Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.02.2013, 17:37   #1
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Hallo,
ich habe ein vermutlich schwerwiegendes Problem. Als ich heute den IE startete, wollte er, dass ich irgendein Add-On namens "IE Security..." von "... Chung ..." (ich kann mich leider nicht mehr an den genauen Namen erinnern) aktivieren.
Einige Sekunden später meldete sich Avira mit den Virus "JS/BlacoleRef.W.234", welcher bei "AppData\Local\Mozilla\Firefox\Profiles\infl1ov0.default\" gefunden wurde. Den habe ich entfernt.
Anschließend scannte ich den temporären Ordner von IE, in welchem zwei verseuchte Dateien gefunden wurden, nämlich der Schädling "EXP/Pdfka.EL.831"

Jetzt kommt erst das schwerwiegende: Vor einigen Tagen wurde meine Webseite gehackt, es wurde an vielen PHP-Dateien am Ende von Javascript-Virus angefügt.
Vermutlich hatte der Hacker meine FTP-Daten von meinen (ehemals?) verseuchten PC mit FileZilla abgefangen.
Das Passwort für FTP, MySQL und zur Kontrolle der Webseite wurde geändert.
Inzwischen bin ich mir sicher, wie die Webseite gehackt wurde: (da ich den Link nicht einfügen konnte, bitte am Ende dieses Posts das Zitat lesen. Es ist ein Auszug aus einem Post, ein Absatz, von einem User aus dem Avira-Forum, welcher sich über ein JS-Virus beklagte)

Seitdem meine Seite gehackt wurde, und ich eine entsprechende E-Mail von meinen Provider bekam, habe ich mehrmals Combofix (ohne Anweisung, aber ich benutze es bei Verdacht häufig). Sicherlich war es ein Fehler, so "unbedacht" CF laufen zu lassen, aber es hatte auch einiges für mich entfernt. Alarmierend: Unter anderem wurde eine infizierte Datei von ntdll.dll gefunden. Ich habe die 5 Logs als ZIP-Datei in den Anhang getan, hoffentlich ist das nicht überfordernd.

Ich habe große Angst, dass mein PC alles andere als sauber ist und ich nicht weiss, ob die neuen FTP-Daten wieder gestohlen werden.

Zitat:
Auszug aus dem Avira-Forum, ein Absatz eines Users:

"Als ich dann alle von mir geführten Homepages aufrief, ging AntiVir an (irgendein JS-Virus). Daraufhin habe ich in FileZilla festgestellt, dass alle html-Dateien und die index.php`s innerhalb von Sekunden geändert wurden (nicht von mir) und jede dieser Seiten wohl den Virus beinhaltete. Als ich bei einer dieser Seiten den Quelltext anschauen wollte, öffnete sich zwar das Editor-Fenster, aber es erschien sofort eine Meldung "ZUGRIFF VERWEIGERT". Ich hatte also keine Möglichkeit, mir anzuschauen, was da drin war."

Geändert von UED (17.02.2013 um 17:38 Uhr) Grund: Titel optimiert

Alt 17.02.2013, 17:42   #2
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



hi
du musst auch alle foren, cms etc updaten, ne webseite muss genauso mit Updates versorgt werden, wie der PC.
Wenn du die Logs von combofix nicht selbst auswerten kannst, denn da sind nicht nur die Löschungen interessant, finger weg von dem Programm.
Öffne Computer, c: qoobox rechtsklick quarantain, mit winrar oder Zip packen, hochladen:
Trojaner-Board Upload Channel
bescheid geben wenn fertig.
poste alle Avira Fundmeldungen bitte:
http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________

Alt 17.02.2013, 18:06   #3
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Vielen Dank für deine rasante Antwort. Hier im Forum ist ja viel los, mein Thread rutschte im gefühlten Minutentakt nach unten.
Nachdem ich alle Funde exportiert habe, fand ich mehrmals ein Virus mitunter den Namen ZeroAcess. Nun bin ich mir sicher, dass meine Seite mit ZeroAcess/0acess angegriffen wurde.

Das Forum, welches auf der Seite ist, hat stets die neusten Updates, aber wie gesagt, die Seite wurde höchstwahrscheinlich mit meinen abgefangenen FTP-Daten verseucht.

Ich glaube, die Suche könnte recht mühselig werden.
Im Anhang sind die gewünschten Dateien zu finden.
Hinweis: Für den Ordner "BackEnv" müsste ich erst die Sicherheitseigenschaften auf mich übertragen, bevor ich auf diesen zugreifen kann.
EDIT: Sorry, der Anhang mit der Qoobox wurde auf die spezielle Seite hochgeladen und der Anhang wurde entfernt.
__________________
Angehängte Dateien
Dateityp: txt AviraEreignisse.txt (10,0 KB, 171x aufgerufen)

Alt 17.02.2013, 18:10   #4
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Danke
nutzt du den PC für Onlinebanking, sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 18:15   #5
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Ich benutzte den PC für das Onlinebanking. Allerdings wog ich mich immer auf der sicheren Seite, da ich dieses optische TAN-Verfahren benutze.
Seit dem Vorfall bin ich mir nicht sicher, ob ich ihn benutzt habe. Ich hoffe, nein.

Vor diesem Thread hatte ich überlegt, ob ich in anderen Threads Tools wie aswMBR, mbar oder GMER laufen lasse, aber dann ließ ich es doch sein und arbeite nur noch nach Anweisungen. Im Nachhinein bin ich froh, dass ich nichts eigenständiges mehr gemacht habe.


Alt 17.02.2013, 18:20   #6
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Hi,
Bank bitte anrufen, Notfallnummer:
116 116
Onlinebanking wegen Zeroaccess Rootkit sperren lassen.
infos über das Rootkit:
The ZeroAccess rootkit | Naked Security
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für onlinebanking, und bearbeiten deiner Page verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
__________________
--> Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden

Alt 17.02.2013, 18:35   #7
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Nochmals vielen Dank für deine schnelle Hilfe, mein Konto wurde soeben für das Onlinebanking gesperrt.
Auch wenn ich diesen Rechner demnächst (nächsten Monat?) formatiert verkaufen werde, kann ich es solange im verseuchten Zustand nicht aushalten.
Außerdem bitte ich deswegen um Support, da ich somit umfassende Kentnisse erlernen werde und sicherlich mehr weiss als nur Combofix. Ich hoffe sehr, dass ich den Support bekommen kann, da ich nicht weiss, in wie vielen Wochen ich den Rechner verkaufen werde und meinen neuen erhalte.

Alt 17.02.2013, 18:38   #8
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Hi,
auch wenn wir das gerät bereinigen, sind diese Schritte nicht 1 zu 1 zu übernemen und du solltest von selbstständigen Reinigungen abstand nemen, wie du gesehen hast, klappt das nicht so richtig.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 20:07   #9
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Oh je, ich muss sagen, dass ich in meiner Verzweiflung heute morgen noch ein weiteres Tool benutzt habe, nämlich ausgerechnet OTL. Ich habe laut einem Thread hier einige Sachen umgestellt, ich glaube, ich habe folgendes verändert:
- Ausgabe zu Minimal
- Extra-Registrierung auf Aus
- LOP- und Purity Scan aktiviert

Soll ich diese Einstellungen rückgängig machen und dann den Inhalt der beiden Dateien hier posten?

Alt 17.02.2013, 20:23   #10
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Hi
so ausführen wie oben angegeben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 20:47   #11
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Ich weiss nicht, was ich tun soll.
Immer, wenn ich OTL mit Quick Scan starten möchte, springen gewisse Einstellungen um, in erster Linie werden Extra-Registrierung abgeschaltet und es wird von selbst LOP und Purity aktiviert.
Was mache ich da falsch? Wieso stellt das Programm die Einstellungen um, wenn ich scannen möchte?
Somit bekomme ich leider auch nicht die Extra.txt.

Gestern Abend machte sich meine Maus auch noch leicht "selbständig". Sie verschiebt sich manchmal, sie führt (Doppel-)Klicks aus. Aber sie tut es anscheinend nie auf ein bestimmtes Ziel, halte ich die Maus über eine Titelleiste, wird das Fenster verkleinert/maximiert.

Dies bitte ich zu beachten, genauso wie mein Problem mit OTL, wo einige EInstellungen umspringen beim Scan-Start. Übrigens habe ich gestern bei OTL eine Bereinigung durchgeführt, in der Hoffnung, die Einstellungen verstellen sich nicht mehr. Allerdings habe ich es seitdem nicht mehr getestet.

Ich entschuldige mich übrigens für diesen Doppel-Post, leider kann ich den oberen Post nicht mehr bearbeiten.

Alt 18.02.2013, 15:30   #12
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



dann füge das script ein und klicke einfach auf quick scan bitte
wenn das nicht geht klicke einfach nur auf quick Scan
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.02.2013, 17:18   #13
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Hm, obwohl er einige Einstellungen beim Scan umgestellt hat (Extra-Registrierung: Aus, LOP & Purity aktiviert), habe ich meine beiden Dateien bekommen.
Ich hoffe sehr, das kann behoben werden. Auch das neue Problem, dass meine Maus willkürliche Klicks manchmal macht.

