 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011.09.04 14:04:01 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfdbga.sys
[2011.09.04 13:52:36 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.09.04 13:49:48 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.09.04 13:48:47 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011.09.04 13:48:47 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011.08.30 10:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011.08.30 10:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2011.08.30 10:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2011.08.24 14:55:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011.08.24 14:30:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011.05.30 20:58:34 | 000,185,168 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011.05.30 20:58:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011.05.03 19:44:05 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfccea.sys
[2011.05.03 19:19:46 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdfccdc.sys
[2011.05.03 18:49:07 | 001,594,122 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.03.28 20:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.03.17 18:05:12 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.02.25 23:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011.02.21 09:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 11.02.2013 12:25:40 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sigrid\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,37% Memory free
7,87 Gb Paging File | 5,34 Gb Available in Paging File | 67,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442,57 Gb Total Space | 362,49 Gb Free Space | 81,91% Space Free | Partition Type: NTFS
Drive E: | 17,90 Gb Total Space | 2,72 Gb Free Space | 15,19% Space Free | Partition Type: NTFS
Drive F: | 4,98 Gb Total Space | 2,12 Gb Free Space | 42,60% Space Free | Partition Type: FAT32
 
Computer Name: SIGRID-HP | User Name: Sigrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19850CB9-D072-468F-9F19-7A51CAC6CA8A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3E162A04-A4CB-4DD9-B1FA-21CB20557A6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{92D21149-C10A-48CF-A1AA-4271503E5AFB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A4522E36-05CF-4099-B431-21A021329DDD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBF3722-E668-452C-9C25-D43FB1ADACE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{13C5E228-2EE3-4F21-BEAE-B06A0CE11F12}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{20EA26EF-1884-46B7-9481-39CF6B7A9A97}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 webassistent\a1breitband.exe | 
"{297B61F5-3E51-40D9-99B2-CDAA649F9FF1}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{378F5AE0-29BE-4FB1-A025-622573ED7744}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3F0AC9E2-C588-4500-9294-EEE86A35ADF3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{48ED2D7E-DD5A-4D88-A03B-A11A4CE877B5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5171C3C2-172A-4F2F-A788-06A321D31B56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{57E8F132-15BD-431A-9BAA-1146B838C928}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{59CD49BA-0989-4048-B260-51604FA0593D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5D4D9A57-BD4C-44E4-BEF4-AA031320437D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6BF5ED7F-5CA3-467E-BBC5-F5F2E6788874}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{8D16E8B9-D64E-4A14-BA02-8B46A966D1E8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8ED94668-C5DE-4616-8750-B98B4A2A6B58}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{95A344D3-1429-470D-B4CA-229884D51356}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9EFD2F86-2FFC-4C49-A085-60D3171A2140}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 webassistent\a1breitband.exe | 
"{A4FFD0DA-718E-4E5C-8B2A-C5FA5F6FCE95}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{AF338039-A379-4990-B285-CA1D7A670766}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CC0A0ABE-5B68-4A8A-85CF-8C8F46D846CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D4A8C3C8-98E0-42E1-AACD-C7E83F189836}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{E959D829-80FE-48EF-BD51-4B3A90BC0B05}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{F124DF39-7C8D-4009-8140-CD46127956C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F188D9B5-C7AE-45DE-B9DD-995DC0669C0D}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"TCP Query User{91BEFA86-87DF-4B4A-9F2F-50E90DC1C36C}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{E56F9F8C-9300-480C-A150-D192D4C366F2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F1045235-4AF1-4D85-A27C-722DBFDC5B7B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{3B46DABF-7FA5-4177-9B85-BF612FEE239C}C:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{640A4423-226C-4E09-8FBF-51D23A623DB3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CC10F49D-45F9-4749-99AC-51C58A30B99B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{555ECC75-AB3B-6434-8900-2BBA4F91F107}" = ccc-utility64
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63E42DE7-C468-31B0-E373-173C67C87B88}" = ATI Catalyst Install Manager
