Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java/Treams.JO in Quarantäne, PC wieder sicher?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.02.2013, 12:17   #1
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo zusammen,

Ich habe gestern bei einem Routinescan von Avira Internet Security 2012 in meinem Temp Ordner den Virus Java/Treams.JO entdeckt und in Quarantäne gesetzt.
Da ich nicht weiss was der macht und wo der herkommt wollte ich hier um Rat fragen wie ich mir sicher sein kann, dass mein PC nun wieder sicher benutzbar ist (wird u.A. für Banking, Einkäufe etc. verwendet, neu aufsetzen wäre aber eine mittlere Katastrophe ).

Kleine Anmerkung, Ich habe weder vor dem Avira Scan noch danach irgendeine Beeinträchtigung meines PCs durch den Virus gemerkt.

Ich habe nun schon in meinem Aktionismus ein paar Schritte gemacht, die hier im Forum unter http://www.trojaner-board.de/129212-...ereinigen.html beschrieben sind. Z.B. mbar, aswMBR, TDSS-Killer und adwCleaner. Während die ersten drei nichts besonderes gezeigt haben (deswegen kein Log im Beitrag), war adwCleaner ziemlich voll (wohl "Standardmüll", siehe gaaanz unten).

Ansonsten habe ich zu dem Virus garnix gefunden, nichtmal Avira hatte eine Beschreibung davon.

Hier die hoffentlich hilfreichen Logs:

Avira Log:
Code:
ATTFilter
Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Dienstag, 12. Februar 2013  12:04

Es wird nach 4995143 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Holger Marten
Seriennummer   : 2220724714-ISECE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Hugomatic
Computername   : HUGOMATIC-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1197    48681 Bytes  11.10.2012 15:22:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  13.11.2012 17:59:36
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  15.05.2012 19:09:17
LUKE.DLL       : 12.3.0.15      68304 Bytes  15.05.2012 19:09:18
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  12.05.2012 13:01:31
AVREG.DLL      : 12.3.0.17     232200 Bytes  12.05.2012 13:01:31
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 12:57:26
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 12:58:05
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 12:58:47
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 12:59:00
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 12:59:12
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 08:06:08
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 11:07:18
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 16:07:53
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 12:11:51
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 12:11:52
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 12:11:52
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 12:11:52
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 12:11:52
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 08:11:34
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 08:11:35
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 16:11:31
VBASE016.VDF   : 7.11.60.178     2048 Bytes  11.02.2013 16:11:32
VBASE017.VDF   : 7.11.60.179     2048 Bytes  11.02.2013 16:11:32
VBASE018.VDF   : 7.11.60.180     2048 Bytes  11.02.2013 16:11:32
VBASE019.VDF   : 7.11.60.181     2048 Bytes  11.02.2013 16:11:32
VBASE020.VDF   : 7.11.60.182     2048 Bytes  11.02.2013 16:11:32
VBASE021.VDF   : 7.11.60.183     2048 Bytes  11.02.2013 16:11:32
VBASE022.VDF   : 7.11.60.184     2048 Bytes  11.02.2013 16:11:32
VBASE023.VDF   : 7.11.60.185     2048 Bytes  11.02.2013 16:11:32
VBASE024.VDF   : 7.11.60.186     2048 Bytes  11.02.2013 16:11:32
VBASE025.VDF   : 7.11.60.187     2048 Bytes  11.02.2013 16:11:32
VBASE026.VDF   : 7.11.60.188     2048 Bytes  11.02.2013 16:11:32
VBASE027.VDF   : 7.11.60.189     2048 Bytes  11.02.2013 16:11:33
VBASE028.VDF   : 7.11.60.190     2048 Bytes  11.02.2013 16:11:33
VBASE029.VDF   : 7.11.60.191     2048 Bytes  11.02.2013 16:11:33
VBASE030.VDF   : 7.11.60.192     2048 Bytes  11.02.2013 16:11:33
VBASE031.VDF   : 7.11.60.214   102400 Bytes  12.02.2013 10:11:28
Engineversion  : 8.2.10.250
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 11:05:15
AESCRIPT.DLL   : 8.1.4.88      471417 Bytes  08.02.2013 08:11:32
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 20:07:53
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:05:21
AERDL.DLL      : 8.2.0.88      643444 Bytes  11.01.2013 14:08:02
AEPACK.DLL     : 8.3.1.2       819574 Bytes  20.12.2012 16:07:59
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 16:06:44
AEHEUR.DLL     : 8.1.4.198    5751159 Bytes  08.02.2013 08:11:32
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 15:07:17
AEGEN.DLL      : 8.1.6.16      434549 Bytes  24.01.2013 16:11:23
AEEXP.DLL      : 8.3.0.24      188787 Bytes  11.02.2013 08:11:36
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 11:05:14
AECORE.DLL     : 8.1.30.0      201079 Bytes  13.12.2012 20:07:51
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 16:06:35
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  15.05.2012 19:09:17
AVPREF.DLL     : 12.3.0.32      50720 Bytes  13.11.2012 17:59:36
AVREP.DLL      : 12.3.0.15     179208 Bytes  12.05.2012 13:01:31
AVARKT.DLL     : 12.3.0.33     209696 Bytes  13.11.2012 17:59:34
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  15.05.2012 19:09:17
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  15.05.2012 19:09:18
AVSMTP.DLL     : 12.3.0.32      63992 Bytes  01.08.2012 09:05:32
NETNT.DLL      : 12.3.0.15      17104 Bytes  15.05.2012 19:09:18
RCIMAGE.DLL    : 12.3.0.31    4819704 Bytes  01.08.2012 09:05:26
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  13.11.2012 17:59:31

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 12. Februar 2013  12:04

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_5_502_149_ActiveX.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienFXHook32Mngr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienFusionController.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'PerfTuneService.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlansrv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PBN.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlienwareAlienFXController.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1737' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp
  [0] Archivtyp: ZIP
  --> Asdf3cvR55.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pesur.BT.1
  --> fYGVBJHGHJH666.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dermit.GU.1
  --> kalibton.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Karamel.CC
  --> qDSJHFJHSDFGDSIKFJHD.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JM
  --> S2394834djskfh.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JN
  --> triton.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3
  --> XLR.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RI.3
  --> ZHJGJG7778HGYU7Y8.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO

Beginne mit der Desinfektion:
C:\Users\Hugomatic\AppData\Local\Temp\jar_cache2511743082926785305.tmp
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Treams.JO
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '564a9f93.qua' verschoben!


Ende des Suchlaufs: Dienstag, 12. Februar 2013  13:07
Benötigte Zeit: 58:09 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  28198 Verzeichnisse wurden überprüft
 726141 Dateien wurden geprüft
      8 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 726133 Dateien ohne Befall
   3760 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 563004 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugomatic :: HUGOMATIC-PC [Administrator]

Schutz: Aktiviert

13.02.2013 10:31:43
mbam-log-2013-02-13 (10-31-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380246
Laufzeit: 47 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 13.02.2013 12:09:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,54 Gb Available Physical Memory | 75,72% Memory free
11,98 Gb Paging File | 10,14 Gb Available in Paging File | 84,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 202,60 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
 
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hugomatic\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
PRC - C:\Programme\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.74.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.74.0__bebb3c8816410241\AlienwareAlienFXTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.65.0__bebb3c8816410241\AlienLabsTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.65.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.74.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.74.0__bebb3c8816410241\AlienFX.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.74.0__bebb3c8816410241\AlienFX.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (DAUpdaterSvc) -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV - (XTUService) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh564.sys (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (smbusp) -- C:\Windows\SysNative\drivers\intelsmb.sys (Intel Corporation)
DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (IOCBIOS) -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys (Intel Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data]
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{57FEA219-F77E-4D8F-BBBF-74C3C6F4108C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39EBBF6C-D99A-4A24-A3CD-2B7C94F5A45F&apn_sauid=4F91A191-E256-45FD-85AD-2B5B98174300
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE358
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787314A1-2B24-4861-8134-B583E6FC6B01}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58e40010-e0c2-11de-bd5e-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\World of Warcraft Setup.exe"
O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell - "" = AutoRun
O33 - MountPoints2\{ba292377-f98c-11df-b299-9444526e6ad1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 11:59:51 | 000,000,000 | R--D | C] -- C:\Users\Hugomatic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.02.13 11:25:59 | 000,000,000 | ---D | C] -- C:\Logs
[2013.02.13 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Roaming\Malwarebytes
[2013.02.13 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Local\Programs
[2013.02.12 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 17:21:29 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\Desktop\mbar
[2013.02.03 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\.pdfsam
[2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
[2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:07:39 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.13 11:59:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 11:59:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 11:59:41 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 11:32:48 | 000,000,000 | ---- | M] () -- C:\Users\Hugomatic\defogger_reenable
[2013.02.13 11:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.12 17:43:21 | 000,034,875 | ---- | M] () -- C:\Users\Hugomatic\Documents\combofix.odt
[2013.02.12 17:13:47 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.12 17:13:47 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.12 17:13:47 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.12 17:13:47 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.12 17:13:47 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.02 16:22:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 11:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Hugomatic\defogger_reenable
[2013.02.12 17:43:19 | 000,034,875 | ---- | C] () -- C:\Users\Hugomatic\Documents\combofix.odt
[2012.09.10 15:55:03 | 000,060,304 | ---- | C] () -- C:\Users\Hugomatic\g2mdlhlpx.exe
[2012.09.10 13:03:38 | 004,129,378 | ---- | C] () -- C:\Users\Hugomatic\ProStation Manual.pdf
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.24 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.07.24 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.06.30 17:16:54 | 000,007,607 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\Resmon.ResmonCfg
[2010.02.18 18:08:37 | 000,000,097 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.28 19:44:25 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Canon
[2010.01.06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\CheckPoint
[2012.08.01 09:13:17 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\OpenOffice.org
[2010.07.13 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\ProtectDisc
[2011.11.04 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\PunkBuster
[2010.03.09 19:27:51 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\Ubisoft
[2012.09.10 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\Hugomatic\AppData\Roaming\WH SELFINVEST
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 13.02.2013 08:49:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,36 Gb Available Physical Memory | 72,82% Memory free
11,98 Gb Paging File | 9,89 Gb Available in Paging File | 82,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 205,25 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
 
