Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bprotect.exe und/oder werfault.exe blockieren Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2013, 18:32   #1
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hallo,
ich habe das Problem, dass mein Rechner laufend aus einem aktiven Fenster, in dem ich z.B. gerade etwas schreibe, in ein anders wechselt. Ich habe daraufhin in den aktiven Prozessen 2 gefunden, die praktisch zeitgleich mit meinem Problem ablaufen, das sind bprotect und werfault. Daraufhin habe ich dieses Forum gefunden und diesen Thread http://www.trojaner-board.de/120610-...ws-virus.html.
Ich habe dann Malwarebytes runtergeladen, einen kompletten scan durchgeführt und die Dateien gelöscht. Die weitere Vorgehensweise wie im obigen Thread ist mir ohne Anleitung zu hoch.

Gruß Thomas

Alt 01.03.2013, 18:36   #2
markusg
/// Malware-holic
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi
und das Malwarebytes log?
http://www.trojaner-board.de/125889-...en-posten.html
poste alle Malwarebytes Logs mit Funden.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 01.03.2013, 22:06   #3
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi,
hatte irgendwas falsch gemacht mit malwarebyte. Hab es noch gemacht.

Hier das logfile

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: LUKAS-PC [Administrator]

01.03.2013 19:08:29
MBAM-log-2013-03-01 (21-04-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391224
Laufzeit: 1 Stunde(n), 47 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 18
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Daten: I Want This -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Lukas\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Dateien: 13
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\$Recycle.Bin\S-1-5-21-442737726-613137756-1431442485-1001\$R1YQIC1.exe (PUP.AdBundle) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMYTP8PS\minecraft setup.exe (PUP.AdBundle) -> Keine Aktion durchgeführt.
C:\Users\Lukas\Desktop\soft_pcp_conduit.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)


OTL kommt gleich

Tommy
__________________

Alt 01.03.2013, 22:15   #4
markusg
/// Malware-holic
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



sind das alle bisher erstellten Malwarebytes logs? falls nein, poste die mit Funden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 22:16   #5
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Und noch die OTL

[Window Title]
bProtect.exe

[Main Instruction]
bProtect.exe funktioniert nicht mehr

[Content]
Es wird nach einer Lösung für das Problem gesucht...

[Abbrechen]