[CODE]OTL-Log

︀OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.02.2013 16:43:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UED\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,25% Memory free
8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 23,47 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
 
Computer Name: UED-PC | User Name: UED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.18 16:42:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\UED\Desktop\OTL.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH C Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.31 15:50:30 | 001,082,368 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2012.05.28 17:08:28 | 000,368,726 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2012.05.21 14:33:56 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.08.17 08:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06: 8 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.05.21 14:33:58 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
MOD - [2011.03.28 10:04:52 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
MOD - [2010.03.31 20:59:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
MOD - [2003.05.01 16:23:28 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\cscvt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.06 22:53:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.01 01:25:31 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.10.02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand   Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012707.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.31 15:50:30 | 001,082,368 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012.05.21 14:45:56 | 000,199,680 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012.05.21 14:33:56 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2012.01.05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.19 17:46:26 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2012.09.26 20:45:09 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,0\9,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 14:18: 0 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M]V(VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:[b]64bit:[_b] - [2012.08.01 16:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.06.27 14:18:52 | 00:,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.06.26 20:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.06.24 21:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.27 09:18:48 | 000,043,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2011.12.21 13:47:52 | 000,031,968 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2011.12.21 13:47:46 | 000,022,240 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2011.12.21 13:47:08 | 000,025,056 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2011.12.06 11:26:34 | 000,014,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHMSR64.sys -- (DRHMSR64)
DRV:64bit: - [2011.12.01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.11.03 18:05:38 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DRHARD64.sys -- (DRHARD64)
DRV:64bit: - [2011.07.27 09:29:08 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:64bit: - [2011.07.27 09:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64winA.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.04.06 17:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.17 18:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.08.13 07:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNativ]\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.01.29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.12.06 11:26:34 | 000,014,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHMSR64.sys -- (DRHMSR64)
DRV - [2011.11.03 18:05:38 | 000,021,984 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\DRHARD64.sys -- (DRHARD64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 59 29 36 D5 90 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0682C851-0D0A-4BAA-849D-7714C7C01807}
IE - HKCU\..\SearchScopes\{0682C851-0D0A-4BAA-849D-7714C7C01807}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: iseekdeal%40iseekdeal.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.28
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit[ - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.26 12:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 22:53:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 22:53:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 22:53:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 22:53:49 | 000,000,000 | ---D | M]
 
[2012.09.16 16:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UED\AppData\Roaming\mozilla\Extensions
[2013.02.17 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UED\AppData\Roaming\mozilla\Firefox\Profiles\infl1ov0.default\extensions
[2013.01.04 13:22:59 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\UED\AppData\Roaming\mozilla\Firefox\Profiles\infl1ov0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013.02.17 16:26:15 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\UED\AppData\Roaming\mozilla\firefox\profiles\infl1ov0.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.12.06 13:56:28 | 000,001,879 | ---- | M] () (No name found) -- C:\Users\UED\AppData\Roaming\mozilla\firefox\profiles\infl1ov0.default\extensions\iseekdeal@iseekdeal.com.xpi
[2013.02.06 22:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 22:53:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2013.02.16 20:43:34 | 000,000,431 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IE Security Component) - {0D778FDC-FAD7-4B1D-AB88-7A76A562D65C} - C:\ProgramData\Plugin\ISeekDeal.dll (Vtools)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\UED\AppData\Roaming\Mozilla\Firefox\Profiles\infl1ov0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.24.dll File not found
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\UED\AppData\Roaming\Mozilla\Firefox\Profiles\infl1ov0.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.24.dll File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLMo.\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Elplorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microso t Corp.)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HK\M\System\CCS\Services\Tcpip\Parameters\Interfaces\{032751E1-4B64-48B1-8AE0-7F279F1F49FE}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1709D28D-D275-44E6-A2E4-4E6C46EE451C}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.18 16:42:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\UED\Desktop\OTL.exe
[2013.02.17 22:38:42 | 000,000,000 | ---D | C] -- C:\Users\UED\Documents\Microsoft Hardware
[2013.02.17 15:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.17 15:54144 | 000,000,000 | ---D | C] -- C:\Users\UED\Desktop\mbar
[2013.02.17 15:03:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.16 21:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.02.16 21:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.02.15 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\UED\Desktop\directoryblaster
[2013.02.12 19:45:07 | 000,000,000 | ---D | C] -- C:\Users\UED\Desktop\MAMPlayer2006aug19_035
[2013.02.11 20:10:24 | 000,021,984 | ---- | C] (Licensed for Gebhard Software) -- C:\Windows\SysWow64\drivers\DRHARD64.sys
[2013.02.11 20:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2013
[2013.02.11 20:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dr. Hardware 2013
[2013.02.11 20:10:10 | 003,326,496 | ---- | C] (Peter A. Gebhard                                            ) -- C:\Users\UED\Desktop\drh2013d.exe
[2013.02.08 22:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.08 22:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.02.06 22:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.05 22:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2013.02.03 22:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2013.02.03 22:32:31 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2013.02.02 22:35:18 | 000,000,000 | ---D | C] -- C:\Users\UED\AppData\Roaming\Capora
[2013.02.02 22:23:40 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\UED\AppData\Roaming\pcouffin.sys
[2013.02. 2 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\UED\AppData\Roaming\Vso
[2013.02.02 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\UED\Documents\PcSetup
[2013.02.02 22:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2013.02.02 22:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2013.02.02 22:23:07 | 000,000,000 | ---D | C] -- C:\Users\UED\AppData\Local\Programs
[2013.01.23 17:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 17:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.22 21:38:54 | 000,000,000 | ---D | C] -- C:\Users\UED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Smashed Bros
[2013.01.22 21:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Smashed Bros
[2013.01.20 17:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64.1.7.0.50.Ver.23
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.18 16:47:27 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 16:47:27 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 16:42:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\UED\Desktop\OTL.exe
[2013.02.18 16:39:03 | 000,001,330 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013.02.18 16:38:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.17 22:36:06 | 000,311,884 | ---- | M] () -- C:\Users\UED\Desktop\River flows in You (2).jpg
[2013.02.17 22:34:12 | 000,290,746 | ---- | M] () -- C:\Users\UED\Desktop\River flows in you (1).jpg
[2013.02.17 22:10:18 | 000,000,047 | ---- | M] () -- C:\Windows\ssb.ini
[2013.02.17 15:54:34 | 013,711,621 | ---- | M] () -- C:\Users\UED\Desktop\mbar-1.01.0.1020.zip
[2013.02.17 15:49:59 | 000,374,784 | ---- | M] () -- C:\Users\UED\Desktop\GMER_2.1.18952.exe
[2013.02.17 01:06:24 | 000,000,124 | ---- | M] () -- C:\Users\UED\Documents\ax_files.xml
[2013.02.16 23:19:10 | 001,620,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.16 23:19:10 | 000,701,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.16 23:19:10 | 000,655,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.16 23:19:10 | 000,149,868 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.16 23:19:10 | 000,122,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.16 20:43:34 | 000,000,431 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.16 19:41:15 | 000,363,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.15 22:37:07 | 001,601,508 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.12 19:45:03 | 000,440,863 | ---- | M] () -- C:\Users\UED\Desktop\MAMPlayer2006aug19_035.zip
[2013.02.12 19:39:32 | 000,271,958 | ---- | M] () -- C:\Users\UED\Desktop\SMSR Non-TAS Competition _1.zip
[2013.02.11 20:10:25 | 000,000,980 | ---- | M] () -- C:\Users\UED\Desktop\Dr. Hardware 2013.lnk
[2013.02.11 20:10:11 | 003,326,496 | ---- | M] (Peter A. Gebhard                                            ) -- C:\Users\UED\Desktop\drh2013d.exe
[2013.02.03 23:31:46 | 010,186,936 | ---- | M] () -- C:\Users\UED\Desktop\Earthworm Jim 3D.7z
[2013.02.02 22:33:18 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\UED\AppData\Roaming\pcouffin.sys
[2013.02.02 22:33:18 | 000,007,859 | ---- | M] () -- C:5Users\UED\AppData\Roaming\pcouffin.cat
[2013.02.02 22:33:18 | 000,001,167 | ---- | M] () -- C:\Users\UED\AppData\Roaming\pcouffin.inf
[2013.01.23 20:27:45 | 611,061,760 | ---- | M] () -- C:\Users\UED\Documents\VRMPVOL_DE.ISO
 