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FE80F0-1DCB-4434-A071-B24CBB9C96C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{038164F5-F02D-4BED-8A32-59DEF920335A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{09E79B72-08FF-4913-885F-639105320E43}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | 
"{0FADFCAE-7A0C-4BCC-B0FE-5E18152A6B44}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{1680D63B-07D6-4F25-A340-449681A23D12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{1A36B73D-2986-49CE-8DDE-EB263103856A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{1E066D5D-DA62-462C-B710-320764406034}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{1EBCA0DD-BAF1-4DEC-9987-BCB994C39051}" = protocol=6 | dir=in | app=c:\dragon age\daoriginslauncher.exe | 
"{20D42473-B6F8-4890-8C0D-1265A4A6D746}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{24DA52CB-20DC-4872-88CE-A70A41E54883}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{25A2D7E8-5030-4E56-B46C-5FB180A6D430}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{29C61B44-0F92-48D1-899B-830EA6020E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2BDED0D1-EBC2-4FB7-B63A-D918575E9D69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{2C34BDFF-9C8F-421F-9D70-11F52E727A38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{2E2E38E6-0503-448F-9626-360CBBFAA46D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{31321D17-93EB-49C3-B148-3E4D7BCC857A}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{351E8D68-0BD1-454D-8505-1F303D74BE45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{35A3D5DF-405B-487F-93D2-C3C1DBAFC4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{3BCD4BEE-D4D7-4648-AB69-0DB3651FF166}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | 
"{4BB1AE14-1D84-427D-A937-0FC8678EEE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{4C85BDD2-0D82-41F8-9305-A433A96896A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{541EBEC0-7EF1-47F2-8368-9E57A9664E04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{566C9EF0-FC8D-45CF-9512-46F6F4BC24F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5975A1D8-D1B3-4FB8-BB23-B790A48C1A02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6787D9C8-8B05-4C03-94BA-90C2EF1AF564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{6B3ABD99-5823-4D03-8FE6-90D7EBD59497}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{747E2F9E-DFC4-4713-9EC1-E9D27AEAE66D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{7C2E5ED5-10CF-4D26-8932-919FB9DEADA0}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | 
"{7CD53D4D-E043-4BE7-AD9C-84D1D26F7165}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{7F16A3D2-2126-4A2A-8D75-44A3691EDB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{80F546B4-0A9C-4129-A5B9-B87B2BA73997}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{8A9F476D-53ED-427F-9AAA-A9A2470AB342}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{8E70EE16-6945-474E-BECE-D624268EE510}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{90FB8D19-9B31-4BB3-B511-67FFF8DC98AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{92AF711C-CCA8-45F8-887A-C083A6B256DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{9C715D5C-D04C-4D59-B274-88E538BB1112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{9F3B501C-5018-4A36-9B3F-60C19F6B0551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1A35A1B-2DFE-4677-8BDE-176498E3CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{A24300E5-F2B2-4520-8003-AB4989926DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A5A50408-D708-4DFA-A69A-085C60D11860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ADB92EC1-3DFF-4265-BBBC-744EA4E67D44}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{B3DD45FD-49CB-492B-9B7A-AF8A5DE8F3C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{BDEE0490-78EF-426B-9DCF-98CC87C988BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C1E53C6C-6C8A-443C-9E59-1A303913D10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{C23F5C61-E714-4E86-987E-C1C3C0B47572}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{C528B8CC-2716-4191-94EE-328CD78B8969}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{C57DD692-31BF-4FE8-BAF0-470EE31CC575}" = protocol=17 | dir=in | app=c:\dragon age\daoriginslauncher.exe | 
"{C5FBFD34-4A62-45A9-A3E3-2B12C1F64491}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C699DD47-34A4-46E5-8E8C-139335AA449C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{C9FB4CB7-62B4-406A-BBFE-5BF04DB8694C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{CBC335B8-DFEA-4F73-B01A-6D9C258C9B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CBFA15B1-4526-487C-9E7A-97164ED4E920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{CED8196E-C321-4109-8AC0-F4091C4F84FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{D41DE1CF-E958-4838-8BEC-83738F6E1205}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D764A164-761E-4B99-9C27-8C3F7EABD167}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D76BC965-6156-4D41-A760-613E3159B546}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DB193F07-BEC1-4FE0-8BE8-8D7B9C639E72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{DB1D4A78-596E-40FA-9653-F6BD5C91B85D}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DB2219D0-C483-487C-A56A-776EB735D072}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{DFDD853A-4F4E-466E-9F3F-000F2E614EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{E1B0B810-C1B6-41B5-8374-3C7A201E0CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | 
"{E1DF79F8-6374-4758-9707-7C138BC0F484}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E4C465C6-4124-400F-BA8B-9C4C16E4D6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{E581981C-05E2-4CC1-B670-D26DC6E95C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E608582A-34AB-425F-9640-6E08315FF407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E66E66CC-024B-44FB-A069-EE71265C44A8}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{E910728F-F2D6-4877-8D55-17159716557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F2149C7F-2987-4A0B-A56C-1619EDCC3DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{F79FC874-B686-4715-8B7A-09E621028FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{35FBBE37-D205-B85B-A072-F306AF0DA6AB}" = ccc-utility64
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMBus" = Intel(R) SMBus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01F7C7DB-3112-5099-C9E7-DD287AE5CD34}" = CCC Help Greek
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A957041-A0D3-8227-0B1C-34A0B9B4BCE9}" = Catalyst Control Center Graphics Full New
"{0EC66655-20A4-DC5F-3145-B60C54F1BEDC}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1633A40C-B60C-54A8-79EC-1D83F24F3102}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D824414-EEA0-8288-A694-ADB2C96C2420}" = Catalyst Control Center Graphics Light
"{1E897CA6-5DA8-449D-5F0F-64473BCF7A92}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30204391-70DE-706C-1907-50E0CEEEE763}" = CCC Help Spanish
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34E1B3D3-D636-3D6A-8089-CD055365A84D}" = CCC Help Danish
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{481BD864-726E-2B54-1F55-26623C47B9F4}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy
"{61CF87C1-172B-3594-0504-69AEB723C61B}" = Catalyst Control Center Graphics Full Existing
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62AE603D-5599-C19C-1FD6-457B803E86A3}" = Skins
"{62EA3947-00F0-CD3C-B4F1-409D03353E8C}" = CCC Help Norwegian
"{66896432-C843-3937-AFC5-9A753F2ACE55}" = Catalyst Control Center Core Implementation
"{6B388EFD-35DF-AB18-37B6-498784F38C92}" = CCC Help Hungarian
"{6DB66382-0C4E-FEA5-F6B9-037714E7D695}" = CCC Help Chinese Traditional
"{72198521-36AE-472E-EDC1-36E9E66EF706}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74cc0977-aec9-4d27-8883-888baff04160}" = Nero 9 Essentials
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{818395BC-8C56-9DBB-06DB-7A5C4FAA1EAA}" = CCC Help Polish
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8402C81C-7202-B07E-E556-5DCF9C91A37A}" = CCC Help Italian
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8C87ECBD-9B68-ABA9-9EB0-2545C2746C3B}" = CCC Help Turkish
"{91A9CEFA-1506-B9BA-1663-1205B55BC51C}" = CCC Help French
"{91EE7DC4-F14A-4A98-B6A9-D2851D9EA213}" = CCC Help English
"{9685F3F9-5581-07A7-90B7-CFF046694FCA}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933D9C3-56EF-68F4-BECA-05BE7337918F}" = CCC Help German
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BCBDC685-EF9F-FE17-A5B7-FAD72A41997B}" = CCC Help Japanese
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C20FF6AA-1CE7-ABC5-6B74-2D644731E3D2}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D4E45F96-61E5-0C00-8972-228B9BFFB091}" = Catalyst Control Center Graphics Previews Vista
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E26B007E-4F63-6F24-D440-2A509A89C00E}" = Catalyst Control Center Graphics Previews Common
"{E4EE40C4-29E4-D860-78C0-72B9B29C4184}" = CCC Help Czech
"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC79D1A6-1D7D-B7A3-B113-1591E6CA78DF}" = CCC Help Korean
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F12614C4-BF95-57EC-BFB3-04F934A8ED8A}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA5D0718-40E2-7FEE-BB9B-028162A7B2FC}" = CCC Help Chinese Standard
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Diablo III" = Diablo III
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Drakensang_is1" = Drakensang
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Two Worlds II" = Two Worlds II
"WFTK" = Canon Utilities WFT Utility
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.02.2013 08:14:43 | Computer Name = Hugomatic-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 77c    Startzeit: 01ce052c944ed2d1    Endzeit: 8    Anwendungspfad: C:\Program
 Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 07.02.2013 10:18:44 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-07,
 15:18:44.0301108 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 08.02.2013 02:57:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-08,
 07:57:50.1221000 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 11.02.2013 03:24:37 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-11,
 08:24:37.8419108 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 11.02.2013 10:13:50 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-11,
 15:13:50.1033078 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 12.02.2013 03:14:04 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-12,
 08:14:04.0538929 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 12.02.2013 07:01:46 | Computer Name = Hugomatic-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Wow-64.exe, Version: 5.1.0.16357,
 Zeitstempel: 0x50bd644f  Name des fehlerhaften Moduls: Wow-64.exe, Version: 5.1.0.16357,
 Zeitstempel: 0x50bd644f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000004d6e93
ID
 des fehlerhaften Prozesses: 0x3ec  Startzeit der fehlerhaften Anwendung: 0x01ce08f65f038f32
Pfad
 der fehlerhaften Anwendung: C:\Users\Public\Games\World of Warcraft\Wow-64.exe  Pfad
 des fehlerhaften Moduls: C:\Users\Public\Games\World of Warcraft\Wow-64.exe  Berichtskennung:
 9720347a-7503-11e2-825b-9444526e6ad1
 
Error - 12.02.2013 11:51:55 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-12,
 16:51:55.1197035 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 03:04:05 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 08:04:05.0924871 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 03:39:29 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 08:39:29.0157028 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
[ System Events ]
Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.02.2013 12:09:55 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.02.2013 12:09:56 | Computer Name = Hugomatic-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 13.02.2013 03:03:29 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 13.02.2013 03:38:43 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Alienware Fusion Service erreicht.
 
Error - 13.02.2013 03:39:15 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Alienware Fusion Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
Gmer-Log:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 11:58:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.05.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\HUGOMA~1\AppData\Local\Temp\fwriruog.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                     0000000075e01401 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                       0000000075e01419 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                     0000000075e01431 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                     0000000075e0144a 2 bytes [E0, 75]
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                        0000000075e014dd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                 0000000075e014f5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                        0000000075e0150d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                 0000000075e01525 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                       0000000075e0153d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                            0000000075e01555 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                     0000000075e0156d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                       0000000075e01585 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                          0000000075e0159d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                       0000000075e015b5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                     0000000075e015cd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                 0000000075e016b2 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                 0000000075e016bd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000075e01401 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000075e01419 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000075e01431 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              0000000075e0144a 2 bytes [E0, 75]
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 0000000075e014dd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          0000000075e014f5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 0000000075e0150d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000075e01525 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                0000000075e0153d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000075e01555 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              0000000075e0156d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000075e01585 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   0000000075e0159d 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                0000000075e015b5 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              0000000075e015cd 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          0000000075e016b2 2 bytes [E0, 75]
.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          0000000075e016bd 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                           00000000725617fa 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                       0000000072561860 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                     0000000072561942 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                    000000007256194d 2 bytes [56, 72]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075e01401 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075e01419 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075e01431 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075e0144a 2 bytes [E0, 75]
.text  ...                                                                                                                                        * 9
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000075e014dd 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075e014f5 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000075e0150d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075e01525 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075e0153d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075e01555 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075e0156d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075e01585 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000075e0159d 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075e015b5 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075e015cd 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075e016b2 2 bytes [E0, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe[1964] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075e016bd 2 bytes [E0, 75]

---- EOF - GMER 2.0 ----
         
adwCleaner:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 13/02/2013 um 08:35:25 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Hugomatic - HUGOMATIC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hugomatic\Downloads\adwcleaner0.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\APN
Ordner Gefunden : C:\Users\Hugomatic\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Hugomatic\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Hugomatic\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5805 octets] - [13/02/2013 08:35:25]

########## EOF - C:\AdwCleaner[R1].txt - [5865 octets] ##########
         

Vielleicht kann mir jemand noch Tipps geben, ob ich noch etwas überprüfen sollte.

Bis dahin
Viele Grüße

Alt 14.02.2013, 10:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?


Zitat:
beschrieben sind. Z.B. mbar, aswMBR, TDSS-Killer und adwCleaner.
Bitte trotzdem alle fehlenden Logs nachreichen
__________________

__________________

Alt 14.02.2013, 13:29   #3
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo Cosinus,

vielen Dank schonmal für die Antwort.

Ich habe eine Professional Edition weil der Rechner zwar privat ist, er aber auch ggf. in meiner Firma genutzt werden sollte (wurde er letztlich aber nicht...). Glaube bei Dell gab es damals eine kostenlose Upgrade-Aktion von Home auf Professional Edition, hatte mich auf jeden Fall also nicht sonderlich gestört.