Das ist nicht das logfile kommt aber wenn ich das File kopiere. Hier noch das echteOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2013 21:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,77% Memory free
15,89 Gb Paging File | 13,54 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 578,49 Gb Free Space | 88,36% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,29 Gb Free Space | 90,66% Space Free | Partition Type: NTFS
Drive F: | 661,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053DDD72-F19F-4CCD-8CF9-12A6115F7BDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19768457-5A3B-4F92-93ED-A97CFC904CBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CEB1310-C77C-41E2-A2D7-51B795A8FFE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{22E8F0F5-C4C9-4BEA-B6EB-037C29ADF602}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2354EDAB-981A-4C40-880E-B952142ECA79}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2389BFFA-FA3A-44A9-B72D-432B90631E3F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{240CE3C7-63B6-4465-A9C2-88798404257B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4101835A-A719-4276-BF26-09F58E87B2AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46786556-F1F4-4432-8130-31F21012308B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{483E511C-174E-4627-979D-F6505C6A4919}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5F6911C5-2973-4F06-AD4C-0A4C2135979E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B2F4B96-F23F-4641-821F-EDDD7ECCF969}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6D13834A-4D5A-4AA1-8B92-1FEFD1866D22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E83FFF3-16EC-49DB-8549-98E62ED4A432}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{71114F9B-C350-4DDB-802B-D75518058D03}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{72C7F083-4DA1-4DC9-8E12-E7E5BB8B412A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73D2488B-1D3A-4332-897B-9157C4A36BB0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8B6E2B54-6D00-45EC-947B-E5171077C88D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{915051B8-849E-402E-A85D-C30EBBC0DE48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D4279BB-D2A8-4ED7-8FC2-BC40D9FA435E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EFD0AC0-3EE5-4EAD-8CEC-B28F35B48872}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9F6DEBE0-720A-493B-8FFC-D8477D6E035E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A228A70A-B625-4C01-8B98-E80ABD281DBC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A7558BFE-2062-4C3A-A8B2-47DDB1828637}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A876E440-6377-4AF9-905E-C557422F9B60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8C06E6E-1BE9-470B-951F-CDEB2853442B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B92CC2FA-654D-443F-9CF4-DDDC341DEC27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C0723386-CDE5-407F-A10C-7E6C26E8080A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8EC6A64-F9B7-4236-9EB1-BC889FB941DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D2CBE906-FE44-4CF3-B6B0-DF382DDA6063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6538077-64A4-4711-BD3A-ED1D1EEFF098}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0F30616-813F-4C9E-9A80-534B670E50E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F70ED9B7-C9F0-4F87-A60E-0ECDA16CCF35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FC987180-EC68-4E24-BAF2-C19DC6D0C18B}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04152FD3-0488-4F67-B84A-3198E1D5FE83}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{0FAD1317-482E-43D5-A9DE-096C452C6EA3}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{177580C0-1A0F-42AA-8E12-F9FC3EA32737}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19CC7473-93C9-45BB-9CD2-E620C0FADDB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A89A07D-E05B-4494-8C10-6BA8B7064296}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | 
"{1DF03601-6BC0-4A28-8130-A000F5EFB6E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F8E3D87-43B3-49C2-8790-63518D0E14C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{21F9AD84-38E6-4653-A9AA-AF13799D8BFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{249E6CDA-9DE5-43BA-B90B-097C044B8B9F}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\turbine\the lord of the rings online\turbinelauncher.exe | 
"{24DE7A2B-470C-47CE-B7AE-F6B19E4EF138}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{292EE1E6-7703-4725-8C35-B58B87008331}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2AD7AB8E-F96C-4C61-9C0D-0FAD5D977B85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2F1FCCB6-D165-4600-81EF-6BEC36421FD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{375DDE73-E2AB-43AF-B0F7-B71C6A24D565}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{38A0929F-803B-4E8D-820F-137D68A3C585}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | 
"{3C395EB0-8E72-4AFA-B889-9EDA5334D8F2}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\turbine\the lord of the rings online\lotroclient.exe | 
"{3FC3A47E-DE37-41F7-85D6-6705E63B602C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{41EEAED2-780E-489F-A0B9-364D2FCDA7CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45BB3C63-0A89-4945-8E90-38967399325D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | 
"{4AE40CD0-DF00-486F-8A6F-5FF75739D0D5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{4F99C15A-F6C9-4FE3-99A1-043E7E827E34}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | 
"{52A9B894-7B02-4BEC-B4A6-4C6987CDCB13}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{579AB516-607E-4898-A088-65CB87BD3EBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5AC17070-4E87-4F3B-B20A-84D5EE4B664E}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{5C4F5F92-5950-4D74-B343-4D171B2647F1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6460D61D-13F3-4334-A0E5-69C07D207943}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | 
"{64D98E9B-7113-4E09-A25F-2F4E4F73181C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6699C823-14F5-426C-851A-AF027EA8C9A3}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | 