"{65C1BEAD-B50B-498C-BB6B-CDE4F30584B1}" = HP 3D DriveGuard
"{697E5298-CF76-43A3-AC9D-6AE2FA0F2B43}" = Validity Fingerprint Sensor Driver
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A25B75A1-D9B5-43FC-86F7-6E85DC5AB37E}" = Studie zur Verbesserung von HP Photosmart 5510 series Produkten
"{AB6268C0-EDA4-46C3-8A1C-11D86A5A8E93}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}" = Privacy Manager for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B617B439-87A2-4109-94A6-BD768B259F83}" = HP ProtectTools Security Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D9355D03-2C06-401B-8A16-F6500379AE21}" = HP Power Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB06FBC7-3CE3-50D9-1803-CC28E5ADF780}" = WMV9/VC-1 Video Playback
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"CCleaner" = CCleaner
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08F10409-00BB-8843-4813-37FDDD972CB1}" = CCC Help Chinese Standard
"{08FB6F00-7D8D-5474-B70D-607638405BEB}" = CCC Help Korean
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{12379137-5A34-8311-A00C-4571E468F507}" = CCC Help Polish
"{1392513C-F92A-2893-E263-071E943CB4B8}" = Catalyst Control Center InstallProxy
"{1529490E-DC67-A7DA-E7FE-789B929E67F0}" = CCC Help Norwegian
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2E07A6AE-C2EC-05DB-8344-B562E5D9E341}" = CCC Help Swedish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E918CE9-BDA6-282D-0E19-E11DF8004ABE}" = CCC Help Thai
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4441B01C-0AF2-6EE7-CDB3-AD0DB41E7147}" = CCC Help Hungarian
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{668643A5-48DD-B0E9-62E1-1FDA18D54F66}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69EA3784-E961-76A2-6C11-7B83AA50E56A}" = CCC Help Czech
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9C9BE1-14A3-42ED-A388-42E30A1412E9}" = HP Documentation
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}" = HP QuickWeb
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71543470-E3F8-6A06-08C8-783CD286D2BA}" = CCC Help German
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{76BAC71B-00A7-BBFA-5DAE-EEB0DF9F4098}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6B4340-7090-418F-8976-EE9650B35550}" = HP Connection Manager
"{7CF1347C-61F6-C495-127C-912FD6CB432D}" = CCC Help Japanese
"{801EAD7A-7202-4BE4-84A1-299202AD17C0}" = HP ESU for Microsoft Windows 7
"{80C45B94-2BA0-8E23-95A7-8A9FCD836EFD}" = PX Profile Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BE1D9F-FC67-E84E-F73A-BC7125E3B717}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.2.0.10
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A1EFCBD2-B171-E24D-FAD2-4E711A312DEF}" = CCC Help Danish
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB9F8790-4ECB-1BFA-1B80-21DCD40664C3}" = CCC Help Greek
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AE6BF609-EF6A-8764-85EE-6CC65602D88E}" = CCC Help Chinese Traditional
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B26B64E8-DB83-7904-2DF9-F92A7ABC14D9}" = Catalyst Control Center Localization All
"{B3E31950-C92F-BCD9-963D-A520887A262A}" = CCC Help Turkish
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE211EBE-AC92-515C-D122-A9DD0BC9FFA9}" = Catalyst Control Center
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6CD49BC-E6A5-F247-0489-F3188F300A8E}" = Catalyst Control Center Profiles Mobile
"{C7C60D93-E5B7-82D7-44A4-E3EE404B56A3}" = CCC Help Dutch
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBD548E9-E421-7B51-5732-2F63B37589E2}" = CCC Help French
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D2A2E5CD-801A-4B8D-8119-F79449A09B67}" = HP System Default Settings
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7922D23-642E-0649-A3C9-38F9E0FA263E}" = CCC Help Russian
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{DF63FA79-75AE-45D6-715E-81E92F134702}" = CCC Help Italian
"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Hilfe
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2531547-0789-690E-9F12-3EDBDBC64DA8}" = CCC Help Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F07E6C5F-6AE1-72B3-8659-08E2ABB86DF8}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonInternetschutz.3" = A1 Internetschutz 2.0.69
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ImgBurn" = ImgBurn
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VIP Access SDK" = VIP Access SDK (1.0.1.5) 
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4157386011-1825002390-482303840-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2013 02:50:04 | Computer Name = Sigrid-HP | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 11.02.2013 02:50:14 | Computer Name = Sigrid-HP | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 11.02.2013 02:50:14 | Computer Name = Sigrid-HP | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 11.02.2013 02:50:14 | Computer Name = Sigrid-HP | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 11.02.2013 02:50:14 | Computer Name = Sigrid-HP | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 11.02.2013 02:51:00 | Computer Name = Sigrid-HP | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x80070015.
 