Weitere Logs folgen unten, aswMBR ist aber heute erstellt, da ich das Log gestern anscheinend nicht gespeichert habe.

Zur Info: Ich habe gestern Abend, also nach allen gestrigen Scans aber vor dem heutigen aswMBR Lauf, noch meinen User/AppData/Local/Temp Ordner per Datenträgerbereinigung gekillt, der war einfach unglaublich voll.

Ebenso habe ich den Java Temp Ordner über das Java Control Panel bereinigt und zur Sicherheit mehrere alte Java-Versionen deinstalliert und nur die neueste drauf gelassen.


TDSS Log:
Code:
ATTFilter
08:29:17.0010 5640  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:29:19.0022 5640  ============================================================
08:29:19.0022 5640  Current date / time: 2013/02/13 08:29:19.0022
08:29:19.0022 5640  SystemInfo:
08:29:19.0022 5640  
08:29:19.0022 5640  OS Version: 6.1.7601 ServicePack: 1.0
08:29:19.0022 5640  Product type: Workstation
08:29:19.0022 5640  ComputerName: HUGOMATIC-PC
08:29:19.0022 5640  UserName: Hugomatic
08:29:19.0022 5640  Windows directory: C:\Windows
08:29:19.0022 5640  System windows directory: C:\Windows
08:29:19.0022 5640  Running under WOW64
08:29:19.0022 5640  Processor architecture: Intel x64
08:29:19.0022 5640  Number of processors: 8
08:29:19.0022 5640  Page size: 0x1000
08:29:19.0022 5640  Boot type: Normal boot
08:29:19.0022 5640  ============================================================
08:29:19.0350 5640  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:29:19.0366 5640  ============================================================
08:29:19.0366 5640  \Device\Harddisk0\DR0:
08:29:19.0366 5640  MBR partitions:
08:29:19.0366 5640  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x1139000
08:29:19.0366 5640  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1170000, BlocksNum 0x39215800
08:29:19.0366 5640  ============================================================
08:29:19.0397 5640  C: <-> \Device\Harddisk0\DR0\Partition2
08:29:19.0397 5640  ============================================================
08:29:19.0397 5640  Initialize success
08:29:19.0397 5640  ============================================================
08:29:39.0287 6136  ============================================================
08:29:39.0287 6136  Scan started
08:29:39.0287 6136  Mode: Manual; SigCheck; TDLFS; 
08:29:39.0287 6136  ============================================================
08:29:39.0568 6136  ================ Scan system memory ========================
08:29:39.0568 6136  System memory - ok
08:29:39.0568 6136  ================ Scan services =============================
08:29:39.0692 6136  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:29:39.0755 6136  1394ohci - ok
08:29:39.0817 6136  [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
08:29:39.0833 6136  acedrv11 - ok
08:29:39.0864 6136  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:29:39.0880 6136  ACPI - ok
08:29:39.0911 6136  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:29:39.0942 6136  AcpiPmi - ok
08:29:40.0067 6136  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:29:40.0082 6136  AdobeFlashPlayerUpdateSvc - ok
08:29:40.0114 6136  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:29:40.0129 6136  adp94xx - ok
08:29:40.0145 6136  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:29:40.0160 6136  adpahci - ok
08:29:40.0176 6136  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:29:40.0176 6136  adpu320 - ok
08:29:40.0207 6136  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:29:40.0270 6136  AeLookupSvc - ok
08:29:40.0332 6136  [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
08:29:40.0379 6136  AERTFilters - ok
08:29:40.0426 6136  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
08:29:40.0457 6136  AFD - ok
08:29:40.0488 6136  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:29:40.0504 6136  agp440 - ok
08:29:40.0519 6136  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:29:40.0566 6136  ALG - ok
08:29:40.0628 6136  [ 27CD092372190BBC476EFB644E8764AA ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
08:29:40.0644 6136  AlienFusionService - ok
08:29:40.0660 6136  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:29:40.0675 6136  aliide - ok
08:29:40.0706 6136  [ 1EAED36210279C0B7B97817D09836E45 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:29:40.0738 6136  AMD External Events Utility - ok
08:29:40.0753 6136  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:29:40.0753 6136  amdide - ok
08:29:40.0784 6136  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:29:40.0816 6136  AmdK8 - ok
08:29:40.0925 6136  [ A7CF8A458F6851A97F27F1F2DCAF7262 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:29:41.0018 6136  amdkmdag - ok
08:29:41.0081 6136  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:29:41.0096 6136  amdkmdap ( UnsignedFile.Multi.Generic ) - warning
08:29:41.0096 6136  amdkmdap - detected UnsignedFile.Multi.Generic (1)
08:29:41.0096 6136  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:29:41.0143 6136  AmdPPM - ok
08:29:41.0174 6136  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:29:41.0174 6136  amdsata - ok
08:29:41.0190 6136  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:29:41.0206 6136  amdsbs - ok
08:29:41.0206 6136  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:29:41.0221 6136  amdxata - ok
08:29:41.0299 6136  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
08:29:41.0315 6136  AntiVirFirewallService - ok
08:29:41.0377 6136  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
08:29:41.0393 6136  AntiVirMailService - ok
08:29:41.0440 6136  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:29:41.0440 6136  AntiVirSchedulerService - ok
08:29:41.0471 6136  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:29:41.0471 6136  AntiVirService - ok
08:29:41.0486 6136  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
08:29:41.0502 6136  AntiVirWebService - ok
08:29:41.0549 6136  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
08:29:41.0627 6136  AppID - ok
08:29:41.0674 6136  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:29:41.0705 6136  AppIDSvc - ok
08:29:41.0752 6136  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
08:29:41.0798 6136  Appinfo - ok
08:29:41.0845 6136  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:29:41.0861 6136  AppMgmt - ok
08:29:41.0892 6136  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:29:41.0892 6136  arc - ok
08:29:41.0908 6136  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:29:41.0908 6136  arcsas - ok
08:29:41.0970 6136  aspnet_state - ok
08:29:41.0986 6136  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:29:42.0032 6136  AsyncMac - ok
08:29:42.0064 6136  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
08:29:42.0079 6136  atapi - ok
08:29:42.0110 6136  [ 506934DF94E3197F4A1BBE8FBEAB0CCD ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
08:29:42.0126 6136  AtiHdmiService - ok
08:29:42.0204 6136  [ A7CF8A458F6851A97F27F1F2DCAF7262 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:29:42.0251 6136  atikmdag - ok
08:29:42.0282 6136  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
08:29:42.0298 6136  atksgt - ok
08:29:42.0344 6136  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:29:42.0391 6136  AudioEndpointBuilder - ok
08:29:42.0422 6136  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:29:42.0438 6136  AudioSrv - ok
08:29:42.0485 6136  [ C5B223B2C174147D00F64E0D783459C7 ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
08:29:42.0500 6136  avfwim - ok
08:29:42.0532 6136  [ C7B2A376DCF4E1528B26358A9B341F4C ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
08:29:42.0547 6136  avfwot - ok
08:29:42.0578 6136  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
08:29:42.0594 6136  avgntflt - ok
08:29:42.0610 6136  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
08:29:42.0625 6136  avipbb - ok
08:29:42.0625 6136  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
08:29:42.0641 6136  avkmgr - ok
08:29:42.0672 6136  [ 5B64B0D162AABDE795B3F7A7234F2FE1 ] AWOPFilterDriver C:\Windows\system32\drivers\AWOPFilterDriver.sys
08:29:42.0672 6136  AWOPFilterDriver - ok
08:29:42.0719 6136  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:29:42.0750 6136  AxInstSV - ok
08:29:42.0781 6136  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:29:42.0797 6136  b06bdrv - ok
08:29:42.0812 6136  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:29:42.0844 6136  b57nd60a - ok
08:29:42.0875 6136  [ EA289355B7E07461760172B0674B9382 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh564.sys
08:29:42.0906 6136  BCMH43XX - ok
08:29:42.0922 6136  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:29:42.0953 6136  BDESVC - ok
08:29:42.0953 6136  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:29:43.0015 6136  Beep - ok
08:29:43.0062 6136  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
08:29:43.0109 6136  BFE - ok
08:29:43.0156 6136  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
08:29:43.0202 6136  BITS - ok
08:29:43.0218 6136  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:29:43.0234 6136  blbdrive - ok
08:29:43.0280 6136  [ E869C8C360F3705DA7875327DA616F11 ] Blfp            C:\Windows\system32\DRIVERS\basp.sys
08:29:43.0280 6136  Blfp - ok
08:29:43.0312 6136  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:29:43.0327 6136  bowser - ok
08:29:43.0343 6136  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:29:43.0421 6136  BrFiltLo - ok
08:29:43.0436 6136  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:29:43.0436 6136  BrFiltUp - ok
08:29:43.0468 6136  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
08:29:43.0483 6136  Browser - ok
08:29:43.0499 6136  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:29:43.0514 6136  Brserid - ok
08:29:43.0530 6136  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:29:43.0546 6136  BrSerWdm - ok
08:29:43.0592 6136  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:29:43.0639 6136  BrUsbMdm - ok
08:29:43.0639 6136  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:29:43.0655 6136  BrUsbSer - ok
08:29:43.0655 6136  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:29:43.0686 6136  BTHMODEM - ok
08:29:43.0702 6136  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:29:43.0733 6136  bthserv - ok
08:29:43.0764 6136  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:29:43.0811 6136  cdfs - ok
08:29:43.0826 6136  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
08:29:43.0842 6136  cdrom - ok
08:29:43.0889 6136  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:29:43.0920 6136  CertPropSvc - ok
08:29:43.0936 6136  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:29:43.0967 6136  circlass - ok
08:29:43.0998 6136  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:29:43.0998 6136  CLFS - ok
08:29:44.0029 6136  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:44.0029 6136  clr_optimization_v2.0.50727_32 - ok
08:29:44.0092 6136  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:29:44.0092 6136  clr_optimization_v2.0.50727_64 - ok
08:29:44.0185 6136  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:44.0185 6136  clr_optimization_v4.0.30319_32 - ok
08:29:44.0232 6136  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:29:44.0248 6136  clr_optimization_v4.0.30319_64 - ok
08:29:44.0279 6136  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:29:44.0279 6136  CmBatt - ok
08:29:44.0310 6136  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:29:44.0310 6136  cmdide - ok
08:29:44.0341 6136  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
08:29:44.0372 6136  CNG - ok
08:29:44.0388 6136  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:29:44.0404 6136  Compbatt - ok
08:29:44.0435 6136  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:29:44.0466 6136  CompositeBus - ok
08:29:44.0482 6136  COMSysApp - ok
08:29:44.0497 6136  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:29:44.0497 6136  crcdisk - ok
08:29:44.0544 6136  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:29:44.0544 6136  CryptSvc - ok
08:29:44.0591 6136  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
08:29:44.0638 6136  CSC - ok
08:29:44.0700 6136  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
08:29:44.0716 6136  CscService - ok
08:29:44.0794 6136  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
08:29:44.0809 6136  DAUpdaterSvc - ok
08:29:44.0840 6136  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:29:44.0872 6136  DcomLaunch - ok
08:29:44.0918 6136  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:29:44.0950 6136  defragsvc - ok
08:29:44.0981 6136  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:29:45.0028 6136  DfsC - ok
08:29:45.0059 6136  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:29:45.0090 6136  Dhcp - ok
08:29:45.0121 6136  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:29:45.0137 6136  discache - ok
08:29:45.0199 6136  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:29:45.0199 6136  Disk - ok
08:29:45.0230 6136  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:29:45.0277 6136  Dnscache - ok
08:29:45.0293 6136  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:29:45.0340 6136  dot3svc - ok
08:29:45.0371 6136  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
08:29:45.0402 6136  DPS - ok
08:29:45.0433 6136  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:29:45.0433 6136  drmkaud - ok
08:29:45.0480 6136  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:29:45.0496 6136  DXGKrnl - ok
08:29:45.0527 6136  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:29:45.0558 6136  EapHost - ok
08:29:45.0605 6136  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:29:45.0667 6136  ebdrv - ok
08:29:45.0698 6136  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
08:29:45.0730 6136  EFS - ok
08:29:45.0761 6136  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:29:45.0808 6136  ehRecvr - ok
08:29:45.0823 6136  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:29:45.0854 6136  ehSched - ok
08:29:45.0886 6136  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:29:45.0901 6136  elxstor - ok
08:29:45.0917 6136  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:29:45.0932 6136  ErrDev - ok
08:29:45.0948 6136  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:29:45.0995 6136  EventSystem - ok
08:29:46.0010 6136  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:29:46.0026 6136  exfat - ok
08:29:46.0042 6136  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:29:46.0088 6136  fastfat - ok
08:29:46.0135 6136  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
08:29:46.0166 6136  Fax - ok
08:29:46.0198 6136  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:29:46.0198 6136  fdc - ok
08:29:46.0213 6136  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:29:46.0244 6136  fdPHost - ok
08:29:46.0260 6136  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:29:46.0291 6136  FDResPub - ok
08:29:46.0307 6136  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:29:46.0307 6136  FileInfo - ok
08:29:46.0322 6136  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:29:46.0354 6136  Filetrace - ok
08:29:46.0385 6136  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:29:46.0385 6136  flpydisk - ok
08:29:46.0416 6136  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:29:46.0432 6136  FltMgr - ok
08:29:46.0463 6136  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
08:29:46.0494 6136  FontCache - ok
08:29:46.0541 6136  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:29:46.0556 6136  FontCache3.0.0.0 - ok
08:29:46.0556 6136  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:29:46.0572 6136  FsDepends - ok
08:29:46.0603 6136  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:29:46.0619 6136  Fs_Rec - ok
08:29:46.0650 6136  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:29:46.0666 6136  fvevol - ok
08:29:46.0681 6136  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:29:46.0681 6136  gagp30kx - ok
08:29:46.0728 6136  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
08:29:46.0759 6136  gpsvc - ok
08:29:46.0868 6136  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:29:46.0868 6136  gupdate - ok
08:29:46.0884 6136  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:29:46.0884 6136  gupdatem - ok
08:29:46.0946 6136  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:29:46.0946 6136  gusvc - ok
08:29:46.0962 6136  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:29:46.0978 6136  hcw85cir - ok
08:29:47.0024 6136  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:29:47.0040 6136  HDAudBus - ok
08:29:47.0040 6136  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:29:47.0056 6136  HidBatt - ok