========== Files Created - No Company Name ==========
 
[2013.02.17 22:36:06 | 000,311,884 | ---- | C] () -- C:\Users\UED\Desktop\River flows in You (2).jpg
[2013.02.17 22:34:12 | 000,290,746 | ---- | C] () -- C:\Users\UED\Desktop\River flows in you (1).jpg
[2013.02.17 15:54:27 | 013,711,621 | ---- | C] () -- C:\Users\UED\Desktop\mbar-1.01.0.1020.zip
[2013.02.17 15:49:59 | 000,374,784 | ---- | C] () -- C:\Users\UED\Desktop\GMER_2.1.18952.exe
[2013.02.15 22:26:36 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ZLhp1600.DLL
[2013.02.12 19:45:03 | 000,440,863 | ---- | C] () -- C:\Users\UED\Desktop\MAMPlayer2006aug19_035.zip
[2013.02.12 19:39:30 | 000,271,958 | ---- | C] () -- C:\Users\UED\Desktop\SMSR Non-TAS Competition _1.zip
[2013.02.11 20:10:25 | 000,0 0,980 | ---- | C] () -- C:\Users\UED\Desktop\Dr. Hardware 2013.lnk
[2013.02.11 20:10:24 | 000,014,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\DRHMSR64.sys
[2013.02.03 23:31:42 | 010,186,936 | ---- | C] () -- C:\Users\UED\Desktop\Earthworm Jim 3D.7z
[2013.02.02 22:23:40 | 000,007,859 | ---- | C] () -- C:\Users\UED\AppData\Roaming\pcouffin.cat
[2013.02.02 22:23:40 | 000,001,167 | ---- | C] () -- C:\Users\UED\AppData\Roaming\pcouffin.inf
[2013.01.23 20:25:35 | 611,061,760 | ---- | C] () -- C:\Users\UED\Documents\VRMPVOL_DE.ISO
[2013.01.22 21:41:37 | 000,000,047 | ---- | C] () -- C:\Windows\ssb.ini
[2013.01.11 20:17:44 | 000,000,737 | ---- | C] () -- C:\Windows\CoD.INI
[2012.12.23 23:14:40 | 000,005,806 | ---- | C] () -- C:\Users\UED\AppData\Local\recently-used.xbel
[2012.12.02 20:04:39 | 000,001,595 | ---- | C] () -- C:\Users\UED\.ucon64rc
[2012.11.30 22:20:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012.11.08 21:07:07 | 000,060,254 | ---- | C] () -- C:\Users\UED\TASInputPlugin0.6 dll.zip
[2012.11.08 20:54:57 | 010,275,926 | ---- | C] () -- C:\Users\UED\Diddy Kong Racing (U) (M2) (V1.1) [!].zip
[2012.11.08 20:53:57 | 010,314,040 | ---- | C] () -- C:\Users\UED\Diddy Kong Racing (USA) (En,Fr) (Rev A).zip
[2012.10.24 18:55:32 | 000,001,018 | ---- | C] () -- C:\Users\UED\recStudio.ini
[2012.10.16 09:02:30 | 001,601,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.02 12:33:09 | 000,003,053 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012.10.02 12:31:44 | 000,000,125 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012.09.30 20:48:47 | 000,000,041 | ---- | C] () -- C:\Users\UED\hallo
[2012.09.30 20:48:38 | 000,000,041 | ---- | C] () -- C:\Users\UED\null
[2012.09.24 14:44:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.09.18 17:59:15 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012.09.14 16:13:55 | 000,007,605 | ---- | C] () -- C:\Users\UED\AppData\Local\Resmon.ResmonCfg
[2012.09.13 13:49:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:50:38 | 000,001,330 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2012.05.27 12:25:31 | 000,006,547 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.05.27 12:25:29 | 000,000,187 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.05.27 12:20:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2012.05.24 08:57:50 | 000,048,128 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2012.05.21 14:33:58 | 00:,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2012.05.21 14:09:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2012.05.21 14:09:14 | 000,090,208 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2012.05.21 14:09:14 | 000,086,108 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.23 16:40:30 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\.minecraft
[2013.01.04 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Audacity
[2012.10.23 23:35:12 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Autodesk
[2013.02.17 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\BitTorrent
[2012.10.24 12:36:26 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Blender Foundation
[2013.02.02 22:36:06 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Capora
[2012.10.24 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Cycling '74
[2012.09.26 21:08:59 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\DAEMON Tools Pro
[2012.12.08 16:44:40 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Datarescue
[2012.10.14 17:37:10 | 000,000,000 | -- D | M] -- C:\Users\UED\AppData\Roaming\DreamDale
[2013.02.16 21:37:05 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\FileZilla
[2012.11.24 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\FireShot
[2012.12.10 17:11:30 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Hex-Rays
[2012.09.16 15:06:34 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\ImgBurn
[2012.10.14 17:34:32 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\MagicBall4
[2012.10.24 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\MusE
[2012.11.16 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Music Recognition
[2012.10.20 10:11:00 | 000,000,000 | -- D | M] -- C:\Users\UED\AppData\Roaming\Nokia
[2012.09.17 13:31:22 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Notepad++
[2012.09.25 21:05:11 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Password Solutions
[2012.10.20 09:43:02 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\PC Suite
[2013.01.17 21:24:34 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\TeamViewer
[2012.11.30 22:20:01 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Tunngle
[2013.02.07 00:22:16 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Vso
[2012.10.09 09:06:38 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\Wings3D
[2012.10.20 15:08:16 | 000,000,000 | ---D | M] -- C:\Users\UED\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========7
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
         
--- --- ---


[CODE]Extra-Log

︀OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.02.2013 16:43:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UED\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,25% Memory free
8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 23,47 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
 
Computer Name: UED-PC | User Name: UED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporati)n)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\ProgramiFiles\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.=pl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
x 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[colo#=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svcuqwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{30B61E11-1F44-437D-B375-0858191C37CF}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{3BC70162-B423-448A-8546-BD041D6B8918}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%progmamfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{34B86A20-E9DF-4277-BB5E-720731AC37ED}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{7AA30E99-FF3F-404B-8019-744C99884F17}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{829873BC-FC2E-4883-90BC-F557BAB367E2}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | 
"TCP Query User{9DD60A49-7053-4066-9A12-6B9A6DF4EA85}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{E5CF75B2-D40A-4387-892F-7BE61B8EE506}C:\spiele\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\spiele\call of duty\codmp.exe | 
"UDP Query User{1E4E174F-EF1F-497D-A661-84D0A7A0F166}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | 
"UDP Query User{6B108B72-54BE-4332-A739-2156600DABF1}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{D3D8A434-6906-4472-B1BE-ED2D385B991B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{F2C150F1-C5DF-4EC1-BDE2-0313DC279674}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{FDCD176B-84E4-451E-9786-9937BB4CFD62}C:\spiele\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\spiele\call of duty\codmp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0e82bf4c-b906-4635-a97e-6a9740686b33}.sdb" = Rayman 2: The Great Escape GOG Edition
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F864170078F}" = Java 7 Update 7 (64-bit)
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5655FAEA-76A3-4565-BEE2-55D796185D32}" = BlueSoleil 8.0.395.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306797
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C7F737EB-3325-3BEE-8D0D-DEF2DE62486A}" = Visual C++ 11.0 CRT (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D600D357-5CB9-4DE9-8F-4-14E208BD1970}" = Nero Backup Drivers
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"Blender" = Blender
"GIMP-2_is1" = GIMP 2.8.2
"MeshLab_64b" = MeshLab_64b 1.3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F874316-5DC8-450F-8D7A-4236699140B3}" = msvcrt90_x86
"{20D4A895-748C-4D88-871C-FDB1690B0169}" = Platform
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2B095550-3C13-4547-ABD1-04CF1560BBBD}" = Vizzed Retro Game Room
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{586B106A-E15A-41D7-A76D-48A32085D160}" = Crazy Machines II Demo
"{5A06BC95-C59E-438D-AA8D-A97690AD628C}" = Encore 5
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1Fo1F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96C4DBF2-E573-40AE-9121-3A7AB2A28E04}" = Advanced Office Password Recovery
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9F09DDD-F3FE-427A-A63E-83D87E7D99CC}" = Intel(R) C++ Redistributables for Windows* on Intel(R) 64
"{DA4BE820-2BBC-401E-812C-1DB0C53EBFD6}" = icl12_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB6AB705-C9BD-40E3-8929-2EA57636A4FF}_is1" = ConvertXtoDVD 4.1.19.364
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FC18AB8F-9BA3-423B-91F2-622990F57978}" = Nero 11
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alice: Madness Returns_is1" = Alice: Madness Returns
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Borderlands 2_is1" = Borderlands 2
"Call of Duty" = Call of Duty
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Cygnus Hex Editor" = Cygnus Hex Editor 2.50
"DAEMON Tools Pro" = DAEMON Tools Pro
"Deponia 2" = Chaos auf Deponia
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstallieren)
"DivX Setup" = DivX-Setup
"Dr. Hardware 2013_is1" = Dr. Hardware 2013 13.0d
"eMule" = eMule
"FileZilla Client" = FileZilla Client 3.6.0.2
"FluidImporter for SketchUp" = FluidImporter for SketchUp
"FluidRay RT Demo (64 Bit)" = FluidRay RT Demo (64 Bit)
"FLV Player" = FLV Player 2.0 (build 25)
"Fraps" = Fraps (remove only)
"Gefeuert" = Gefeuert - Dein letzter Tag (Deinstallation)
"Gold Miner Joe Trial Version_is1" = Gold Miner Joe Trial Version 1.01
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Magic Ball 31.0" = Magic Ball 3
"Marble Mayhem!_is1" = Marble Mayhem! 1.0
"mIRC" = mIRC
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Rayman 2_is1" = Rayman 2
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Saitek Colour Rumble Pad" = Saitek Colour Rumble Pad
"Super Smashed Bros" = Super Smashed Bros
"Superstar Chefs 8rial Version_is1" = Superstar Chefs Trial Version 1.30
"TeamViewer 8" = TeamViewer 8
"Tiny and Big - Grandpas Leftovers" = Tiny and Big - Grandpa's Leftovers (remove only)
"Tunngle beta_is1" = Tunngle beta
"UltraISO_is1" = UltraISO Premium V9.53
"VMware_Player" = VMware Player
"Wings 3D 1.4.1" = Wings 3D 1.4.1
"WinLiveSuite" = Windows Live Essentials
"WinUAE" = WinUAE 2.4.1
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Marble Arena 2" = Marble Arena 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2013 12:22:57 | Comprter Name = UED-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.02.2013 17:10:48 | Computer Name = UED-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 1964.exe, Version: 0.9.9.0, Zeitstempel:
 0x480bfe7d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002deeb  ID des fehlerhaften Prozesses:
 0x4e8  Startzeit der fehlerhaften Anwendung: 0x01ce07d1dc700954  Pfad der fehlerhaften
 Anwendung: C:\MarioZuBanjo\1964_11\bin\Release\1964.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 5709b23f-73c6-11e2-b6c4-005056c00008
 