"{759822EE-D94D-4FA0-AD32-50DDEF441278}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{824DC9F6-BFAB-406F-8E1D-CB86C944B3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{825813EA-6A92-4BB0-8A05-5D0D57E4FC32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{828494D6-96F2-4328-97AA-33A91A3CDAB5}" = protocol=6 | dir=out | app=system | 
"{8AEEDCB9-EB88-4FEB-9F59-3AC9E8D05DAF}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{94374436-DC64-41D2-A20A-807B98A9AD02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9DDE73BB-EF8C-47AA-B008-8002198AA7EA}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\turbine\the lord of the rings online\lotroclient.exe | 
"{A038462A-FF5F-4F40-BDF3-C2A6775A564E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A8B8C77B-B15A-4A18-9EEA-A0833243159A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A8EB1FDC-1969-481B-B2B6-AEF06C4C77DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBBE0D27-D075-48DC-BD81-C2D8B24CA895}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{CD5EFCAD-2341-41F9-BEE8-2714239623A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CE9F634E-A51A-4CCE-A43E-A9C4F1703024}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\turbine\the lord of the rings online\turbinelauncher.exe | 
"{D9A2C93C-3AE1-4BCA-8821-35119B573337}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{DE663B3E-9D65-48E7-8436-86496408B67B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DF1EF85A-3719-41BB-BF7A-9C5EDCE63067}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E3333EC1-C6D3-4491-8516-14C366DB0955}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E5ADBB24-0C5B-4975-8A84-297A8598F8E8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F4B632F9-2753-45FA-A1E4-18B3AA1E3F35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FC3A22DB-BEAA-4D21-8D51-EB7CABFEFE64}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{FE3ED0C5-A915-4A3A-960E-F4114F618293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{079B27FB-A591-46D8-B87E-3C2088E30EDF}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{188EA24C-F861-4B1F-BE35-AF70EC8260C4}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{1B2C4C1F-603E-4D3C-A647-380F59783C50}C:\users\lukas\desktop\age of mythologie\age of mythology-the titans.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\age of mythologie\age of mythology-the titans.exe | 
"TCP Query User{7F04B63D-D61B-4DCD-8455-D156E763E1FE}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{8E2E2CA9-B703-46D3-8675-5938481F3C97}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{3C00A1B2-C383-4A19-938D-5F126CEB78B9}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{C6C9349A-5D29-4916-A5B6-A5EFC3685962}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{CD6BFBA9-5E89-4E0C-81CD-24B07578BFC8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{D62DF9C1-63F8-4C29-92A0-6AE73022B6B3}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F8465528-DF96-41C4-83C4-AFC9277BABF5}C:\users\lukas\desktop\age of mythologie\age of mythology-the titans.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\age of mythologie\age of mythology-the titans.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 266.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PCSU-SL_is1" = PC Speed Up - Vollständige Deinstallation
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{118D6CE9-5F18-42F9-958A-14676A629FDE}" = Iminent
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"appbario2 Toolbar" = appbario2 Toolbar
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"FoxyDeal_is1" = FoxyDeal version 1.0.0
"Google Chrome" = Google Chrome
"IMBoosterARP" = Iminent
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"IrfanView" = IrfanView (remove only)
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Origin" = Origin
"phase-6" = phase-6 2.3.2
"TmNationsForever_is1" = TmNationsForever
"VeriFace" = VeriFace
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyCloud" = Happy Cloud Client
"LOTROde" = Der Herr der Ringe Online
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.03.2013 16:43:28 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1f98  Startzeit der fehlerhaften Anwendung: 0x01ce16bd6d8eda91  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: ab474c53-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:43:42 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1238  Startzeit der fehlerhaften Anwendung: 0x01ce16bd7623f0ae  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: b3d79faf-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:43:46 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1e28  Startzeit der fehlerhaften Anwendung: 0x01ce16bd7895fa96  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: b649a997-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:11 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1c84  Startzeit der fehlerhaften Anwendung: 0x01ce16bd874e1ce8  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: c5042d49-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:15 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x578  Startzeit der fehlerhaften Anwendung: 0x01ce16bd89c026d0  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: c7763731-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:19 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1d48  Startzeit der fehlerhaften Anwendung: 0x01ce16bd8c3230b8  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: c9eaa27a-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:23 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1eb8  Startzeit der fehlerhaften Anwendung: 0x01ce16bd8ea43aa0  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: cc5a4b01-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:27 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1b40  Startzeit der fehlerhaften Anwendung: 0x01ce16bd91164488  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: cecc54e9-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:32 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1d24  Startzeit der fehlerhaften Anwendung: 0x01ce16bd93884e70  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: d140c032-82b0-11e2-b12f-9439e5e01a12
 