08:29:47.0071 6136  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:29:47.0071 6136  HidBth - ok
08:29:47.0102 6136  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:29:47.0102 6136  HidIr - ok
08:29:47.0134 6136  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
08:29:47.0180 6136  hidserv - ok
08:29:47.0212 6136  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:29:47.0212 6136  HidUsb - ok
08:29:47.0243 6136  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:29:47.0290 6136  hkmsvc - ok
08:29:47.0336 6136  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:29:47.0368 6136  HomeGroupListener - ok
08:29:47.0399 6136  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:29:47.0399 6136  HomeGroupProvider - ok
08:29:47.0414 6136  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:29:47.0430 6136  HpSAMD - ok
08:29:47.0477 6136  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:29:47.0508 6136  HTTP - ok
08:29:47.0539 6136  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:29:47.0555 6136  hwpolicy - ok
08:29:47.0570 6136  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:29:47.0586 6136  i8042prt - ok
08:29:47.0633 6136  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:29:47.0648 6136  IAANTMON - ok
08:29:47.0680 6136  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
08:29:47.0680 6136  iaStor - ok
08:29:47.0711 6136  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:29:47.0711 6136  iaStorV - ok
08:29:47.0820 6136  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:29:47.0820 6136  IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:29:47.0820 6136  IDriverT - detected UnsignedFile.Multi.Generic (1)
08:29:47.0867 6136  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:29:47.0882 6136  idsvc - ok
08:29:47.0914 6136  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:29:47.0929 6136  iirsp - ok
08:29:47.0992 6136  [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
08:29:48.0007 6136  IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
08:29:48.0007 6136  IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
08:29:48.0054 6136  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
08:29:48.0101 6136  IKEEXT - ok
08:29:48.0148 6136  [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:29:48.0179 6136  IntcAzAudAddService - ok
08:29:48.0194 6136  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
08:29:48.0194 6136  intelide - ok
08:29:48.0210 6136  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:29:48.0226 6136  intelppm - ok
08:29:48.0304 6136  [ 0E3A39C18C9C7A25D363E2D5889CB5A2 ] IOCBIOS         C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS
08:29:48.0304 6136  IOCBIOS - ok
08:29:48.0335 6136  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:29:48.0366 6136  IPBusEnum - ok
08:29:48.0413 6136  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:29:48.0444 6136  IpFilterDriver - ok
08:29:48.0491 6136  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:29:48.0506 6136  iphlpsvc - ok
08:29:48.0538 6136  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:29:48.0553 6136  IPMIDRV - ok
08:29:48.0569 6136  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:29:48.0616 6136  IPNAT - ok
08:29:48.0647 6136  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:29:48.0662 6136  IRENUM - ok
08:29:48.0678 6136  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:29:48.0678 6136  isapnp - ok
08:29:48.0725 6136  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:29:48.0725 6136  iScsiPrt - ok
08:29:48.0772 6136  ISWKL - ok
08:29:48.0787 6136  IswSvc - ok
08:29:48.0803 6136  [ 08DD34F74D65E1C8F238565570952630 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
08:29:48.0803 6136  k57nd60a - ok
08:29:48.0818 6136  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:29:48.0834 6136  kbdclass - ok
08:29:48.0865 6136  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:29:48.0896 6136  kbdhid - ok
08:29:48.0912 6136  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
08:29:48.0928 6136  KeyIso - ok
08:29:48.0959 6136  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:29:48.0959 6136  KSecDD - ok
08:29:48.0990 6136  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:29:49.0006 6136  KSecPkg - ok
08:29:49.0021 6136  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:29:49.0052 6136  ksthunk - ok
08:29:49.0068 6136  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:29:49.0099 6136  KtmRm - ok
08:29:49.0146 6136  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:29:49.0177 6136  LanmanServer - ok
08:29:49.0208 6136  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:29:49.0255 6136  LanmanWorkstation - ok
08:29:49.0302 6136  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
08:29:49.0302 6136  lirsgt - ok
08:29:49.0318 6136  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:29:49.0333 6136  lltdio - ok
08:29:49.0364 6136  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:29:49.0411 6136  lltdsvc - ok
08:29:49.0427 6136  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:29:49.0458 6136  lmhosts - ok
08:29:49.0474 6136  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:29:49.0489 6136  LSI_FC - ok
08:29:49.0505 6136  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:29:49.0505 6136  LSI_SAS - ok
08:29:49.0520 6136  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:29:49.0536 6136  LSI_SAS2 - ok
08:29:49.0536 6136  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:29:49.0552 6136  LSI_SCSI - ok
08:29:49.0567 6136  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:29:49.0583 6136  luafv - ok
08:29:49.0614 6136  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:29:49.0645 6136  Mcx2Svc - ok
08:29:49.0661 6136  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:29:49.0661 6136  megasas - ok
08:29:49.0676 6136  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:29:49.0692 6136  MegaSR - ok
08:29:49.0708 6136  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:29:49.0739 6136  MMCSS - ok
08:29:49.0770 6136  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:29:49.0801 6136  Modem - ok
08:29:49.0832 6136  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:29:49.0848 6136  monitor - ok
08:29:49.0895 6136  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
08:29:49.0895 6136  mouclass - ok
08:29:49.0910 6136  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:29:49.0926 6136  mouhid - ok
08:29:49.0957 6136  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:29:49.0973 6136  mountmgr - ok
08:29:49.0988 6136  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:29:50.0004 6136  mpio - ok
08:29:50.0020 6136  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:29:50.0035 6136  mpsdrv - ok
08:29:50.0098 6136  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:29:50.0144 6136  MpsSvc - ok
08:29:50.0176 6136  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:29:50.0207 6136  MRxDAV - ok
08:29:50.0238 6136  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:29:50.0238 6136  mrxsmb - ok
08:29:50.0269 6136  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:29:50.0300 6136  mrxsmb10 - ok
08:29:50.0332 6136  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:29:50.0347 6136  mrxsmb20 - ok
08:29:50.0363 6136  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:29:50.0378 6136  msahci - ok
08:29:50.0410 6136  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:29:50.0425 6136  msdsm - ok
08:29:50.0425 6136  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:29:50.0456 6136  MSDTC - ok
08:29:50.0456 6136  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:29:50.0488 6136  Msfs - ok
08:29:50.0488 6136  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:29:50.0534 6136  mshidkmdf - ok
08:29:50.0566 6136  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:29:50.0566 6136  msisadrv - ok
08:29:50.0597 6136  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:29:50.0628 6136  MSiSCSI - ok
08:29:50.0628 6136  msiserver - ok
08:29:50.0659 6136  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:29:50.0690 6136  MSKSSRV - ok
08:29:50.0690 6136  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:29:50.0722 6136  MSPCLOCK - ok
08:29:50.0737 6136  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:29:50.0768 6136  MSPQM - ok
08:29:50.0800 6136  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:29:50.0815 6136  MsRPC - ok
08:29:50.0815 6136  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:29:50.0831 6136  mssmbios - ok
08:29:50.0846 6136  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:29:50.0862 6136  MSTEE - ok
08:29:50.0878 6136  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:29:50.0893 6136  MTConfig - ok
08:29:50.0909 6136  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:29:50.0909 6136  Mup - ok
08:29:50.0940 6136  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
08:29:50.0987 6136  napagent - ok
08:29:51.0002 6136  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:29:51.0018 6136  NativeWifiP - ok
08:29:51.0080 6136  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:29:51.0096 6136  NDIS - ok
08:29:51.0112 6136  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:29:51.0127 6136  NdisCap - ok
08:29:51.0143 6136  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:29:51.0174 6136  NdisTapi - ok
08:29:51.0205 6136  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:29:51.0221 6136  Ndisuio - ok
08:29:51.0252 6136  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:29:51.0283 6136  NdisWan - ok
08:29:51.0314 6136  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:29:51.0361 6136  NDProxy - ok
08:29:51.0455 6136  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:29:51.0470 6136  Nero BackItUp Scheduler 4.0 - ok
08:29:51.0486 6136  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:29:51.0517 6136  NetBIOS - ok
08:29:51.0548 6136  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:29:51.0580 6136  NetBT - ok
08:29:51.0595 6136  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
08:29:51.0611 6136  Netlogon - ok
08:29:51.0626 6136  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:29:51.0673 6136  Netman - ok
08:29:51.0689 6136  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:29:51.0720 6136  netprofm - ok
08:29:51.0736 6136  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:29:51.0751 6136  NetTcpPortSharing - ok
08:29:51.0782 6136  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:29:51.0782 6136  nfrd960 - ok
08:29:51.0814 6136  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:29:51.0829 6136  NlaSvc - ok
08:29:51.0845 6136  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:29:51.0876 6136  Npfs - ok
08:29:51.0876 6136  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:29:51.0923 6136  nsi - ok
08:29:51.0923 6136  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:29:51.0970 6136  nsiproxy - ok
08:29:52.0016 6136  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:29:52.0032 6136  Ntfs - ok
08:29:52.0048 6136  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:29:52.0094 6136  Null - ok
08:29:52.0141 6136  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:29:52.0141 6136  nvraid - ok
08:29:52.0157 6136  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:29:52.0172 6136  nvstor - ok
08:29:52.0188 6136  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:29:52.0188 6136  nv_agp - ok
08:29:52.0204 6136  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:29:52.0235 6136  ohci1394 - ok
08:29:52.0250 6136  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:29:52.0266 6136  p2pimsvc - ok
08:29:52.0297 6136  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:29:52.0297 6136  p2psvc - ok
08:29:52.0313 6136  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:29:52.0313 6136  Parport - ok
08:29:52.0344 6136  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:29:52.0360 6136  partmgr - ok
08:29:52.0360 6136  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:29:52.0391 6136  PcaSvc - ok
08:29:52.0406 6136  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
08:29:52.0406 6136  pci - ok
08:29:52.0438 6136  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
08:29:52.0438 6136  pciide - ok
08:29:52.0453 6136  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:29:52.0469 6136  pcmcia - ok
08:29:52.0484 6136  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:29:52.0484 6136  pcw - ok
08:29:52.0500 6136  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:29:52.0547 6136  PEAUTH - ok
08:29:52.0594 6136  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:29:52.0625 6136  PeerDistSvc - ok
08:29:52.0703 6136  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:29:52.0734 6136  PerfHost - ok
08:29:52.0781 6136  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
08:29:52.0843 6136  pla - ok
08:29:52.0874 6136  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:29:52.0890 6136  PlugPlay - ok
08:29:52.0921 6136  PnkBstrA - ok
08:29:52.0937 6136  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:29:52.0952 6136  PNRPAutoReg - ok
08:29:52.0968 6136  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:29:52.0968 6136  PNRPsvc - ok
08:29:52.0984 6136  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:29:53.0030 6136  PolicyAgent - ok
08:29:53.0046 6136  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:29:53.0093 6136  Power - ok
08:29:53.0124 6136  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:29:53.0171 6136  PptpMiniport - ok
08:29:53.0186 6136  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:29:53.0202 6136  Processor - ok
08:29:53.0233 6136  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:29:53.0280 6136  ProfSvc - ok
08:29:53.0296 6136  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:29:53.0311 6136  ProtectedStorage - ok
08:29:53.0342 6136  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:29:53.0374 6136  Psched - ok
08:29:53.0420 6136  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:29:53.0436 6136  ql2300 - ok
08:29:53.0452 6136  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:29:53.0467 6136  ql40xx - ok
08:29:53.0483 6136  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:29:53.0498 6136  QWAVE - ok
08:29:53.0514 6136  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:29:53.0545 6136  QWAVEdrv - ok
08:29:53.0561 6136  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:29:53.0592 6136  RasAcd - ok
08:29:53.0623 6136  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:29:53.0639 6136  RasAgileVpn - ok
08:29:53.0670 6136  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:29:53.0686 6136  RasAuto - ok
08:29:53.0717 6136  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:29:53.0748 6136  Rasl2tp - ok
08:29:53.0779 6136  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
08:29:53.0826 6136  RasMan - ok
08:29:53.0842 6136  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:29:53.0873 6136  RasPppoe - ok
08:29:53.0873 6136  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:29:53.0904 6136  RasSstp - ok
08:29:53.0935 6136  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:29:53.0966 6136  rdbss - ok
08:29:53.0982 6136  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:29:53.0998 6136  rdpbus - ok
08:29:54.0013 6136  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:29:54.0029 6136  RDPCDD - ok
08:29:54.0060 6136  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:29:54.0076 6136  RDPDR - ok
08:29:54.0091 6136  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:29:54.0107 6136  RDPENCDD - ok
08:29:54.0122 6136  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:29:54.0138 6136  RDPREFMP - ok
08:29:54.0169 6136  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:29:54.0200 6136  RDPWD - ok
08:29:54.0232 6136  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:29:54.0232 6136  rdyboost - ok
08:29:54.0263 6136  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:29:54.0294 6136  RemoteAccess - ok
08:29:54.0310 6136  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:29:54.0356 6136  RemoteRegistry - ok
08:29:54.0372 6136  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:29:54.0403 6136  RpcEptMapper - ok
08:29:54.0434 6136  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:29:54.0466 6136  RpcLocator - ok
08:29:54.0497 6136  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
08:29:54.0528 6136  RpcSs - ok
08:29:54.0544 6136  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:29:54.0590 6136  rspndr - ok
08:29:54.0606 6136  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
08:29:54.0622 6136  s3cap - ok
08:29:54.0622 6136  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