Error - 11.02.2013 08:27:37 | Computer Name = UED-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12.02.2013 15:12:45 | Computer Name = UED-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12.02.2013 20:22:57 | Computer Name = UED-PC | Source = Application Error | ID = 1000
Error - 13.02.2013 13:46:00 | Computer Name = UED-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
Error - 14.02.2013 14:29:22 | Computer Name = UED-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
Error - 15.02.2013 17:20:48 | Computer Name = UED-PC | Source = SideBySide | ID 
= 16842785
 
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\UED\Desktop\RecStudioWin\bin\RecCLI64.exe".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error - 15.02.2013 17:29:07 | Computer Name = UED-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
Error - 16.02.2013 15:09:57 | Computer Name = UED-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
Error - 16.02.2013 16:02:30 | Computer Name = UED-PC | Source = SideBySide | ID 
= 16842832
 
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\UED\Downloads\SoftonicDownloader_for_super-smashed-bros.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bertits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 16.02.2013 19:18:41 | Computer Name = UED-PC | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.697, Zeitstempel: 0x506b3bc0
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.697, Zeitstempel: 0x506b3bc0
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000153481
ID des fehlerhaften Prozesses: 0xbb0
Startzeit der fehlerhaften Anwendung: 0x01ce0c99692b16a7
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung: 32ec7250-788f-11e2-b5a7-005056c00008
Error - 17.02.2013 08:35:08 | Computer Name = UED-PC | Source = Customer Experience
 Improvement Program | ID = 1008
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---

Alt 18.02.2013, 19:05   #14
markusg
/// Malware-holic
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.02.2013, 19:44   #15
UED
 
Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Standard

Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden



OK, hier wäre das LOG von TDSSKiller. Ich meine, er hat nichts wirkliches gefunden.
Und wieso spinnt meine Maus etwas rum?