Error - 01.03.2013 16:44:36 | Computer Name = Lukas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bProtect.exe, Version: 2.6.1123.78,
 Zeitstempel: 0x510a5146  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00066f7b  ID des fehlerhaften
 Prozesses: 0x1d94  Startzeit der fehlerhaften Anwendung: 0x01ce16bd95fa5858  Pfad der
 fehlerhaften Anwendung: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SysWOW64\ntdll.dll  Berichtskennung: d3b2ca1a-82b0-11e2-b12f-9439e5e01a12
 
[ System Events ]
Error - 14.01.2013 10:19:22 | Computer Name = Lukas-PC | Source = bowser | ID = 8003
Description = 
 
Error - 16.01.2013 12:24:55 | Computer Name = Lukas-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 22.01.2013 09:43:29 | Computer Name = Lukas-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 23.01.2013 08:49:26 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 28.01.2013 10:07:10 | Computer Name = Lukas-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.121  registriert werden. Der Computer mit IP-Adresse 192.168.2.107
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 30.01.2013 12:54:30 | Computer Name = Lukas-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 30.01.2013 18:16:06 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 06.02.2013 03:06:52 | Computer Name = Lukas-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 09.02.2013 03:54:55 | Computer Name = Lukas-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 22:20:13 | Computer Name = Lukas-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Tommy