08:29:54.0637 6136  SamSs - ok
08:29:54.0668 6136  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:29:54.0668 6136  sbp2port - ok
08:29:54.0684 6136  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:29:54.0715 6136  SCardSvr - ok
08:29:54.0746 6136  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:29:54.0778 6136  scfilter - ok
08:29:54.0824 6136  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
08:29:54.0871 6136  Schedule - ok
08:29:54.0902 6136  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:29:54.0934 6136  SCPolicySvc - ok
08:29:54.0965 6136  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:29:54.0996 6136  SDRSVC - ok
08:29:55.0012 6136  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:29:55.0043 6136  secdrv - ok
08:29:55.0074 6136  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
08:29:55.0121 6136  seclogon - ok
08:29:55.0136 6136  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
08:29:55.0168 6136  SENS - ok
08:29:55.0168 6136  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:29:55.0183 6136  SensrSvc - ok
08:29:55.0199 6136  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:29:55.0214 6136  Serenum - ok
08:29:55.0230 6136  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:29:55.0246 6136  Serial - ok
08:29:55.0261 6136  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:29:55.0261 6136  sermouse - ok
08:29:55.0308 6136  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:29:55.0339 6136  SessionEnv - ok
08:29:55.0355 6136  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:29:55.0386 6136  sffdisk - ok
08:29:55.0402 6136  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:29:55.0417 6136  sffp_mmc - ok
08:29:55.0417 6136  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:29:55.0448 6136  sffp_sd - ok
08:29:55.0464 6136  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:29:55.0464 6136  sfloppy - ok
08:29:55.0542 6136  [ 21D48D7C9BDEF13AF16FDCBC5719FC3B ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:29:55.0573 6136  SftService ( UnsignedFile.Multi.Generic ) - warning
08:29:55.0573 6136  SftService - detected UnsignedFile.Multi.Generic (1)
08:29:55.0589 6136  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:29:55.0636 6136  SharedAccess - ok
08:29:55.0667 6136  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:29:55.0682 6136  ShellHWDetection - ok
08:29:55.0714 6136  [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132          C:\Windows\system32\DRIVERS\SI3132.sys
08:29:55.0729 6136  SI3132 - ok
08:29:55.0729 6136  [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
08:29:55.0729 6136  SiFilter - ok
08:29:55.0745 6136  [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
08:29:55.0745 6136  SiRemFil - ok
08:29:55.0776 6136  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:29:55.0776 6136  SiSRaid2 - ok
08:29:55.0792 6136  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:29:55.0807 6136  SiSRaid4 - ok
08:29:55.0823 6136  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:29:55.0870 6136  Smb - ok
08:29:55.0916 6136  [ 14A6C16F523BE06BA307CB68597EAA82 ] smbusp          C:\Windows\system32\DRIVERS\intelsmb.sys
08:29:55.0948 6136  smbusp - ok
08:29:55.0979 6136  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:29:55.0994 6136  SNMPTRAP - ok
08:29:56.0010 6136  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:29:56.0010 6136  spldr - ok
08:29:56.0057 6136  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
08:29:56.0088 6136  Spooler - ok
08:29:56.0150 6136  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
08:29:56.0229 6136  sppsvc - ok
08:29:56.0244 6136  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:29:56.0275 6136  sppuinotify - ok
08:29:56.0307 6136  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:29:56.0338 6136  srv - ok
08:29:56.0369 6136  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:29:56.0400 6136  srv2 - ok
08:29:56.0416 6136  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:29:56.0431 6136  srvnet - ok
08:29:56.0463 6136  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:29:56.0494 6136  SSDPSRV - ok
08:29:56.0509 6136  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:29:56.0525 6136  SstpSvc - ok
08:29:56.0572 6136  Steam Client Service - ok
08:29:56.0603 6136  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:29:56.0603 6136  stexstor - ok
08:29:56.0650 6136  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
08:29:56.0681 6136  stisvc - ok
08:29:56.0712 6136  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
08:29:56.0728 6136  storflt - ok
08:29:56.0743 6136  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
08:29:56.0759 6136  StorSvc - ok
08:29:56.0775 6136  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
08:29:56.0790 6136  storvsc - ok
08:29:56.0806 6136  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:29:56.0806 6136  swenum - ok
08:29:56.0821 6136  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
08:29:56.0868 6136  swprv - ok
08:29:56.0915 6136  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
08:29:56.0946 6136  SysMain - ok
08:29:56.0977 6136  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:29:56.0993 6136  TabletInputService - ok
08:29:57.0009 6136  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:29:57.0055 6136  TapiSrv - ok
08:29:57.0087 6136  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
08:29:57.0133 6136  TBS - ok
08:29:57.0180 6136  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:29:57.0211 6136  Tcpip - ok
08:29:57.0243 6136  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:29:57.0274 6136  TCPIP6 - ok
08:29:57.0305 6136  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:29:57.0321 6136  tcpipreg - ok
08:29:57.0352 6136  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:29:57.0352 6136  TDPIPE - ok
08:29:57.0383 6136  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:29:57.0383 6136  TDTCP - ok
08:29:57.0430 6136  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:29:57.0445 6136  tdx - ok
08:29:57.0477 6136  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:29:57.0492 6136  TermDD - ok
08:29:57.0539 6136  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
08:29:57.0570 6136  TermService - ok
08:29:57.0586 6136  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
08:29:57.0617 6136  Themes - ok
08:29:57.0633 6136  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
08:29:57.0664 6136  THREADORDER - ok
08:29:57.0679 6136  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
08:29:57.0695 6136  TrkWks - ok
08:29:57.0742 6136  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:29:57.0773 6136  TrustedInstaller - ok
08:29:57.0804 6136  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:29:57.0835 6136  tssecsrv - ok
08:29:57.0882 6136  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:29:57.0898 6136  TsUsbFlt - ok
08:29:57.0945 6136  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:29:57.0960 6136  tunnel - ok
08:29:57.0976 6136  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:29:57.0991 6136  uagp35 - ok
08:29:58.0007 6136  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:29:58.0054 6136  udfs - ok
08:29:58.0085 6136  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:29:58.0085 6136  UI0Detect - ok
08:29:58.0101 6136  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:29:58.0116 6136  uliagpkx - ok
08:29:58.0147 6136  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
08:29:58.0163 6136  umbus - ok
08:29:58.0194 6136  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:29:58.0194 6136  UmPass - ok
08:29:58.0241 6136  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
08:29:58.0272 6136  UmRdpService - ok
08:29:58.0288 6136  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
08:29:58.0335 6136  upnphost - ok
08:29:58.0366 6136  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:29:58.0381 6136  usbccgp - ok
08:29:58.0413 6136  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:29:58.0413 6136  usbcir - ok
08:29:58.0444 6136  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:29:58.0475 6136  usbehci - ok
08:29:58.0491 6136  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:29:58.0506 6136  usbhub - ok
08:29:58.0537 6136  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:29:58.0569 6136  usbohci - ok
08:29:58.0584 6136  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:29:58.0600 6136  usbprint - ok
08:29:58.0631 6136  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:29:58.0647 6136  usbscan - ok
08:29:58.0662 6136  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:29:58.0662 6136  USBSTOR - ok
08:29:58.0709 6136  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:29:58.0709 6136  usbuhci - ok
08:29:58.0725 6136  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:29:58.0771 6136  UxSms - ok
08:29:58.0803 6136  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
08:29:58.0803 6136  VaultSvc - ok
08:29:58.0818 6136  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:29:58.0834 6136  vdrvroot - ok
08:29:58.0865 6136  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
08:29:58.0896 6136  vds - ok
08:29:58.0943 6136  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:29:58.0943 6136  vga - ok
08:29:58.0959 6136  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:29:58.0990 6136  VgaSave - ok
08:29:59.0021 6136  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:29:59.0037 6136  vhdmp - ok
08:29:59.0068 6136  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:29:59.0068 6136  viaide - ok
08:29:59.0099 6136  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
08:29:59.0099 6136  vmbus - ok
08:29:59.0115 6136  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
08:29:59.0130 6136  VMBusHID - ok
08:29:59.0177 6136  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:29:59.0177 6136  volmgr - ok
08:29:59.0208 6136  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:29:59.0224 6136  volmgrx - ok
08:29:59.0239 6136  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:29:59.0255 6136  volsnap - ok
08:29:59.0271 6136  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:29:59.0271 6136  vsmraid - ok
08:29:59.0317 6136  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
08:29:59.0364 6136  VSS - ok
08:29:59.0364 6136  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:29:59.0380 6136  vwifibus - ok
08:29:59.0411 6136  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:29:59.0427 6136  vwififlt - ok
08:29:59.0458 6136  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:29:59.0489 6136  W32Time - ok
08:29:59.0505 6136  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:29:59.0520 6136  WacomPen - ok
08:29:59.0551 6136  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:29:59.0583 6136  WANARP - ok
08:29:59.0583 6136  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:29:59.0614 6136  Wanarpv6 - ok
08:29:59.0661 6136  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
08:29:59.0692 6136  wbengine - ok
08:29:59.0707 6136  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:29:59.0723 6136  WbioSrvc - ok
08:29:59.0754 6136  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:29:59.0785 6136  wcncsvc - ok
08:29:59.0801 6136  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:29:59.0817 6136  WcsPlugInService - ok
08:29:59.0817 6136  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:29:59.0832 6136  Wd - ok
08:29:59.0879 6136  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:29:59.0895 6136  Wdf01000 - ok
08:29:59.0910 6136  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:29:59.0926 6136  WdiServiceHost - ok
08:29:59.0926 6136  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:29:59.0941 6136  WdiSystemHost - ok
08:29:59.0988 6136  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
08:30:00.0004 6136  WebClient - ok
08:30:00.0019 6136  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:30:00.0066 6136  Wecsvc - ok
08:30:00.0097 6136  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:30:00.0129 6136  wercplsupport - ok
08:30:00.0144 6136  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:30:00.0191 6136  WerSvc - ok
08:30:00.0207 6136  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:30:00.0238 6136  WfpLwf - ok
08:30:00.0269 6136  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
08:30:00.0269 6136  WimFltr - ok
08:30:00.0285 6136  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:30:00.0285 6136  WIMMount - ok
08:30:00.0300 6136  WinDefend - ok
08:30:00.0316 6136  WinHttpAutoProxySvc - ok
08:30:00.0347 6136  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:30:00.0378 6136  Winmgmt - ok
08:30:00.0425 6136  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
08:30:00.0456 6136  WinRM - ok
08:30:00.0519 6136  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:30:00.0550 6136  WinUsb - ok
08:30:00.0581 6136  [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
08:30:00.0597 6136  WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
08:30:00.0597 6136  WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
08:30:00.0612 6136  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:30:00.0659 6136  Wlansvc - ok
08:30:00.0675 6136  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:30:00.0690 6136  WmiAcpi - ok
08:30:00.0706 6136  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:30:00.0721 6136  wmiApSrv - ok
08:30:00.0753 6136  WMPNetworkSvc - ok
08:30:00.0768 6136  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:30:00.0768 6136  WPCSvc - ok
08:30:00.0799 6136  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:30:00.0815 6136  WPDBusEnum - ok
08:30:00.0831 6136  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:30:00.0862 6136  ws2ifsl - ok
08:30:00.0877 6136  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
08:30:00.0909 6136  wscsvc - ok
08:30:00.0909 6136  WSearch - ok
08:30:00.0955 6136  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:30:00.0987 6136  wuauserv - ok
08:30:01.0018 6136  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:30:01.0033 6136  WudfPf - ok
08:30:01.0065 6136  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:30:01.0096 6136  WUDFRd - ok
08:30:01.0127 6136  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:30:01.0143 6136  wudfsvc - ok
08:30:01.0158 6136  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:30:01.0174 6136  WwanSvc - ok
08:30:01.0221 6136  [ AC6B43F32E452E358BDC5ECABF894452 ] XTUService      C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
08:30:01.0236 6136  XTUService - ok
08:30:01.0283 6136  [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
08:30:01.0299 6136  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
08:30:01.0299 6136  ================ Scan global ===============================
08:30:01.0314 6136  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:30:01.0361 6136  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
08:30:01.0361 6136  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
08:30:01.0377 6136  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:30:01.0408 6136  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:30:01.0408 6136  [Global] - ok
08:30:01.0408 6136  ================ Scan MBR ==================================
08:30:01.0423 6136  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:30:01.0689 6136  \Device\Harddisk0\DR0 - ok
08:30:01.0689 6136  ================ Scan VBR ==================================
08:30:01.0689 6136  [ 10441088096DECAE728B4DD1D2DBA381 ] \Device\Harddisk0\DR0\Partition1
08:30:01.0689 6136  \Device\Harddisk0\DR0\Partition1 - ok
08:30:01.0720 6136  [ 462731C0FEDD5F2BC96B327EF23F1A3B ] \Device\Harddisk0\DR0\Partition2
08:30:01.0720 6136  \Device\Harddisk0\DR0\Partition2 - ok
08:30:01.0720 6136  ============================================================
08:30:01.0720 6136  Scan finished
08:30:01.0720 6136  ============================================================
08:30:01.0735 4584  Detected object count: 5
08:30:01.0735 4584  Actual detected object count: 5
08:32:22.0432 4584  amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584  amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:22.0432 4584  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:22.0432 4584  IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584  IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:22.0432 4584  SftService ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584  SftService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:22.0432 4584  WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
08:32:22.0432 4584  WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:32:26.0504 2388  Deinitialize success
         