Code:
ATTFilter
︀19:21:17.0333 2656  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:21:17.0583 2656  ============================================================
19:21:17.0583 2656  Current date / time: 2013/02/18 19:21:17.0583
19:21:17.0583 2656  SystemInfo:
19:21:17.0583 2656  
19:21:17.0583 2656  OS Version: 6.1.7601 ServicePack: 1.0
19:21:17.0583 2656  Product type: Workstation
19:21:17.0583 2656  ComputerName: UED-PC
19:21:17.0583 2656  UserName: UED
19:21:17.0583 2656  Windows directory: C:\Windows
19:21:17.0583 2656  System windows directory: C:\Windows
19:21:17.0583 2656  Running under WOW64
19:21:17.0583 2656  Processor architecture: Intel x64
19:21:17.0583 2656  Number of processors: 2
19:21:17.0583 2656  Page size: 0x1000
19:21:17.0583 2656  Boot type: Normal boot
19:21:17.0583 2656  ============================================================
19:21:19.0579 2656  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x3F12D, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
19:21:19.0579 2656  ============================================================
19:21:19.0579 2656  \Device\Harddisk0\DR0:
19:21:19.0579 2656  MBR partitions:
19:21:19.0579 2656  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:21:19.0579 2656  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D176000
19:21:19.0579 2656  ============================================================
19:21:19.0626 2656  C: <-> \Device\Harddisk0\DR0\Partition2
19:21:19.0626 2656  ============================================================
19:21:19.0626 2656  Initialize success
19:21:19.0626 2656  ============================================================
19:22:18.0518 4000  ============================================================
19:22:18.0518 4000  Scan started
19:22:18.0518 4000  Mode: Manual; SigCheck; TDLFS; 
19:22:18.0518 4000  ============================================================
19:22:20.0203 4000  ================ Scan system memory ========================
19:22:20.0203 4000  System memory - ok
19:22:20.0203 4000  ================ Scan services =============================
19:22:20.0437 4000  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:22:20.0593 4000  1394ohci - ok
19:22:20.0624 4000  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:22:20.0655 4000  ACPI - ok
19:22:20.0671 4000  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:22:20.0780 4000  AcpiPmi - ok
19:22:20.0967 4000  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:22:20.0983 4000  AdobeARMservice - ok
19:22:21.0045 4000  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:22:21.0077 4000  adp94xx - ok
19:22:21.0108 4000  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:22:21.0139 4000  adpahci - ok
19:22:21.0170 4000  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:22:21.0186 4000  adpu320 - ok
19:22:21.0233 4000 3[ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:22:21.0482 4000  AeLookupSvc - ok
19:22:21.0529 4000  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:22:21.0607 4000  AFD - ok
19:22:21.0638 4000  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:22:21.0654 4000  agp440 - ok
19:22:21.0685 4000  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:22:21.0763 4000  ALG - ok
19:22:21.0779 4000  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:22:21.0810 4000  aliide - ok
19:22:21.0825 4000  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:22:21.0841 4000  amdide - ok
19:22:21.0872 4000  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:22:21.0950 4000  AmdK8 - ok
19:22:21.0966 4000  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:22:21.0997 4000  AmdPPM - ok
19:22:22.0028 4000  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:22:22.0059 4000  amdsata - ok
19:22:22.0075 4000  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:22:22.0091 4000  amdsbs - ok
19:22:22.0122 4000  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:22:22.0137 4000  amdxata - ok
19:22:22.0231 4000  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:22:22.0247 4000  AntiVirSchedulerService - ok
19:22:22.0293 4000  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:22:22.0293 4000  AntiVirService - ok
19:22:22.0340 4000  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:22:22.0590 4000  AppID - ok
19:22:22.0621 4000  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:22:22.0683 4000  AppIDSvc - ok
19:22:22.0715 4000  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:22:22.0777 4000  Appinfo - ok
19:22:22.0808 4000  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:22:22.0871 4000  AppMgmt - ok
19:22:22.0902 4000  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:22:22.0917 4000  arc - ok
19:22:22.0933 4000  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:22:22.0964 4000  arcsas - ok
19:22:23.0058 4000  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:22:23.0120 4000  aspnet_state - ok
19:22:23.0151 4000  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:23.0214 4000  AsyncMac - ok
19:22:23.0229 4000  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:22:23.0245 4000  atapi - ok
19:22:23.0292 4000  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:22:23.0370 4000  AudioEndpointBuilder - ok
19:22:23.0385 4000  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:22:23.0432 4000  AudioSrv - ok
19:22:23.0448 4000  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:22:23.0495 4000  avgntflt - ok
19:22:23.0541 4000  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:22:23.0573 4000  avipbb - ok
19:22:23.0588 4000  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:22:23.0619 4000  avkmgr - ok
19:22:23.0713 4000  [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
19:22:23.0744 4000  AxAutoMntSrv - ok
19:22:23.0775 4000  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:22:23.0885 4000  AxInstSV - ok
19:22:23.0947 4000  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:22:24.0025 4000  b06bdrv - ok
19:22:24.0072 4000  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:22:24.0119 4000  b57nd60a - ok
19:22:24.0165 4000  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:22:24.0212 4000  BDESVC - ok
19:22:24.0228 4000  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:22:24.0275 4000  Beep - ok
19:22:24.0321 4000  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:22:24.0384 4000  BFE - ok
19:22:24.0711 4000  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
19:22:24.0805 4000  BITS - ok
19:22:24.0836 4000  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:24.0867 4000  blbdrive - ok
19:22:24.0945 4000  [ E9036C3861D9ABF925B6B2FFD310F6FF ] BlueSoleilCS    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
19:22:24.0977 4000  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning
19:22:24.0977 4000  BlueSoleilCS - detected UnsignedFile.Multi.Generic (1)
19:22:25.0008 4000  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:22:25.0086 4000  bowser - ok
19:22:25.0101 4000  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:22:25.0195 4000  BrFiltLo - ok
19:22:25.0226 4000  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:22:25.0242 4000  BrFiltUp - ok
19:22:25.0320 4000  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:22:25.0413 4000  BridgeMP - ok
19:22:25.0460 4000  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:22:25.0507 4000  Browser - ok
19:22:25.0538 4000  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:22:25.0616 4000  Brserid - ok
19:22:25.0632 4000  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:25.0679 4000  BrSerWdm - ok
19:22:25.0694 4000  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:25.0725 4000  BrUsbMdm - ok
19:22:25.0741 4000  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:25.0757 4000  BrUsbSer - ok
19:22:25.0819 4000  [ BDAC01893524E48FE3D609582F40EA6E ] BsHelpCS        C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
19:22:25.0850 4000  BsHelpCS ( UnsignedFile.Multi.Generic ) - warning
19:22:25.0850 4000   sHelpCS - detected UnsignedFile.Multi.Generic (1)
19:22:25.0866 4000  [ 4C403397EC9D7947DEA2B0F7C0E097EC ] BsMobileCS      C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
19:22:25.0897 4000  BsMobileCS ( UnsignedFile.Multi.Generic ) - warning
19:22:25.0897 4000  BsMobileCS - detected UnsignedFile.Multi.Generic (1)
19:22:25.0928 4000  [ 8C5797155D2BF093691DC8A93C6434FB ] BT              C:\Windows\system32\DRIVERS\btnetdrv.sys
19:22:25.0959 4000  BT - ok
19:22:25.0975 4000  [ 4A1F1B30DF3BC9DFFA26BD9DA07F3999 ] BTCOM           C:\Windows\system32\DRIVERS\btcomport.sys
19:22:25.0991 4000  BTCOM - ok
19:22:26.0006 4000  [ 57E636DA6934FDAF45E91D47E8B6BF3F ] BTCOMBUS        C:\Windows\system32\Drivers\btcombus.sys
19:22:26.0022 4000  BTCOMBUS - ok
19:22:26.0037 4000  [ A437FBD0F3371EB16C676B6C4B501C77 ] Btcsrusb        C:\Windows\system32\Drivers\btcusb.sys
19:22:26.0053 4000  Btcsrusb - ok
19:22:26.0069 4000  [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp        C:\Windows\system32\DRIVERS\BthAvrcp.sys
19:22:26.0147 4000  BthAvrcp - ok
19:22:26.0178 4000  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:22:26.0271 4000  BthEnum - ok
19:22:26.0303 4000  [ B7FB44B513EFDEAB2E2F80282A2F93FE ] BtHidBus        C:\Windows\system32\Drivers\BtHidBus.sys
19:22:26.0318 4000  BtHidBus - ok
19:22:26.0334 4000  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
:9:22:26.0365 4000  BTHMODEM - ok
19:22:26.0396 4000  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:22:26.0427 4000  BthPan - ok
19:22:26.0474 4000  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:22:26.0568 4000  BTHPORT - ok
19:22:26.0599 4000  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:22:26.0677 4000  bthserv - ok
19:22:26.0708 4000  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:22:26.0739 4000  BTHUSB - ok
19:22:26.0771 4000  [ 303A7DF76D8EB99F0463AB4CCA5C262F ] btnetBUs        C:\Windows\system32\Drivers\btnetBus.sys
19:22:26.0786 4000  btnetBUs - ok
19:22:26.0817 4000  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:22:26.0880 4000  cdfs - ok
19:22:26.0927 4000  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:22:26.0942 4000  cdrom - ok
19:22:26.0989 4000  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:22:27.0036 4000  CertPropSvc - ok
19:22:27.0067 4000  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:22:27.0098 4000  circlass - ok
19:22:27.0145 4000  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:22:27.0161 4000  CLFS - ok
19:22:27.0239 4000  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:22:27.0270 4000  clr_optimization_v2.0.50727_32 - ok
19:22:27.0301 4000  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:22:27.0317 4000  clr_optimization_v2.0.50727_64 - ok
19:22:27.0395 4000  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:22:27.0473 4000  clr_optimization_v4.0.30319_32 - ok
19:22:27.0488 4000  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:22:27.0535 4000  clr_optimization_v4.0.30319_64 - ok
19:22:27.0566 4000  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:27.0582 4000  CmBatt - ok
19:22:27.0613 4000  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:22:27.0644 4000  cmdide - ok
19:22:27.0707 4000  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:22:27.0769 4000  CNG - ok
19:22:27.0785 4000  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:22:27.0800 4000  Compbatt - ok
19:22:27.0831 4000  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:22:27.0878 4000  CompositeBus - ok
19:22:27.0909 4000  COMSysApp - ok
19:22:27.0925 4000  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:22:27.0941 4000  crcdisk - ok
19:22:27.0972 4000  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:22:28.0034 4000  CryptSvc - ok
19:22:28.0081 4000  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:22:28.0143 4000  CSC - ok
19:22:28.0190 4000  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:22:28.0268 4000  CscService - ok
19:22:28.0346 4000  [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
19:22:28.0362 4000  dc3d - ok
19:22:28.0393 4000  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system30\rpcss.dll
19:22:28.0455 4000  DcomLaunch - ok
19:22:28.0487 4000  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:22:28.0565 4000  defragsvc - ok
19:22:28.0596 4000  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:22:28.0643 4000  DfsC - ok
19:22:28.0674 4000  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:22:28.0736 4000  Dhcp - ok
19:22:28.0767 4000  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:22:28.0814 4000  discache - ok
19:22:28.0830 4000  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:22:28.0861 4000  Disk - ok
19:22:28.0877 4000  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:22:28.0939 4000  Dnscache - ok
19:22:28.0986 4000  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:22:29.0064 4000  dot3svc - ok
19:22:29.0079 4000  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windowsysystem32\dps.dll
19:22:29.0126 4000  DPS - ok
19:22:29.0142 4000  DRHARD - ok
19:22:29.0220 4000  [ 8D204535D6E0727DF89AF6D962A36359 ] DRHARD64        C:\Windows\system32\drivers\DRHARD64.sys
19:22:29.0235 4000  DRHARD64 - ok
19:22:29.0267 4000  [ 127332B4B278F0ABDDB9B74BA8F82D5E ] DRHMSR64        C:\Windows\system32\drivers\DRHMSR64.sys
19:22:29.0282 4000  DRHMSR64 - ok
19:22:29.0313 4000  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:22:29.0360 4000  drmkaud - ok
19:22:29.0423 4000  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:22:29.0469 4000  DXGKrnl - ok
19:22:29.0501 4000  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:22:29.0563 4000  EapHost - ok