Alt 01.03.2013, 22:18   #6
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Und noch das andereOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2013 21:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,77% Memory free
15,89 Gb Paging File | 13,54 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 578,49 Gb Free Space | 88,36% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,29 Gb Free Space | 90,66% Space Free | Partition Type: NTFS
Drive F: | 661,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.01 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
PRC - [2013.02.27 14:50:00 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.27 14:47:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.27 14:47:12 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.19 17:23:29 | 000,896,512 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2013.02.18 17:21:16 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.18 17:21:16 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.16 18:22:40 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
PRC - [2013.01.25 13:47:00 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.01.25 13:47:00 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2012.09.25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012.07.12 12:14:05 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Lukas\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012.06.04 21:16:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.05.29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.06 04:40:27 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012.02.06 04:40:01 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.05.12 17:03:10 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.21 04:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.18 17:21:16 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.18 17:21:16 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.16 18:22:40 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.16 03:24:20 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.16 03:24:11 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 03:09:50 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
MOD - [2013.02.16 03:09:19 | 000,148,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll
MOD - [2013.02.16 03:04:09 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
MOD - [2013.01.10 14:34:35 | 001,078,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013.01.10 14:34:34 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013.01.10 14:33:19 | 001,925,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013.01.10 14:33:10 | 000,787,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 14:33:10 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 14:33:09 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.01.10 14:33:09 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013.01.10 14:33:08 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.01.10 14:33:08 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.10 14:32:41 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 14:30:43 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.10 14:30:43 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.10 14:28:22 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 14:28:20 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.10 14:27:56 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 14:27:45 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 14:27:41 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 14:27:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 14:27:38 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 14:27:33 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 14:04:54 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.10 14:04:20 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013.01.10 14:04:17 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.10 14:03:52 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.10 14:03:44 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 14:03:41 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 14:03:36 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.10 14:03:35 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 14:03:29 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.10 14:03:24 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 14:03:07 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.09.25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012.09.25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012.09.25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2012.02.06 04:40:26 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.02.06 04:40:01 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2012.02.05 19:26:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.02.16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011.02.16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 14:50:00 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.27 14:47:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.19 17:24:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.19 17:23:29 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.19 17:23:27 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.02.18 17:21:16 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
SRV - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2012.06.04 21:16:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011.05.12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.27 14:50:33 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.27 14:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.27 14:50:31 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.18 17:21:16 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.06 04:50:30 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.02.06 04:50:29 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.02.06 04:48:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.02.06 04:48:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.02.06 04:37:49 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2012.02.06 04:37:49 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011.10.28 12:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.07.27 00:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.02 00:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 05:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.09 21:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.01.29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 03:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 03:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={E984913E-C69E-11E1-952C-9439E5E01A12}
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={E984913E-C69E-11E1-952C-9439E5E01A12}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid={5D2B4 [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = ShowSearchSuggestionsInAddressGlobal
IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4C454E4446382670633D4D414C4E267372633D49452D536561726368426F78&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{31F3255B-015D-475E-BBBA-0A47EBD62A3A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{368DD6F5-786F-4933-B970-99F047C5D4C3}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3E2DE83D-2E43-4EFF-8BE4-F342278F4931}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D3149374C454E4E5F64654445343838&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5D2B4755-22E4-4E20-AA73-7D561C05B608}&mid=ffe573b2e9f947d0b4a24570a304f3e1-85a3ecc6dd4d5d5c32c6a341d266e1bba512cb2c&lang=en&ds=ft011&pr=sa&d=2012-06-16 21:37:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A44BAA04-79DE-4683-B1B8-3A108BF7DC14}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B2A7BA57-01EA-4829-9B30-8928B2F2F228}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C34D9BA5-B8BF-4769-88EB-BB2A75F9A186}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435433323237393735&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{D3A5FBB9-6DA1-4C12-B590-4A17399356D6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D266372673D332E313031303030302E31303030322662617269643D7B45393834393133452D433639452D313145312D393532432D3934333945354530314131327D&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 17:21:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Yahoo! Suche
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: FoxyDeal = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\5.0.5_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: FoxyDeal = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\5.0.5_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (appbario2 Toolbar) - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Lukas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6E5E59D-5011-429F-869C-3F57E89ED8AD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261123~1.78\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.10.23 07:14:18 | 000,000,107 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RunGame.exe -- [2004.10.23 07:14:18 | 000,192,512 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.03.01 21:15:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.03.01 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2013.03.01 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 19:07:08 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.01 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.28 19:36:17 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys
[2013.02.28 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.02.27 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Avira
[2013.02.27 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.27 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\APN
[2013.02.27 14:52:10 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.27 14:52:10 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.27 14:52:10 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.27 14:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.27 14:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.19 17:37:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Documents\PCSpeedUp
[2013.02.19 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{605E7B84-DDCA-44C0-A584-FD84F2C6E745}
[2013.02.19 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Iminent
[2013.02.19 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Skype