mbar Anti-Rootkit:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugomatic :: HUGOMATIC-PC [administrator]

13.02.2013 08:14:06
mbar-log-2013-02-13 (08-14-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26909
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 12:43:31
-----------------------------
12:43:31.643    OS Version: Windows x64 6.1.7601 Service Pack 1
12:43:31.643    Number of processors: 8 586 0x1A05
12:43:31.643    ComputerName: HUGOMATIC-PC  UserName: Hugomatic
12:43:32.743    Initialize success
12:47:27.011    AVAST engine defs: 13021304
12:56:24.132    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:56:24.132    Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
12:56:24.162    Disk 0 MBR read successfully
12:56:24.162    Disk 0 MBR scan
12:56:24.252    Disk 0 Windows 7 default MBR code
12:56:24.272    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      109 MB offset 63
12:56:24.312    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         8818 MB offset 225280
12:56:24.352    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       468011 MB offset 18284544
12:56:24.392    Disk 0 scanning C:\Windows\system32\drivers
12:56:36.082    Service scanning
12:56:54.872    Modules scanning
12:56:54.872    Disk 0 trace - called modules:
12:56:54.882    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
12:56:54.882    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800657b790]
12:56:54.882    3 CLASSPNP.SYS[fffff88001a2c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800633a050]
12:56:56.522    AVAST engine scan C:\
14:20:19.304    Scan finished successfully
14:20:38.084    Disk 0 MBR has been saved successfully to "C:\Users\Hugomatic\Downloads\MBR.dat"
14:20:38.084    The log file has been saved successfully to "C:\Users\Hugomatic\Downloads\aswMBR.txt"
         

Viele Grüße
__________________

Alt 14.02.2013, 14:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Ok, danke für die Erklärung

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logs bitte immer in CODE-Tags posten

Alt 14.02.2013, 18:48   #5
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo Cosinus,

wie gewünscht der CF Log:

Code:
ATTFilter
ComboFix 13-02-13.02 - Hugomatic 14.02.2013  19:17:35.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6135.4563 [GMT 1:00]
ausgeführt von:: c:\users\Hugomatic\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Hugomatic\g2mdlhlpx.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-14 bis 2013-02-14  ))))))))))))))))))))))))))))))
.
.
2013-02-14 18:21 . 2013-02-14 18:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-14 09:54 . 2013-02-14 09:54	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-13 16:32 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:32 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 16:30 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-13 13:00 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 13:00 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 13:00 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 13:00 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 13:00 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 13:00 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-13 13:00 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-13 13:00 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-13 13:00 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-13 13:00 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-13 13:00 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 13:00 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 10:25 . 2013-02-13 10:25	--------	d-----w-	C:\Logs
2013-02-13 09:24 . 2013-02-13 09:24	--------	d-----w-	c:\users\Hugomatic\AppData\Roaming\Malwarebytes
2013-02-13 09:24 . 2013-02-13 09:24	--------	d-----w-	c:\users\Hugomatic\AppData\Local\Programs
2013-02-12 16:21 . 2013-02-12 16:21	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-03 12:10 . 2013-02-03 12:10	--------	d-----w-	c:\users\Hugomatic\.pdfsam
2013-02-03 12:07 . 2013-02-03 12:07	--------	d-----w-	c:\program files\PDF Split And Merge Basic
2013-02-02 15:45 . 2013-02-02 15:45	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 10:03 . 2012-11-05 16:43	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 10:03 . 2011-05-14 16:00	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 16:34 . 2009-12-19 13:53	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-02 15:45 . 2012-05-16 18:46	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-02-02 15:45 . 2010-04-19 17:33	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 13:00	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 15:06	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:06	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:06	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:06	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 16:50	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 16:50	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 16:50	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 16:50	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 16:50	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 16:50	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 16:50	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 16:50	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 16:50	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 16:50	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 16:50	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 16:50	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 16:50	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 16:50	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 16:50	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 16:50	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 16:50	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 16:50	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 16:50	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 16:50	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 16:50	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 16:50	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 16:50	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 16:50	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 16:50	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 16:50	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 16:50	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 16:50	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 16:50	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 16:50	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 16:50	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 16:50	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 16:50	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 16:50	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 16:50	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 16:50	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 16:50	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 16:50	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 16:50	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 16:50	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 16:50	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-26 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-11-13 140936]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-12 27760]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/12/04 12:58];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 22:28 146928]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-06-03 92160]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2009-09-25 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-27 202752]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-15 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-15 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-15 465360]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [2009-07-09 27096]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2009-07-27 30944]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-11-13 114168]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [2012-05-12 19464]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh564.sys [2009-11-06 765952]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-07-06 317480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 15:21	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-05 10:03]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:47]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-10 17:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2009-10-05 166200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7833120]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2009-10-05 58696]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,a0,dd,73,5b,ed,f9,df,8d,d4,2e,05,d8,cb,36,54,f0,ca,51,f8,33,62,93,
   96,f9,e1,73,25,18,9e,38,a7,82,65,bc,64,ac,89,b0,30,21,48,e1,dd,0a,a9,2a,f3,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\Software\SecuROM\License information*]
"datasecu"=hex:bb,cf,3f,9d,8f,41,ae,36,6d,66,83,0b,dd,81,7e,dd,66,6e,8d,59,5b,
   b9,78,6d,94,d5,70,73,41,74,4c,9c,59,75,8d,be,0e,41,28,5c,b2,f7,d1,ba,68,32,\
"rkeysecu"=hex:a0,ea,c6,b6,4f,78,91,3b,4f,0f,48,e0,3c,ea,0c,d5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-14  19:22:40
ComboFix-quarantined-files.txt  2013-02-14 18:22
.
Vor Suchlauf: 14 Verzeichnis(se), 215.842.160.640 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 216.153.694.208 Bytes frei
.
- - End Of File - - E485BA1A89142E6EC2F1D8E0B024994D
         
Viele Grüße


Alt 15.02.2013, 09:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> Java/Treams.JO in Quarantäne, PC wieder sicher?