19:22:29.0750 4000  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:22:29.0891 4000  ebdrv - ok
19:22:29.0922 4000  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:22:29.0969 4000  EFS - ok
19:22:30.0031 4000  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Widdows\ehome\ehRecvr.exe
19:22:30.0093 4000  ehRecvr - ok
19:22:30.0125 4000  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:22:30.0171 4000  ehSched - ok
19:22:30.0218 4000  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor    s    C:\Windows\system32\DRIVERS\elxstor.sys
19:22:30.0265 4000  elxstor - ok
19:22:30.0281 4000  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:22:30.0327 4000  ErrDev - ok
19:22:30.0374 4000  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:22:30.0437 4000  EventSystem - ok
19:22:30.0452 4000  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:22:30.0499 4000  exfat - ok
19:22:30.0530 4000  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:22:30.0593 4000  fastfat - ok
19:22:30.0655 4000  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:22:30.0717 4000  Fax - ok
19:22:30.0733 4000  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:22:30.0764 4000  fdc - ok
19:22:30.0811 4000  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:22:30.0858 4000  fdPHost - ok
19:22:30.0873 4000  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:22:30.0920 4000  FDResPub - ok
19:22:30.0936 4000  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:22:30.0967 4000  FileInfo - ok
19:22:30.0983 4000  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:22:31.0029 4000  Filetrace - ok
19:22:31.0061 4000  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:22:31.0076 4000  flpydisk - ok
19:22:31.0107 4000  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:22:31.0139 4000  FltMgr - ok
19:22:31.0201 4000  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:22:31.0295 4000  FontCache - ok
19:22:31.0326 4000  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:22:31.0357 4000  FontCache3.0.0.0 - ok
19:22:31.0373 4000  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:22:31.0388 4000  FsDepends - ok
19:22:31.0404 4000  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:22:31.0419 4000  Fs_Rec - ok
19:22:31.0466 4000  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:2y:31.0497 4000  fvevol - ok
19:22:31.0513 4000  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:22:31.0544 4000  gagp30kx - ok
19:22:31.0591 4000  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:22:31.0653 4000  gpsvc - ok
19:22:31.0669 4000  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:22:31.0700 4000  hamachi - ok
19:22:31.0731 4000  [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon           C:\Windows\system32\drivers\hcmon.sys
19:22:31.0747 4000  hcmon - ok
19:22:31.0763 4000  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:22:31.0841 4000  hcw85cir - ok
19:22:31.0872 4000  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:22:31.0919 4000  HdAudAddService - ok
19:22:31.0934 4000  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sAs
19:22:31.0965 4000  HDAudBus - ok
19:22:31.0997 4000  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:22:32.0028 4000  HidBatt - ok
19:22:32.0043 4000  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:22:32.0075 4000  HidBth - ok
19:22:32.0090 4000  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:22:32.0137 4000  HidIr - ok
19:22:32.0168 4000  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
19:22:32.0215 4000  hidserv - ok
19:22:32.0246 4000  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:22:32.0293 4000  HidUsb - o1
19:22:32.0355 4000  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:22:32.0402 4000  hkmsvc - ok
19:22:32.0465 4000  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:22:32.0511 4000  HomeGroupListener - ok
19:22:32.0558 4000  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:22:32.0589 4000  HomeGroupProvider - ok
19:22:32.0652 4000  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:22:32.0667 4000  HpSAMD - ok
19:22:32.0714 4000  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:22:32.0823 4000  HTTP - ok
19:22:32.0839 4000  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:22:32.0855 4000  hwpolicy - ok
19:22:32.0886 4000  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:22:32.0901 4000  i8042prt - ok
19:22:32.0933 4000  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:22:32.0964 4000  iaStorV - ok
19:22:33.0026 4000  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:22:33.0104 4000  idsvc - ok
19:22:33.0135 4000  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:22:33.0151 4000  iirsp - ok
19:22:33.0213 4000  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:22:33.0307 4000  IKEEXT - ok
19:22:33.0354 4000  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:22:33.0432 4000  intelide - ok
19:22:33.0494 4000  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:22:33.0525 4000  intelppm - ok
19:22:33.0603 4000  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:22:33.0666 4000  IPBusEnum - ok
19:22:33.0697 4000  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:33.0759 4000  IpFilterDriver - ok
19:22:33.0869 4000  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:22:33.0947 4000  iphlpsvc - ok
19:22:33.0978 4000  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:22:34.0009 4000  IPMIDRV - ok
19:22:34.0056 4000  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:22:34.0103 4000  IPNAT - ok
19:22:34.0134 4000  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:22:34.0196 4000  IRENUM - ok
19:22:34.0212 4000  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:22:34.0227 4000  isapnp - ok
19:22:34.0274 4000  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:22:34.0305 4000  iScsiPrt - ok
19:22:34.0337 4000  [ C7B6BE6BF2B5766648E232077E86B6A0 ] IvtBtBUs        C:\Windows\system32\Drivers\IvtBtBus.sys
19:22:34.0352 4000  IvtBtBUs - ok
19:22:34.0383 4000  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:22:34.0415 4000  kbdclass - ok
19:22:34.0430 4000  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:22:34.0461 4000  kbdhid - ok
19:22:34.0493 4000  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:22:34.0493 4000  KeyIso - ok
19:22:34.0524 4000  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:22:34.0555c4000  KSecDD - ok
19:22:34.0602 4000  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:22:34.0633 4000  KSecPkg - ok
19:22:34.0664 4000  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:22:34.0711 4000  ksthunk - ok
19:22:34.0758 4000  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:22:34.0805 4000  KtmRm - ok
19:22:34.0851 4000  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:22:34.0898 4000  LanmanServer - ok
19:22:34.0929 4000  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:22:34.0992 4000  LanmanWorkstation - ok
19:22:35.0132 4000: [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:22:35.0163 4000  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:22:35.0163 4000  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:22:35.0195 4000  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:22:35.0273 4000  lltdio - ok
19:22:35.0319 4000  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:22:35.0382 4000  lltdsvc - ok
19:22:35.0397 4000  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:22:35.0460 4000  lmhosts - ok
19:22:35.0491 4000  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:22:35.0507 4000  LSI_FC - ok
19:22:35.0522 4000  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:22:35.0553 4000  LSI_SAS - ok
19:22:35.0553 4000  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:22:35.0585 4000  LSI_SAS2 - ok
19:22:35.0585 4000  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:22:35.0616 4000  LSI_SCSI - ok
19:22:35.0631 4000  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:22:35.0709 4000  luafv - ok
19:22:35.0725 4000  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:22:35.0756 4000  Mcx2Svc - ok
19:22:35.0772 4000  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:22:35.0865 4000  megasas - ok
19:22:35.0928 4000  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:22:35.0959 4000  MegaSR - ok
19:22:35.0990 4000  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:22:36.0084 4000  MMCSS - ok
19:22:36.0099 4000  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:22:36.0162 4000  Modem - ok
19:22:36.0193 4000  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:22:36.0224 4000  monitor - ok
19:22:36.0255 4000  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:22:36.0271 4000  mouclass - ok
19:22:36.0302 4000  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:22:36.0333 4000  mouhid - ok
19:22:36.0365 4000  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:22:36.0396 4000  mountmgr - ok
19:22:36.0443 4000  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:22:36.0474 4000  MozillaMaintenance - ok
19:22:36.0505 4000  [ A44B420D30BD56E1D5D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:22:36.0521 4000  mpio - ok
19:22:36.0536 4000  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:22:36.0599 4000  mpsdrv - ok
19:22:36.0661 4000  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:22:36.0755 4000  MpsSvc - ok
19:22:36.0786 4000  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:22:36.0817 4000  MRxDAV - ok
19:22:36.0848 4000  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:36.0895 4000  mrxsmb - ok
19:22:36.0926 4000  [ D711B3C1D5F42C0C2418687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:36.0957 4000  mrxsmb10 - ok
19:22:36.0973 4000  [ 9423E9D35528D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:36.0989 4000  mrxsmb20 - ok
19:22:37.0020 4000  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:22:37.0035 4000  msahci - ok
19:22:37.0082 4000  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windowsysystem32\drivers\msdsm.sys
19222:37.0098 4000  msdsm - ok
19:22:37.0191 4000  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:22:37.0238 4000  MSDTC - ok
19:22:37.0285 4000  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:22:37.0332 4000  Msfs - ok
19:22:37.0379 4000  [ F9D215A46A8B9753F61767F272A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:22:37.0410 4000  mshidkmdf - ok
19:22:37.0441 4000  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:22:37.0457 4000  msisadrv - ok
19:22:37.0503 0000  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:22:37.0566 4000  MSiSCSI - ok
19:22:37.0566 4000  msiserver - ok
19:22:37.0597 4000  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:22:37.0644 4000  MSKSSRV - ok
19:22:37.0644 4000  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:37.0706 4000  MSPCLOCK - ok
19:22:37.0753 4000  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:22:37.0815 4000  MSPQM - ok
19:22:37.0862 4000  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:22:37.0893 4000  MsRPC - ok
19:22:37.0925 4000  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:22:37.0940 4000  mssmbios - ok
19:22:37.0940 4000  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:22:38.0003 4000  MSTEE - ok
19:22:38.0003 4000  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:22:38.0049 4000  MTConfig - ok
19:22:38.0112 4000  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:38.0143 4000  MTsensor - ok
19:22:38.0174 4000  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:22:38.0190 4000  Mup - ok
19:22:38.0237 4000  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:22:38.0315 4000  napagent - ok
19:22:38.0346 4000  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:22:38.0393 4000  NativeWifiP - ok
19:22:38.0580 4000  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
19:22:38.0611 4000  NAUpdate - ok
19:22:38.0658 4000  [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol           C:\Windows\system32\DRIVERS\NBVol.sys
19:22:38.0689 4000  NBVol - ok
19:22:38.0751 4000  [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp         C:\Windows\system32\DRIVERS\NBVolUp.sys
19:22:38.0767 4000  NBVolUp - ok
19:22:38.0845 4000  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:22:38.0907 4000  NDIS - ok
19:22:38.0923 4000  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:38.0970 4000  NdisCap - ok
19:22:39.0001 4000  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:39.0063 4000  NdisTapi - ok
19:22:39.0079 4000  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:39.0157 4000  Ndisuio - ok
19:22:39.0219 4000  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:39.0282 4000  NdisWan - ok
19:22:39.0313 4000  [1015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:22:39.0375 4000  NDProxy - ok
19:22:39.0407 4000  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:22:39.0453 4000  NetBIOS - ok
19:22:39.0485 4000  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:22:39.0563 4000  NetBT - ok
19:22:39.0594 4000  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:22:39.0609 4000  Netlogon - ok
19:22:39.0656 4000  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:22:39.0719 4000  Netman - ok
19:22:39.0750 4000  [ D227D77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:39.0781 4000  NetMsmqActivator - ok
19:22:39.0812 4000  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:39.0828 4000  NetPipeActivator - ok
19:22:39.0875 4000  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:22:39.0937 4000  netprofm - ok
19:22:39.0937 4000  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:39.0953 4000  NetTcpActivator - ok