[2013.02.19 17:25:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.02.19 17:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.19 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.02.19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.02.19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.02.19 17:24:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013.02.19 17:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2013.02.19 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013.02.19 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
[2013.02.19 17:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal
[2013.02.19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.02.19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\DesktopIconForAmazon
[2013.02.19 17:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.19 17:23:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Opera
[2013.02.19 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\OCS
[2013.02.17 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2013.02.17 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{807F134D-B39D-438B-AB8B-B18803245634}
[2013.02.17 09:21:22 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.02.16 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\PMB Files
[2013.02.16 18:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.02.16 18:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.16 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\NFS Underground 2
[2013.02.16 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.16 17:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013.02.16 16:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2013.02.10 17:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Bilder Lumix
[2013.02.08 20:15:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Lieder
[2013.02.06 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Eigene Bilder
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 21:32:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 21:32:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 21:25:11 | 000,103,190 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.03.01 21:23:46 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.01 21:23:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.01 21:23:09 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.03.01 21:12:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.01 20:43:05 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 19:19:15 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001UA.job
[2013.03.01 19:07:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 13:19:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001Core.job
[2013.03.01 13:11:16 | 000,311,661 | ---- | M] () -- C:\Users\Lukas\Desktop\SE.odp
[2013.02.28 21:50:55 | 000,000,340 | ---- | M] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
[2013.02.28 19:36:17 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys
[2013.02.27 14:53:29 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.27 14:50:33 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.27 14:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.27 14:50:31 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.23 15:54:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.19 17:25:30 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 17:25:27 | 000,000,620 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.02.19 17:24:27 | 000,001,048 | ---- | M] () -- C:\Users\Lukas\Desktop\PC Speed Up.lnk
[2013.02.19 17:23:33 | 000,001,456 | ---- | M] () -- C:\Users\Lukas\Desktop\Amazon.lnk
[2013.02.18 17:24:17 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.02.18 17:21:16 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013.02.16 03:21:43 | 000,309,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.16 03:03:06 | 001,665,550 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.16 03:03:06 | 000,707,956 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.16 03:03:06 | 000,661,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.16 03:03:06 | 000,153,410 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.16 03:03:06 | 000,125,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.06 09:40:03 | 000,001,316 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.02.01 17:24:06 | 000,000,000 | ---- | M] () -- C:\END
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 19:07:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 14:53:29 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.19 17:25:30 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 17:25:11 | 000,000,620 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.02.19 17:24:46 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.19 17:24:28 | 000,000,340 | ---- | C] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
[2013.02.19 17:24:27 | 000,001,048 | ---- | C] () -- C:\Users\Lukas\Desktop\PC Speed Up.lnk
[2013.02.19 17:23:33 | 000,001,456 | ---- | C] () -- C:\Users\Lukas\Desktop\Amazon.lnk
[2013.02.18 17:24:17 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.02.04 19:36:29 | 000,311,661 | ---- | C] () -- C:\Users\Lukas\Desktop\SE.odp
[2013.01.31 14:25:59 | 000,000,000 | ---- | C] () -- C:\END
[2013.01.26 14:00:45 | 000,000,056 | ---- | C] () -- C:\windows\Tkkg_6.ini
[2012.09.26 15:07:13 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat
[2012.08.31 19:53:28 | 000,003,584 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.06 04:56:16 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.02.06 04:56:16 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.02.06 04:40:30 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.02.06 04:40:30 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.02.06 04:40:30 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.02.06 04:40:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.02.06 04:40:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.02.06 04:37:49 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2012.02.06 04:37:49 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2012.02.06 04:37:49 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2012.02.06 04:37:49 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2012.02.06 04:37:49 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2012.02.06 04:30:23 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2012.02.06 04:30:23 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2012.02.06 04:30:23 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2012.02.06 04:30:23 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2012.02.06 04:30:23 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012.02.06 04:30:23 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2012.02.06 04:25:29 | 001,621,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.02.06 03:55:55 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.02.06 03:55:53 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.02.06 03:55:53 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 03:55:52 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012.02.06 03:55:52 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.04 20:09:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2013.02.19 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DesktopIconForAmazon
[2013.02.19 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Iminent
[2012.08.31 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\IrfanView
[2013.02.17 11:49:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2012.06.22 14:13:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World
[2013.02.19 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OCS
[2012.06.18 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2013.02.19 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Opera
[2013.01.26 13:25:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin
[2012.08.25 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PerformerSoft
[2012.06.19 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Phase6
[2012.09.07 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Spotify
[2012.07.12 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.08 20:15:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.09.02 21:12:36 | 000,000,000 | ---D | M] -- C:\18c56281912becc1a5
[2012.07.31 14:03:22 | 000,000,000 | ---D | M] -- C:\1a9db15dccfbe560de7b6a
[2012.09.03 20:29:54 | 000,000,000 | ---D | M] -- C:\3c03b59872d18fc0cc460af47c
[2013.01.10 14:06:14 | 000,000,000 | ---D | M] -- C:\478ce7a25d71cc9b3b13e1107f7eb223
[2013.01.26 13:23:05 | 000,000,000 | ---D | M] -- C:\5bf1eab35122566f65b0578e
[2013.01.26 13:23:33 | 000,000,000 | ---D | M] -- C:\9c466c2adb8c21639930f92ff1
[2012.11.17 20:34:23 | 000,000,000 | ---D | M] -- C:\d3c2bf532973a2490d983054
[2012.11.17 17:51:00 | 000,000,000 | ---D | M] -- C:\dceb434f512e9d1b1744861fbb
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.26 13:24:00 | 000,000,000 | ---D | M] -- C:\e01983c7ce5ab491b8
[2013.01.10 13:56:53 | 000,000,000 | ---D | M] -- C:\f2440f98657ff1068edcc6
[2012.02.06 03:56:03 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.17 17:38:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.01 21:09:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.01 21:09:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.17 09:21:26 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.03.01 21:33:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.26 14:00:28 | 000,000,000 | ---D | M] -- C:\Tivola
[2012.02.06 04:33:21 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2012.06.16 18:14:39 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.27 18:54:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,030,866 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.02.06 04:47:03 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 04:47:05 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.17 17:54:21 | 000,001,116 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001Core.job
[2012.06.17 17:54:21 | 000,001,138 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001UA.job
[2013.02.19 17:24:28 | 000,000,340 | ---- | C] () -- C:\windows\Tasks\PC SpeedUp Service Deactivator.job
[2013.02.19 17:24:46 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.03.01 21:37:45 | 004,194,304 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT
[2013.03.01 21:37:45 | 000,262,144 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat.LOG1
[2012.06.16 18:14:45 | 000,000,000 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat.LOG2
[2012.06.16 21:55:01 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.16 21:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.16 21:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.16 18:14:45 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
Tommy