Alt 15.02.2013, 11:50   #7
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo,

hier die Kontrolle.

OTL Log:
Code:
ATTFilter
OTL logfile created on: 15.02.2013 12:30:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,97% Memory free
11,98 Gb Paging File | 9,97 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 201,33 Gb Free Space | 44,05% Space Free | Partition Type: NTFS
 
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\Hugomatic\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
PRC - C:\Programme\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Programme\Alienware\Command Center\AlienFusionController.exe ()
PRC - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a59cf850ee6b2a003167700b648ba9c7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.74.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.74.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.74.0__bebb3c8816410241\AlienwareAlienFXTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.65.0__bebb3c8816410241\AlienLabsTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.65.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.74.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.74.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.74.0__bebb3c8816410241\AlienFX.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.74.0__bebb3c8816410241\AlienFX.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
MOD - C:\Programme\Alienware\Command Center\AlienFusionDomain.dll ()
MOD - C:\Programme\Alienware\Command Center\AlienFusionController.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (DAUpdaterSvc) -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV - (XTUService) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys File not found
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh564.sys (Broadcom Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (smbusp) -- C:\Windows\SysNative\drivers\intelsmb.sys (Intel Corporation)
DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (IOCBIOS) -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys (Intel Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com [binary data]
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{57FEA219-F77E-4D8F-BBBF-74C3C6F4108C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39EBBF6C-D99A-4A24-A3CD-2B7C94F5A45F&apn_sauid=4F91A191-E256-45FD-85AD-2B5B98174300
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE358
IE - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
 
O1 HOSTS File: ([2013.02.14 19:21:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Thermal Controller] C:\Program Files\Alienware\Command Center\ThermalController.exe (Alienware Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787314A1-2B24-4861-8134-B583E6FC6B01}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.15 12:14:16 | 000,000,000 | R--D | C] -- C:\Users\Hugomatic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.02.14 19:54:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.14 19:22:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.14 19:16:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.14 19:16:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.14 19:16:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.14 19:16:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.14 19:16:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.14 19:16:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.14 10:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.14 10:54:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.14 08:49:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.14 08:49:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.14 08:49:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.13 17:31:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 17:31:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 17:31:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 17:31:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 17:31:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 17:31:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 17:31:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 17:31:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 17:31:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 17:31:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 17:31:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 17:31:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 17:31:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 17:31:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 17:31:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 14:00:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 14:00:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 14:00:56 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 14:00:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 14:00:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 14:00:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 14:00:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 14:00:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 14:00:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 14:00:48 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 11:25:59 | 000,000,000 | ---D | C] -- C:\Logs
[2013.02.13 10:24:35 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Roaming\Malwarebytes
[2013.02.13 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\AppData\Local\Programs
[2013.02.12 17:37:11 | 005,032,798 | R--- | C] (Swearware) -- C:\Users\Hugomatic\Desktop\ComboFix.exe
[2013.02.12 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 17:21:29 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\Desktop\mbar
[2013.02.03 13:10:21 | 000,000,000 | ---D | C] -- C:\Users\Hugomatic\.pdfsam
[2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
[2013.02.03 13:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[2013.02.02 16:45:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 12:26:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.15 12:22:22 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 12:22:22 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 12:14:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.15 12:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 12:13:59 | 529,731,583 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 22:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 19:21:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.14 19:16:08 | 005,032,798 | R--- | M] (Swearware) -- C:\Users\Hugomatic\Desktop\ComboFix.exe
[2013.02.14 11:03:12 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.14 11:03:12 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.14 10:54:53 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.14 08:36:04 | 000,292,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 17:33:31 | 001,548,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.13 17:33:31 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.13 17:33:31 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.13 17:33:31 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.13 17:33:31 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.13 11:32:48 | 000,000,000 | ---- | M] () -- C:\Users\Hugomatic\defogger_reenable
[2013.02.12 17:43:21 | 000,034,875 | ---- | M] () -- C:\Users\Hugomatic\Documents\combofix.odt
[2013.02.02 16:45:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.02 16:45:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.02 16:45:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.02 16:45:23 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.02 16:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.02 16:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.02 16:22:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.14 19:16:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.14 19:16:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.14 19:16:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.14 19:16:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.14 19:16:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.14 10:54:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.14 10:54:53 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.13 11:32:48 | 000,000,000 | ---- | C] () -- C:\Users\Hugomatic\defogger_reenable
[2013.02.12 17:43:19 | 000,034,875 | ---- | C] () -- C:\Users\Hugomatic\Documents\combofix.odt
[2012.09.10 13:03:38 | 004,129,378 | ---- | C] () -- C:\Users\Hugomatic\ProStation Manual.pdf
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.24 11:29:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.07.24 11:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.06.30 17:16:54 | 000,007,607 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\Resmon.ResmonCfg
[2010.02.18 18:08:37 | 000,000,097 | ---- | C] () -- C:\Users\Hugomatic\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 12:30:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hugomatic\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,43 Gb Available Physical Memory | 73,97% Memory free
11,98 Gb Paging File | 9,97 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,04 Gb Total Space | 201,33 Gb Free Space | 44,05% Space Free | Partition Type: NTFS
 
Computer Name: HUGOMATIC-PC | User Name: Hugomatic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FE80F0-1DCB-4434-A071-B24CBB9C96C9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{038164F5-F02D-4BED-8A32-59DEF920335A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{09E79B72-08FF-4913-885F-639105320E43}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | 
"{0FADFCAE-7A0C-4BCC-B0FE-5E18152A6B44}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{1680D63B-07D6-4F25-A340-449681A23D12}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{1A36B73D-2986-49CE-8DDE-EB263103856A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{1E066D5D-DA62-462C-B710-320764406034}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{1EBCA0DD-BAF1-4DEC-9987-BCB994C39051}" = protocol=6 | dir=in | app=c:\dragon age\daoriginslauncher.exe | 
"{20D42473-B6F8-4890-8C0D-1265A4A6D746}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{24DA52CB-20DC-4872-88CE-A70A41E54883}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{25A2D7E8-5030-4E56-B46C-5FB180A6D430}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{29C61B44-0F92-48D1-899B-830EA6020E85}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2BDED0D1-EBC2-4FB7-B63A-D918575E9D69}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{2C34BDFF-9C8F-421F-9D70-11F52E727A38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{2E2E38E6-0503-448F-9626-360CBBFAA46D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{31321D17-93EB-49C3-B148-3E4D7BCC857A}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{351E8D68-0BD1-454D-8505-1F303D74BE45}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{35A3D5DF-405B-487F-93D2-C3C1DBAFC4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{3BCD4BEE-D4D7-4648-AB69-0DB3651FF166}" = protocol=6 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | 
"{4BB1AE14-1D84-427D-A937-0FC8678EEE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{4C85BDD2-0D82-41F8-9305-A433A96896A2}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{541EBEC0-7EF1-47F2-8368-9E57A9664E04}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{566C9EF0-FC8D-45CF-9512-46F6F4BC24F1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5975A1D8-D1B3-4FB8-BB23-B790A48C1A02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6787D9C8-8B05-4C03-94BA-90C2EF1AF564}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{6B3ABD99-5823-4D03-8FE6-90D7EBD59497}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{747E2F9E-DFC4-4713-9EC1-E9D27AEAE66D}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{7C2E5ED5-10CF-4D26-8932-919FB9DEADA0}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daorigins.exe | 
"{7CD53D4D-E043-4BE7-AD9C-84D1D26F7165}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{7F16A3D2-2126-4A2A-8D75-44A3691EDB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{80F546B4-0A9C-4129-A5B9-B87B2BA73997}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{8A9F476D-53ED-427F-9AAA-A9A2470AB342}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{8E70EE16-6945-474E-BECE-D624268EE510}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{90FB8D19-9B31-4BB3-B511-67FFF8DC98AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{92AF711C-CCA8-45F8-887A-C083A6B256DF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{9C715D5C-D04C-4D59-B274-88E538BB1112}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{9F3B501C-5018-4A36-9B3F-60C19F6B0551}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1A35A1B-2DFE-4677-8BDE-176498E3CF3F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{A24300E5-F2B2-4520-8003-AB4989926DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A5A50408-D708-4DFA-A69A-085C60D11860}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{ADB92EC1-3DFF-4265-BBBC-744EA4E67D44}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{B3DD45FD-49CB-492B-9B7A-AF8A5DE8F3C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{BDEE0490-78EF-426B-9DCF-98CC87C988BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C1E53C6C-6C8A-443C-9E59-1A303913D10F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{C23F5C61-E714-4E86-987E-C1C3C0B47572}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{C528B8CC-2716-4191-94EE-328CD78B8969}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{C57DD692-31BF-4FE8-BAF0-470EE31CC575}" = protocol=17 | dir=in | app=c:\dragon age\daoriginslauncher.exe | 
"{C5FBFD34-4A62-45A9-A3E3-2B12C1F64491}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{C699DD47-34A4-46E5-8E8C-139335AA449C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{C9FB4CB7-62B4-406A-BBFE-5BF04DB8694C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{CBC335B8-DFEA-4F73-B01A-6D9C258C9B1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CBFA15B1-4526-487C-9E7A-97164ED4E920}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{CED8196E-C321-4109-8AC0-F4091C4F84FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{D41DE1CF-E958-4838-8BEC-83738F6E1205}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D764A164-761E-4B99-9C27-8C3F7EABD167}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D76BC965-6156-4D41-A760-613E3159B546}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DB193F07-BEC1-4FE0-8BE8-8D7B9C639E72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{DB1D4A78-596E-40FA-9653-F6BD5C91B85D}" = protocol=17 | dir=in | app=c:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DB2219D0-C483-487C-A56A-776EB735D072}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{DFDD853A-4F4E-466E-9F3F-000F2E614EBB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{E1B0B810-C1B6-41B5-8374-3C7A201E0CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe | 
"{E1DF79F8-6374-4758-9707-7C138BC0F484}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E4C465C6-4124-400F-BA8B-9C4C16E4D6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{E581981C-05E2-4CC1-B670-D26DC6E95C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{E608582A-34AB-425F-9640-6E08315FF407}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E66E66CC-024B-44FB-A069-EE71265C44A8}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{E910728F-F2D6-4877-8D55-17159716557F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F2149C7F-2987-4A0B-A56C-1619EDCC3DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{F79FC874-B686-4715-8B7A-09E621028FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{35FBBE37-D205-B85B-A072-F306AF0DA6AB}" = ccc-utility64
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B9DBB81-1F48-48B0-8CB3-051311DC73F7}" = Adobe Photoshop Lightroom 2.7 64-bit
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SMBus" = Intel(R) SMBus
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01F7C7DB-3112-5099-C9E7-DD287AE5CD34}" = CCC Help Greek
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A957041-A0D3-8227-0B1C-34A0B9B4BCE9}" = Catalyst Control Center Graphics Full New
"{0EC66655-20A4-DC5F-3145-B60C54F1BEDC}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1633A40C-B60C-54A8-79EC-1D83F24F3102}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D824414-EEA0-8288-A694-ADB2C96C2420}" = Catalyst Control Center Graphics Light
"{1E897CA6-5DA8-449D-5F0F-64473BCF7A92}" = CCC Help Dutch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30204391-70DE-706C-1907-50E0CEEEE763}" = CCC Help Spanish
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34E1B3D3-D636-3D6A-8089-CD055365A84D}" = CCC Help Danish
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{481BD864-726E-2B54-1F55-26623C47B9F4}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FF85B8C-4BE5-99FA-895A-7876E3279C0B}" = Catalyst Control Center InstallProxy
"{61CF87C1-172B-3594-0504-69AEB723C61B}" = Catalyst Control Center Graphics Full Existing
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62AE603D-5599-C19C-1FD6-457B803E86A3}" = Skins
"{62EA3947-00F0-CD3C-B4F1-409D03353E8C}" = CCC Help Norwegian
"{66896432-C843-3937-AFC5-9A753F2ACE55}" = Catalyst Control Center Core Implementation
"{6B388EFD-35DF-AB18-37B6-498784F38C92}" = CCC Help Hungarian
"{6DB66382-0C4E-FEA5-F6B9-037714E7D695}" = CCC Help Chinese Traditional
"{72198521-36AE-472E-EDC1-36E9E66EF706}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74cc0977-aec9-4d27-8883-888baff04160}" = Nero 9 Essentials
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{818395BC-8C56-9DBB-06DB-7A5C4FAA1EAA}" = CCC Help Polish
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8402C81C-7202-B07E-E556-5DCF9C91A37A}" = CCC Help Italian
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8C87ECBD-9B68-ABA9-9EB0-2545C2746C3B}" = CCC Help Turkish
"{91A9CEFA-1506-B9BA-1663-1205B55BC51C}" = CCC Help French
"{91EE7DC4-F14A-4A98-B6A9-D2851D9EA213}" = CCC Help English
"{9685F3F9-5581-07A7-90B7-CFF046694FCA}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A933D9C3-56EF-68F4-BECA-05BE7337918F}" = CCC Help German
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BCBDC685-EF9F-FE17-A5B7-FAD72A41997B}" = CCC Help Japanese
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C20FF6AA-1CE7-ABC5-6B74-2D644731E3D2}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D4E45F96-61E5-0C00-8972-228B9BFFB091}" = Catalyst Control Center Graphics Previews Vista
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E26B007E-4F63-6F24-D440-2A509A89C00E}" = Catalyst Control Center Graphics Previews Common
"{E4EE40C4-29E4-D860-78C0-72B9B29C4184}" = CCC Help Czech
"{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC79D1A6-1D7D-B7A3-B113-1591E6CA78DF}" = CCC Help Korean
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F12614C4-BF95-57EC-BFB3-04F934A8ED8A}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA5D0718-40E2-7FEE-BB9B-028162A7B2FC}" = CCC Help Chinese Standard
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Diablo III" = Diablo III
"DPP" = Canon Utilities Digital Photo Professional 3.9
"Drakensang_is1" = Drakensang
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B59E5A-CF45-4528-8227-7EDF5EC772BE}" = Intel Extreme Tuning Utility
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Two Worlds II" = Two Worlds II
"WFTK" = Canon Utilities WFT Utility
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3298486900-1751861136-877735410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
"InstallShield_{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}" = WHS ProStation
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.02.2013 11:51:55 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-12,
 16:51:55.1197035 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 03:04:05 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 08:04:05.0924871 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 03:39:29 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 08:39:29.0157028 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 13.02.2013 07:00:30 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-13,
 12:00:30.3764976 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 14.02.2013 03:36:53 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-14,
 08:36:53.9253676 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 14.02.2013 04:09:52 | Computer Name = Hugomatic-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hugomatic\AppData\Local\Microsoft\Windows\Temporary
 Internet Files\Content.IE5\SZHD8UL3\esetsmartinstaller_enu.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.02.2013 04:10:40 | Computer Name = Hugomatic-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hugomatic\AppData\Local\Microsoft\Windows\Temporary
 Internet Files\Content.IE5\SZHD8UL3\esetsmartinstaller_enu.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.02.2013 14:01:28 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-14,
 19:01:28.7105572 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 15.02.2013 04:16:36 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-15,
 09:16:36.9705591 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
Error - 15.02.2013 07:15:15 | Computer Name = Hugomatic-PC | Source = XTUservice | ID = 0
Description = ------------------------------------------------------------------------------