19:22:39.0968 4000  [ D22CD77D4F0D63D116BBB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:22:39.0968 4000  NetTcpPortSharing - ok
19:22:40.0015 4000  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:22:40.0031 4000  nfrd960 - ok
19:22:40.0093 4000  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:22:40.0124 4000  NlaSvc - ok
19:22:40.0140 4000  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:22:40.0187 4000  Npfs - ok
19:22:40.0187 4000  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:22:40.0265 4000  nsi - ok
19:22:40.0296 4000  [ E7F5AE18AF4168138A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:22:40.0358 4000  nsiproxy - ok
19:22:40.0483 4000  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:22:40.0577 4000  Ntfs - ok
19:22:40.0592 4000  [ 9899284589F75F78724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:22:40.0639 4000  Null - ok
19:22:42.0261 4000  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:22:42.0511 4000  nvlddmkm - ok
19:22:42.0558 4000  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:22:42.0589 4000  nvraid - ok
19:22:42.0620 4000  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:22:42.0714 4000  nvstor - ok
19:22:42.0776 4000  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:22:42.0807 4000  nvsvc - ok
19:22:43.0104 4000  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:22:43.0182 4000  nvUpdatusService - ok
19:22:43.0213 4000  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:22:43.0244 4000  nv_agp - ok
19:22:43.0291 4000  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:22:43.0307 4000  ohci1394 - ok
19:22:43.0385 4000  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:22:43.0400 4000  ose - ok
19:22:43.0494 4000  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:22:43.0541 4000  p2pimsvc - ok
19:22:43.0572 4000  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:22:43.0619 4000  p2psvc - ok
19:22:43.0650 4000  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:22:43.0665 4000  Parport - ok
19:22:43.0697 4000  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:22:43.0728 4000  partmgr - ok
19:22:43.0743 4000  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:22:43.0775 4000  PcaSvc - ok
19:22:43.0806 4000  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:22:43.0853 4000  pccsmcfd - ok
19:22:43.0884 4000  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:22:43.0915 4000  pci - ok
19:22:43.0946 4000  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:22:43.0962 4000  pciide - ok
19:22:44.0040 4000  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:22:44.0087 4000  pcmcia - ok
19:22:44.0087 4000  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:22:44.0102 4000  pcw - ok
19:22:44.0149 4000  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:22:44.0243 4000  PEAUTH - ok
19:22:44.0570 4000  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:22:44.0679 4000  PeerDistSvc - ok
19:22:45.0350 4000  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:22:45.0381 4000  PerfHost - ok
19:22:45.0491 4000  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:22:45.0631 4000  pla - ok
19:22:45.0693 4000  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:22:45.0740 4000  PlugPlay - ok
19:22:45.0756 4000  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:22:45.0787 4000  PNRPAutoReg - ok
19:22:45.0818 4000  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:22:45.0834 4000  PNRPsvc - ok
19:22:45.0865 4000  [ 32D374C60778253B81FA76C2FE19E155 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
19:22:45.0881 4000  Point64 - ok
19:22:45.0943 4000  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:22:45.0990 4000  PolicyAgent - ok
19:22:46.0037 4000  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:22:46.0099 4000  Power - ok
19:22:46.0177 4000  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:22:46.0224 4000  PptpMiniport - ok
19:22:46.0239 4000  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:22:46.0271 4000  Processor - ok
19:22:46.0317 4000  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:22:46.0380 4000  ProfSvc - ok
19:22:46.0395 4000  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:22:46.0411 4000  ProtectedStorage - ok
19:22:46.0442 4000  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:22:46.0520 4000  Psched - ok
19:22:46.0614 4000  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:22:46.0707 4000  ql2800 - ok
19:22:46.0723 4000  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:22:46.0754 4000  ql40xx - ok
19:22:46.0817 4000  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:22:46.0863 4000  QWAVE - ok
19:22:46.0879 4000  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:22:46.0910 4000  QWAVEdrv - ok
19:22:46.0926 4000  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:22:46.0988 4000  RasAcd - ok
19:22:47.0019 4000  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:47.0066 4000  RasAgileVpn - ok
19:22:47.0082 4000  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:22:47.0129 4000  RasAuto - ok
19:22:47.0160 4000  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:47.0207 4000  Rasl2tp - ok
19:22:47.0253 4000  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:22:47.0300 4000  RasMan - ok
19:22:47.0316 4000  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:47.0378 4000  RasPppoe - ok
19:22:47.0394 4000  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:22:47.0472 4000  RasSstp - ok
19:22:47.0503 4000  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:22:47.0565 4000  rdbss - ok
19:22:47.0581 4000  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:22:47.0612 4000  rdpbus - ok
19:22:47.0643 4000  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:47.0675 4000  RDPCDD - ok
19:22:47.0721 4000  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:22:47.0753 4000  RDPDR - ok
19:22:47.0784 4000  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:22:47.0831 4000  RDPENCDD - ok
19:22:47.0846 4000  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:22:47.0877 4000  RDPREFMP - ok
19:22:47.0924 4000  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:22:47.0971 4000  RdpVideoMiniport - ok
19:22:48.0002 4000  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:22:48.0049 4000  RDPWD - ok
19:22:48.0096 4000  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:22:48.0111 4000  rdyboost - ok
19:22:48.0158 4000  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:22:48.0221 4000  RemoteAccess - ok
19:22:48.0252 4000  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:22:48.0314 4000  RemoteRegistry - ok
19:22:48.0330 4000  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:22:48.0377 4000  RFCOMM - ok
19:22:48.0408 4000  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
19:22:48.0470 4000  ROOTMODEM - ok
19:22:48.0486 4000  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:22:48.0564 4000  RpcEptMapper - ok
19:22:48.0595 4000  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:22:48.0642 4000  RpcLocator - ok
19:22:48.0735 4000  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:22:48.0767 4000  RpcSs - ok
19:22:48.0813 4000  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:22:48.0860 4000  rspndr - ok
19:22:48.0938 4000  [ EE082E06AF2FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:22:48.0954 4000  RTL8167 - ok
19:22:49.0001 4000  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:22:49.0032 4000  s3cap - ok
19:22:49.0047 4000  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:22:49.0063 4000  SamSs - ok
19:22:49.0079 4000  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:22:49.0125 4000  sbp2port - ok
19:22:49.0172 4000  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:22:49.0219 4000  SCardSvr - ok
19:22:49.0281 4000  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:22:49.0359 4000  scfilter - ok
19:22:49.0422 4000  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:22:49.0515 4000  Schedule - ok
19:22:49.0547 4000  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:22:49.0593 4000  SCPolicySvc - ok
19:22:49.0718 4000  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:22:49.0781 4000  SDRSVC - ok
19:22:49.0812 4000  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:22:49.0874 4000  secdrv - ok
19:22:49.0890 4000  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:22:49.0952 4000  seclogon - ok
19:22:49.0968 4000  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
19:22:50.0046 4000  SENS - ok
19:22:50.0077 4000  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:22:50.0124 4000  SensrSvc - ok
19:22:50.0139 4000  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:22:50.0155 4000  Serenum - ok
19:22:50.0186 4000  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:22:50.0233 4000  Serial - ok
19:22:50.0280 4000  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:22:50.0311 4000  sermouse - ok
19:22:50.0451 4000  [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:22:50.0529 4000  ServiceLayer - ok
19:22:50.0607 4000  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:22:50.0670 4000  SessionEnv - ok
19:22:50.0701 4000  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:22:50.0732 4000  sffdisk - ok
19:22:50.0732 4000  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:22:50.0763 4000  spfp_mmc - ok
19:22:50.0779 4000  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:22:50.0795 4000  sffp_sd - ok
19:22:50.0810 4000  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:22:50.0826 4000  sfloppy - ok
19:22:50.7873 4000  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:22:50.0951 4000  SharedAccess - ok
19:22:51.0044 4000  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:22:51.0122 4000  ShellHWDetection - ok
19:22:51.0138 4000  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:22:51.0169 4000  SiSRaid2 - ok
19:22:51.0185 4000  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:22:51.0200 4000  SiSRaid4 - ok
19:22:51.0278 4000  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:22:51.0356 4000  SkypeUpdate - ok
19:22:51.0403 4000  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:22:51.0465 4000  Smb - ok
19:22:51.0497 4000  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:22:51.0543 4000  SNMPTRAP - ok
19:22:51.0559 4000  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:22:51.0575 4000  spldr - ok
19:22:51.0746 4000  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:22:51.0809 4000  Spooler - ok
19:22:52.0729 4000  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:22:52.0901 4000  sppsvc - ok
19:22:52.0932 4000  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:22:52.0979 4000  sppuinotify - ok
19:22:53.0057 4000  [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:22:53.0103 4000  sptd - ok
19:22:53.0166 4000  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:22:53.0228 4000  srv - ok
19:22:53.0275 4000  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:22:53.0322 4000  srv2 - ok
19:22:53.0353 4000  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:22:53.0400 4000  srvnet - ok
19:22:53.0431 4000  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:22:53.0493 4000  SSDPSRV - ok
19:22:53.0509 4000  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:22:53.0556 4000  SstpSvc - ok
19:22:53.0634 4000  Steam Client Service - ok
19:22:53.0712 4000  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:22:53.0743 4000  Stereo Service - ok
19:22:53.0821 4000  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:22:53.0852 4000  stexstor - ok
19:22:53.0915 4000  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:22:53.0977 4000  stisvc - ok
19:22:54.0055 4000  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:22:54.0071 4000  storflt - ok
19:22:54.0086 4000  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:22:54.0102 4000  storvsc - ok
19:22:54.0117 4000  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:22:54.0133 4000  swenum - ok
19:22:54.0289 4000  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:22:54.0367 4000  swprv - ok
19:22:54.0v67 4000  Synth3dVsc - ok
19:22:54.0429 4000  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:22:54.0539 4000  SysMain - ok
19:22:54.0554 4000  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:22:54.0585 4000  TabletInputService - ok
19:22:54.0648 4000  [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
19:22:54.0695 4000  tap0901t - ok
19:22:54.0835 4000  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:22:54.0897 4000  TapiSrv - ok
19:22:54.0944 4000  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:22:55.0007 4000  TBS - ok
19:22:55.0631 4000  [ B62A953F26F3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:22:55.0740 4000  Tcpip - ok
19:22:55.0802 4000  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:22:55.0833 4000  TCPIP6 - ok
19:22:55.0911 4000  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:22:55.0943 4000  tcpipreg - ok
19:22:55.0974 4000  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:22:56.0021 4000  TDPIPE - ok
19:22:56.0036 4000  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:22:56.0067 4000  TDTCP - ok
19:22:56.0099 4000  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:22:56.0161 4000  tdx - ok
19:22:57.0035 4000  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:22:57.0113 4000  TeamViewer8 - ok
19:22:57.0206 4000  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:22:57.0222 4000  TermDD - ok
19:22:57.0456 4000  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:22:57.0518 4000  TermService - ok
19:22:57.0549 4000  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:22:57.0596 4000  Themes - ok