Error - 11.02.2013 04:41:36 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.02.2013 05:58:49 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.02.2013 05:58:49 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 11.02.2013 07:19:46 | Computer Name = Sigrid-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
[ Hewlett-Packard Events ]
Error - 22.06.2012 09:09:55 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 22.06.2012 09:14:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:16:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:24:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:30:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 22.06.2012 09:36:04 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147467261HPSF.exe   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Message: Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

   bei HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()    
 bei HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: HP.SupportFramework.Communicator

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4030  Ram Utilization: 60  TargetSite: Void closeConnection()

 
Error - 23.06.2012 14:57:06 | Computer Name = Sigrid-HP | Source = HPSFMsgr.exe | ID = 2000
Description = 
 
Error - 29.06.2012 04:42:40 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 29.06.2012 04:51:24 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 26.08.2012 10:23:50 | Computer Name = Sigrid-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Connection Manager Events ]
Error - 10.02.2013 08:05:53 | Computer Name = Sigrid-HP | Source = hpMobile | ID = 5
Description = 2013.02.10 13:05:53.223|00000500|Error      |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|
 
Error - 10.02.2013 08:12:47 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/10 13:12:47.080|00001A9C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10.02.2013 13:52:11 | Computer Name = Sigrid-HP | Source = hpMobile | ID = 5
Description = 2013.02.10 18:52:11.755|00000EF8|Error      |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|Fehler
 beim Laden des Anbieters 
 
Error - 10.02.2013 13:52:11 | Computer Name = Sigrid-HP | Source = hpMobile | ID = 5
Description = 2013.02.10 18:52:11.755|00001F78|Error      |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|
 
Error - 10.02.2013 19:02:18 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/11 00:02:18.194|000016C0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 10.02.2013 19:02:26 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/11 00:02:26.072|000016C0|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 11.02.2013 04:41:45 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/11 09:41:45.290|00000E04|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 11.02.2013 05:58:56 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/11 10:58:56.259|00001780|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 11.02.2013 07:20:18 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/11 12:20:18.796|0000198C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 11.02.2013 07:20:37 | Computer Name = Sigrid-HP | Source = hpCMSrv | ID = 5
Description = 2013/02/11 12:20:37.703|0000198C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Power Assistant Events ]
Error - 24.11.2012 08:43:30 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 16.12.2012 06:22:27 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 102UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 22.12.2012 03:39:01 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Fensterthread der Systemereignisse konnte nicht erstellt werden.
 
Error - 22.12.2012 15:18:31 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 27.12.2012 12:39:49 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 102UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 28.12.2012 17:03:47 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 28.12.2012 17:03:47 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 04.01.2013 15:18:12 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 11.01.2013 15:00:33 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
Error - 11.01.2013 15:00:34 | Computer Name = Sigrid-HP | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 101UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
[ HP Software Framework Events ]
Error - 23.12.2012 18:25:46 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.23 23:25:46.332|00001900|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 24.12.2012 09:53:36 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.24 14:53:36.304|00000304|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 24.12.2012 09:53:36 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.24 14:53:36.492|00000304|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
Error - 26.12.2012 08:12:09 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.26 13:12:09.701|00001B4C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 26.12.2012 08:12:09 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.26 13:12:09.795|00001B4C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
Error - 25.01.2013 20:35:49 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.01.26 01:35:49.392|000016D0|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 25.01.2013 20:35:49 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.01.26 01:35:49.626|000016D0|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
Error - 29.01.2013 08:55:32 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.01.29 13:55:32.363|00000A9C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 11.02.2013 04:41:54 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.02.11 09:41:53.916|00000E2C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf 
eine Objektinstanz festgelegt.
 
Error - 11.02.2013 04:41:54 | Computer Name = Sigrid-HP | Source = CaslSmBios | ID = 5
Description = 2013.02.11 09:41:54.166|00000E2C|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Der Objektverweis wurde
 nicht auf eine Objektinstanz festgelegt.
 