2013-02-15,
 12:15:15.0304078 : Error : Unhandled exception detected while executing virtual
 device command response.: CDV(READ_ITEM_DEFAULT, 370, MEMORY_FREQUENCY_MONITOR)
 : Inputs=[ (HOST_CLOCK_FREQUENCY,133) (MEMORY_MULTIPLIER,) ] := Error calculating
 derived value!  Calling StackTrace:    bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._CalculateDerivedValue(IVirtualDeviceCommandProcessing
 vdcmdproc, ItemId derivedItem, IDictionary`2 inputList)     bei Intel.PerfTune.VirtualDevices.VirtualClockDevice._DerivedMonitorFinalizeResult(CommandTrackingKey
 CompletedItemIdAndEventId, IComparable& FinalizedReturnValue)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._FinalizeDerivedRead(IVirtualDeviceCommandMessage
 vdcmdmsg, ErrorTypes status, CommandTrackingKey completedItemIdAndEventId, List`1
 errors)     bei Intel.PerfTune.VirtualDevices.DefaultDerivedMonitorDeviceImplementation._LoadValueToTrackingDictionary(IVirtualDeviceCommandMessage
 sender, EventId currentEvent, ItemId currentItemId, ErrorTypes status, Object valueReturned,
 List`1 ErrorInfo)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessReadItemDefault(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.DefaultVirtualDeviceImpl._ProcessCommandRequest(IVirtualDeviceCommandProcessing
 cmdMsg)     bei Intel.PerfTune.VirtualDevices.VirtualDeviceCommandProcessor._VdMessageProcessor()

   bei System.Threading.ThreadHelper.ThreadStart_Context(Object state)     bei System.Threading.ExecutionContext.Run(ExecutionContext
 executionContext, ContextCallback callback, Object state)     bei System.Threading.ThreadHelper.ThreadStart()


 
[ System Events ]
Error - 15.02.2013 04:15:21 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 15.02.2013 04:15:21 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Alienware Fusion Service erreicht.
 
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Alienware Fusion Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 15.02.2013 04:15:55 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 15.02.2013 07:14:05 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 15.02.2013 07:14:05 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 15.02.2013 07:14:20 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 15.02.2013 07:14:20 | Computer Name = Hugomatic-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         

Alt 15.02.2013, 12:10   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logs bitte immer in CODE-Tags posten

Alt 15.02.2013, 16:08   #9
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hier die beiden Logs.

Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hugomatic :: HUGOMATIC-PC [Administrator]

Schutz: Deaktiviert

15.02.2013 15:27:20
mbam-log-2013-02-15 (15-27-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225987
Laufzeit: 1 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=eac0cf4278578f42816bfb52b76bbbc5
# engine=13163
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-15 03:51:35
# local_time=2013-02-15 04:51:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1801 16775165 100 99 13172 24116148 2397 0
# compatibility_mode=5893 16776574 100 94 41378270 112573345 0 0
# scanned=173358
# found=0
# cleaned=0
# scan_time=4143
         

Alt 16.02.2013, 13:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logs bitte immer in CODE-Tags posten

Alt 18.02.2013, 14:00   #11
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo Cosinus,

weitere Funde habe ich nicht.
Was mich allerdings wundert ist, dass während dieser ganzen Scannerei meine versteckten Ordner u. Dateien sich immer wieder mal verstecken und ich sie neu anzeigen lassen muss. Ist das ein Effekt von OTL oder irgendeinem anderen der hier verwendeten Programme?


Viele Grüße

Alt 19.02.2013, 23:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Siehe http://www.trojaner-board.de/59624-a...-sichtbar.html

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logs bitte immer in CODE-Tags posten

Alt 20.02.2013, 09:26   #13
Hugomatic
 
Java/Treams.JO in Quarantäne, PC wieder sicher? - Standard

Java/Treams.JO in Quarantäne, PC wieder sicher?



Hallo Cosinus,

wie man die Ordner sichtbar macht ist mir schon klar, ich habe mich nur gewundert und gefragt ob einer der vielen hier verwendeten Scanner die Einstellungen quasi auf die Standardwerte zurücksetzt (und nicht der böse versteckte Datei-verstecker-Virus ). Edith: OK, es ist OTL

Vielen Dank auf jeden Fall für deine Hilfe, ich habe einige neue Programme und sonstige hilfreiche und sicherheitsrelevante Dinge kennengelernt.

Meinen Respekt vor eurer Arbeit hier im Forum, hätte bei der Masse an Themen fast erwartet, dass ich irgendwo untergehe.

Viele Grüße

Geändert von Hugomatic (20.02.2013 um 09:39 Uhr)

Antwort

Themen zu Java/Treams.JO in Quarantäne, PC wieder sicher?
antivir, appdatalow, aswmbr, autorun, avira, bho, browser, canon, desktop, error, februar 2013, firefox, flash player, frage, google, helper, homepage, iexplore.exe, install.exe, internet, internet browser, logfile, neu aufsetzen, object, plug-in, programm, realtek, registrierungsdatenbank, registry, rundll, security, software, virus, windows



Ähnliche Themen: Java/Treams.JO in Quarantäne, PC wieder sicher?


  1. db29.exe. kommt immer wieder trotz virenscan und quarantäne
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (16)
  2. Java - Kann man Java sicher installieren ?
    Diskussionsforum - 30.01.2015 (13)
  3. TR Trash Gen wir jede Stunde gefunden und in Quarantäne verschoben. Erscheint immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  4. 'TR/Sisproc.A.2763' [trojan] gefunden. Angeblich in Quarantäne, kommt dennoch wieder
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (15)
  5. AVIRA hat den Trojaner TR/Matsnu.G in Quarantäne verschoben, reicht das aus? Ist das System wieder sicher?
    Log-Analyse und Auswertung - 13.11.2013 (5)
  6. Nach GVU Trojaner wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (18)
  7. Viren/Trojanerfund Trojan.0Access und JAVA/Treams.IX & Consorten
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (12)
  8. tr/crypt.zpack.gen2 in Quarantäne, ist mein System nun wieder sicher? Oder muss ich weitere Schritte befolgen?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (17)
  9. Fund Java/Dldr.Treams.CX durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (11)
  10. (crossposting) java/dldr.treams.cq
    Mülltonne - 11.08.2012 (1)
  11. Diverse Trojaner in Quarantäne bei antivir welche daten sind sicher? Analyse vom infiziertem PC?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (9)
  12. User\*****\AppData\Roaming\appconf32 in Quarantäne, ist mein System wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (1)
  13. JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (19)
  14. VLC ist wieder sicher
    Nachrichten - 13.04.2011 (0)
  15. AntiVir findet 2 Viren: JAVA/OpenConnect.AI und schiebt sie in Quarantäne. Hab ich nun ein problem?
    Log-Analyse und Auswertung - 22.03.2011 (1)
  16. JAVA/Dldr.Agent.D durch Antivir gefunden, in Quarantäne verschoben. Und nun?
    Antiviren-, Firewall- und andere Schutzprogramme - 18.08.2010 (10)
  17. System wieder sicher?
    Mülltonne - 15.06.2008 (0)

Zum Thema Java/Treams.JO in Quarantäne, PC wieder sicher? - Hallo zusammen, Ich habe gestern bei einem Routinescan von Avira Internet Security 2012 in meinem Temp Ordner den Virus Java/Treams.JO entdeckt und in Quarantäne gesetzt. Da ich nicht weiss was - Java/Treams.JO in Quarantäne, PC wieder sicher?...
Archiv
Du betrachtest: Java/Treams.JO in Quarantäne, PC wieder sicher? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.