19:22:57.0659 4000  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:22:57.0690 4000  THREADORDER - ok
19:22:57.0721 4000  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:22:57.0783 4000  TrkWks - ok
19:22:57.0939 4000  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:22:57.0986 4000  TrustedInstaller - ok
19:22:58.0017 4000  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:58.0064 4000  tssecsrv - ok
19:22:58.0095 4000  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:22:58.0142 4000  TsUslFlt - ok
19:22:58.0158 4000  tsusbhub - ok
19:22:58.0189 4000  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:22:58.0267 4000  tunnel - ok
19:22:58.0423 4000  [ 1A5F1301C1EA3B49D1222E9CBB552EBB ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
19:22:58.0485 4000  TunngleService - ok
19:22:58.0532 4000  [ B4DD609BB7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:22:58.0563 4000  uagp35 - ok
19:22:58.0610 4000  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:22:58.0673 4000  udfs - ok
19:22:58.0704 4000  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:22:58.0735 4000  UI0Detect - ok
19:22:58.0782 4000  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:22:58.0813 4000  uliagpkx - ok
19:22:58.0860 4000  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:22:58.0891 4000  umbus - ok
19:22:58.0891 4000  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:22:58.0922 4000  UmPass - ok
19:22:58.0953 4000  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:22:59.0000 4000  UmRdpService - ok
19:22:59.0031 4000  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:22:59.0094 4000  upnphost - ok
19:22:59.0109 4000  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:59.0187 4000  usbccgp - ok
19:22:59.0234 4000  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:22:59.0281 4000  usbcir - ok
19:22:59.0297 4000  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:22:59.0328 4000  usbehci - ok
19:22:59.0359 4000  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:22:59.0421 4000  usbhub - ok
19:22:59.0453 4000  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:22:59.0499 4000  usbohci - ok
19:22:59.0531 4000  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:22:59.0562 4000  usbprint - ok
19:22:59.0593 4000  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:22:59.0640 4000  usbser - ok
19:22:59.0655 4000  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:59.0702 4000  USBSTOR - ok
19:22:59.0718 4000  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:22:59.0749 4000  usbuhci - ok
19:22:59.0780 4000  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:22:59.0827 4000  UxSms - ok
19:22:59.0858 4000  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:22:59.0874 4000  VaultSvc - ok
19:22:59.0889 4000  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Wi dows\system32\drivers\vdrvroot.sys
19:22:59.0905 4000  vdrvroot - ok
19:23:00.0030 4000  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:23:00.0108 4000  vds - ok
19:23:00.0124 4000  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:00.0155 4000  vga - ok
19:23:00.0170 4000  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:23:00.0217 4000  VgaSave - ok
19:23:00.0233 4000  VGPU - ok
19:23:00.0264 4000  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:23:00.0295 4000  vhdmp - ok
19:23:00.0404 4000  [ 574B29F436C4C63D37020C6E570A7528 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:23:00.0498 4000  VIAHdAudAddService - ok
19:23:00.0545 4000  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:23:00.0560 4000  viaide - ok
19:23:00.0685 4000  [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
19:23:00.0716 4000  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
19:23:00.0716 4000  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
19:23:00.0748 4000  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:23:00.0779 4000  vmbus - ok
19:23:00.0810 4000  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:23:00.0857 4000  VMBusHID - ok
19:23:00.0888 4000  [ 6203C901DEFF10631AAD919B3BD1489B ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
19:23:00.0919 4000  vmci - ok
19:23:00.0950 4000  [ AF3FAAE90D4BE41ECB510969A05C1842 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
19:23:00.0966 0000  vmkbd - ok
19:23:01.0013 4000  [ 091E009EF749C9D65CF9ADFAD316D251 ] vmm             C:\Windows\system32\Treiber\vmm.sys
19:23:01.0028 4000  vmm - ok
19:23:01.0044 4000  [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:23:01.0060 4000  VMnetAdapter - ok
19:23:01.0075 4000  [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:23:01.0106 4000  VMnetBridge - ok
19:23:01.0106 4000  VMnetDHCP - ok
19:23:01.0153 4000  [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
19:23:01.0169 4000  VMnetuserif - ok
19:23:01.0200 4000  [ 6755C5E0A4E7B69563D8B4EA419EBC43 ] VMparport       C:\W ndows\system32\drivers\VMparport.sys
19:23:01.0216 4000  VMparport - ok
19:23:01.0278 4000  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
19:23:01.0294 4000  vmusb - ok
19:23:01.0528 4000  [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
19:23:01.0574 4000  VMUSBArbService - ok
19:23:01.0590 4000  VMware NAT Service - ok
19:23:01.0637 4000  [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
19:23:01.0652 4000  vmx86 - ok
19:23:01.0668 4000  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:23:01.0684 4000  volmgr - ok
19:23:01.0793 4000  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:23:01.0840 4000  volmgrx - ok
19:23:01.0871 4000  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:23:01.0902 4000  volsnap - ok
19:23:01.0933 4000  [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
19:23:01.0949 4000  VPCNetS2 - ok
19:23:01.0980 4000  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:23:02.0011 4000  vsmraid - ok
19:23:02.0042 4000  [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock           C:\Windows\system32\drivers\vsock.sys
19:23:02.0058 4000  vsock - ok
19:23:02.0386 4000  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:23:02.0464 4000  VSS - ok
19:23:02.0495 4000  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:23:02.0526 4000  vwifibus - ok
19:23:02.0557 4000  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:23:02.0635 4000  W32Time - ok
19:23:02.0698 4000  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:23:02.0760 4000 2WacomPen - ok
19:23:02.0791 4000  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:23:02.0838 4000  WANARP - ok
19:23:02.0854 4000  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:23:02.0885 4000  Wanarpv6 - ok
19:23:03.0181 4000  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:23:03.0275 4000  wbengine - ok
19:23:03.0322 4000  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:23:03.0337 4000  WbioSrvc - ok
19:23:03.0431 4000  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:23:03.0509 4000  wcncsvc - ok
19:23:03.0524 4000  [ 20F7441334B16CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:23:03.0556 4000  WcsPlugInService - ok
19:23:03.0571 4000  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:23:03.0587 4000  Wd - ok
19:23:03.0680 4000  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:23:03.0758 4000  Wdf01000 - ok
19:23:03.077404000  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dl4
19:23:03.0914 4000  WdiServiceHost - ok
19:23:03.0930 4000  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:23:03.0946 4000  WdiSystemHost - ok
19:23:03.0977 4000  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:23:04.0024 4000  WebClient - ok
19:23:04.0039 4000  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:23:04.0102 4000  Wecsvc - ok
19:23:04.0148 4000  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:23:04.0226 4000  wercplsupport - ok
19:23:04.0273 4000  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:23:04.0320 4000  WerSvc - ok
19:23:04.0351 4000  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:04.0382 4000  WfpLwf - ok
19:23:04.0414 4000  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:23:04.0445 4000  WIMMount - ok
19:23:04.0445 4000  WinHttpAutoProxySvc - ok
19:23:04.0585 4000  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:23:04.0632 4000  Winmgmt - ok
19:23:05.0225 4000  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:23:05.0365 4000  WinRM - ok
19:23:05.0428 4000  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:23:05.0459 4000  WinUsb - ok
19:23:05.0662 4000  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:23:05.0724 4000  Wlansvc - ok
19:23:06.0457 4000  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WL DSVC.EXE
19:23:06.0535 4000  wlidsvc - ok
19:23:06.0691 4000  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:23:06.0754 4000  WmiAcpi - ok
19:23:06.0816 4000  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:23:06.0863 4000  wmiApSrv - ok
19:23:06.0894 4000  WMPNetworkSvc - ok
19:23:06.0925 4000  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:23:06.0988 4000  WPCSvc - ok
19:23:07.0019 4000  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:23:07.0050 4000  WPDBusEnum - ok
19:23:07.0112 4000  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:23:07.0206 4000  ws2ifsl - ok
19:23:07.0268 4000  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
19:23:07.0331 4000  wscsvc - ok
19:23:07.0346 4000  WSearch - ok
19:23:08.0095 4000  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:23:08.0189 4000  wuauserv - ok
19:23:08.0236 4000  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:23:08.0282 4000  WudfPf - ok
19:23:08.0314 4000  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:08.0360 4000  WUDFRd - ok
19:23:08.0438 4000  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         CW\Windows\System32\WUDFSvc.dll
19:23:08.0516 4000  wudfsvc - ok
19:23:08.0548 4000  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:23:08.0594 4000  WwanSvc - ok
19:23:08.0626 4000  ================ Scan global ===============================
19:23:08.0641 4000  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:23:08.0688 4000  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:23:08.0704 4000  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:23:08.0750 4000  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:23:08.0813 4000  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:23:08.0828 4000  [Global] - ok
19:23:08.0828 4000  ==============l= Scan MBR ==================================
19:23:08.0844 4000  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:23:10.0295 4000  \Device\Harddisk0\DR0 - ok
19:23:10.0295 4000  ================ Scan VBR ==================================
19:23:10.0342 4000  [ 9B7C7A532C8B06D9E5B71EE9106AD09D ] \Device\Harddisk0\DR0\Partition1
19:23:10.0342 4000  \Device\Harddisk0\DR0\Partition1 - ok
19:23:10.0357 4000  [ 01C92D4CA35F60D8808DDF30DE55BCEA ] \Device\Harddisk0\DR0\Partition2
19:23:10.0357 4000  \Device\Harddisk0\DR0\Partition2 - ok
19:23:10.0357 4000  ============================================================
19:23:10.0357 4000  Scan finished
19:23:10.0357 4000  ============================================================
19:23:10.0373 3808  Detected object count: 5
19:23:10.0373 3808  Actual detected object count: 5
19:24:42.0382 3808  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - spipped by user
19:24:42.0382 3808  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:24:42.0382 3808  BsHelpCS ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:42.0382 3808  BsHelpCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:24:42.0382 3808  BsMobileCS ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:42.0382 3808  BsMobileCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:24:42.0382 3808  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:42.0382 3808  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:24:42.0397 3808  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
19:24:42.0397 3808  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden
antivir, appdata, avira, combofix, dateien, e-mail, fehler, festgestellt, firefox, gehackt, hacker, infizierte, link, mozilla, neue, nicht mehr, ntdll.dll, ordner, passwort, scan, schädling, seiten, sekunden, viren, virus, zugriff verweigert



Ähnliche Themen: Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  3. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  4. "Prozedureinsprungpunkt"_iob_func" wurde in der DLL "MSVCR70.dll" nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (4)
  5. "EXP/CVE-2011-3402' [exploit]" heute gefunden und (bereits länger) "Server ist ausgelastet" Meldung
    Log-Analyse und Auswertung - 17.12.2013 (3)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  8. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  9. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  10. Malware: "JS/BlacoleRef.W.37" gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (1)
  11. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  12. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  13. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  14. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  15. Trojaner gefunden "EXP/Pdfka.AW"
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (30)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden - Hallo, ich habe ein vermutlich schwerwiegendes Problem. Als ich heute den IE startete, wollte er, dass ich irgendein Add-On namens "IE Security..." von "... Chung ..." (ich kann mich leider - Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden...
Archiv
Du betrachtest: Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.