[ OSession Events ]
Error - 13.10.2011 03:59:50 | Computer Name = Sigrid-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 335
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.02.2013 06:01:04 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11.02.2013 06:04:53 | Computer Name = Sigrid-HP | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
Error - 11.02.2013 06:18:55 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 11.02.2013 06:19:27 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11.02.2013 06:19:32 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11.02.2013 06:21:21 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 11.02.2013 07:20:33 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 11.02.2013 07:21:10 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11.02.2013 07:21:15 | Computer Name = Sigrid-HP | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11.02.2013 07:23:33 | Computer Name = Sigrid-HP | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Alt 11.02.2013, 13:48   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\..\SearchScopes\{CFC3649F-BDE7-4CBE-BCE3-D8D98D1ACD5A}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9432544508284016&q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "Arccosine"
FF - prefs.js..keyword.URL: "http://www.arccosine.com/search.php?q="
FF - user.js - File not found
:Files
C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2013, 14:06   #14
sima
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



so, nun hier der otl-file

Code:
ATTFilter
All processes killed
Error: Unable to interpret <:OTL IE - HKU\S-1-5-21-4157386011-1825002390-482303840-1001\..\SearchScopes\{CFC3649F-BDE7-4CBE-BCE3-D8D98D1ACD5A}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9432544508284016&q={searchTerms} FF - prefs.js..browser.search.selectedEngine: "Arccosine" FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q=" FF - user.js - File not found :Files C:\PROGRAM FILES (X86)\SEARCH RESULTS TOOLBAR ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 02112013_140032

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 11.02.2013, 14:30   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Standard

GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden



Fixlog ist unvollständig...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden
7-zip, autorun, bho, bonjour, clipgrab, eigenartig, error, excel, failed, fehler, firefox, flash player, format, google, helper, hängen, hängt, igdpmd64.sys, install.exe, installation, intranet, office 2007, olympus, popup, realtek, registry, rundll, search results toolbar, secunia psi, security, software, systemereignisse, updates, virus, wlan



Ähnliche Themen: GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden


  1. Computer hängt dauernd
    Log-Analyse und Auswertung - 21.09.2014 (9)
  2. PUP.AdBundle - und nun?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (5)
  3. PC sehr langsam und hängt sich dauernd auf - evtl. seit Facebooknutzung?
    Log-Analyse und Auswertung - 15.08.2013 (19)
  4. PC hängt sich dauernd auf nach drop.gen (trojan)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (9)
  5. Firefox hängt sich dauernd auf
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (5)
  6. PUP.OfferBundler.ST in C:\Users\...\Downloads\SoftonicDownloader_fuer_teachmaster.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (2)
  7. MyStartIncrediBar auf GoogleChrome
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (1)
  8. PUP.Adbundle PUP.BundleInstaller.VG PUP.InstallBrain mit MalwareBytes gefunden, was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  9. Pup.offerbundler.st und pup.bundlerinstaller.bi mit Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (9)
  10. PUP.OfferBundler.ST gefunden, was nun?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (5)
  11. PC hängt sich dauernd auf - Virus?
    Log-Analyse und Auswertung - 29.12.2010 (1)
  12. Googlechrome macht was es will..
    Log-Analyse und Auswertung - 16.07.2010 (25)
  13. IE hängt sich dauernd auf nach gelöschtem Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (1)
  14. PC langsam, Mozilla hängt dauernd,zeigt "keine Rückmeldung" an. hier ist mein HJT Log
    Log-Analyse und Auswertung - 31.12.2009 (10)
  15. PC hängt sich dauernd auf...Virus??
    Plagegeister aller Art und deren Bekämpfung - 17.06.2009 (0)
  16. Pc hängt dauernd
    Log-Analyse und Auswertung - 08.05.2007 (6)
  17. ie sehr langsam und pc hängt dauernd
    Log-Analyse und Auswertung - 16.10.2005 (2)

Zum Thema GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden - Hallo liebes TB-Team, habe seit kurzer Zeit Probleme mit Google Chrome. Sobald ich einen weiteren tab öffne, hängen sich alle bisher geöffneten auf. Erst eine Aktualisierung haucht ihnen wieder Leben - GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden...
Archiv
Du betrachtest: GoogleChrome hängt dauernd - PUP.AdBundle und PUP.OfferBundler gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.