Alt 01.03.2013, 22:19   #7
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Und noch das andereOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2013 21:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,77% Memory free
15,89 Gb Paging File | 13,54 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 578,49 Gb Free Space | 88,36% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,29 Gb Free Space | 90,66% Space Free | Partition Type: NTFS
Drive F: | 661,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.01 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
PRC - [2013.02.27 14:50:00 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.27 14:47:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.27 14:47:12 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.19 17:23:29 | 000,896,512 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2013.02.18 17:21:16 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.18 17:21:16 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.16 18:22:40 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
PRC - [2013.01.25 13:47:00 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.01.25 13:47:00 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2012.09.25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012.07.12 12:14:05 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Lukas\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012.06.04 21:16:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.05.29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.06 04:40:27 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012.02.06 04:40:01 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.05.12 17:03:10 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.21 04:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.18 17:21:16 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.18 17:21:16 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.16 18:22:40 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.16 03:24:20 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.16 03:24:11 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 03:09:50 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
MOD - [2013.02.16 03:09:19 | 000,148,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll
MOD - [2013.02.16 03:04:09 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
MOD - [2013.01.10 14:34:35 | 001,078,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013.01.10 14:34:34 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013.01.10 14:33:19 | 001,925,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013.01.10 14:33:10 | 000,787,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 14:33:10 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 14:33:09 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.01.10 14:33:09 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013.01.10 14:33:08 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.01.10 14:33:08 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.10 14:32:41 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 14:30:43 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.10 14:30:43 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.10 14:28:22 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 14:28:20 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.10 14:27:56 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 14:27:45 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 14:27:41 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 14:27:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 14:27:38 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 14:27:33 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 14:04:54 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.10 14:04:20 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013.01.10 14:04:17 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.10 14:03:52 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.10 14:03:44 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 14:03:41 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 14:03:36 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.10 14:03:35 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 14:03:29 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.10 14:03:24 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 14:03:07 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.09.25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012.09.25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012.09.25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2012.02.06 04:40:26 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.02.06 04:40:01 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2012.02.05 19:26:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.02.16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011.02.16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 14:50:00 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.27 14:47:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.19 17:24:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.19 17:23:29 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.19 17:23:27 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.02.18 17:21:16 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
SRV - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2012.06.04 21:16:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011.05.12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.27 14:50:33 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.27 14:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.27 14:50:31 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.18 17:21:16 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.06 04:50:30 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.02.06 04:50:29 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.02.06 04:48:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.02.06 04:48:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.02.06 04:37:49 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2012.02.06 04:37:49 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011.10.28 12:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.07.27 00:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.02 00:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 05:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.09 21:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.01.29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 03:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 03:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE) [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={E984913E-C69E-11E1-952C-9439E5E01A12}
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={E984913E-C69E-11E1-952C-9439E5E01A12}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid={5D2B4 [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = ShowSearchSuggestionsInAddressGlobal
IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4C454E4446382670633D4D414C4E267372633D49452D536561726368426F78&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{31F3255B-015D-475E-BBBA-0A47EBD62A3A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{368DD6F5-786F-4933-B970-99F047C5D4C3}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3E2DE83D-2E43-4EFF-8BE4-F342278F4931}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D3149374C454E4E5F64654445343838&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5D2B4755-22E4-4E20-AA73-7D561C05B608}&mid=ffe573b2e9f947d0b4a24570a304f3e1-85a3ecc6dd4d5d5c32c6a341d266e1bba512cb2c&lang=en&ds=ft011&pr=sa&d=2012-06-16 21:37:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A44BAA04-79DE-4683-B1B8-3A108BF7DC14}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B2A7BA57-01EA-4829-9B30-8928B2F2F228}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C34D9BA5-B8BF-4769-88EB-BB2A75F9A186}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435433323237393735&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{D3A5FBB9-6DA1-4C12-B590-4A17399356D6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D266372673D332E313031303030302E31303030322662617269643D7B45393834393133452D433639452D313145312D393532432D3934333945354530314131327D&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 17:21:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Yahoo! Suche
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: FoxyDeal = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\5.0.5_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: FoxyDeal = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\5.0.5_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (appbario2 Toolbar) - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Lukas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6E5E59D-5011-429F-869C-3F57E89ED8AD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261123~1.78\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.10.23 07:14:18 | 000,000,107 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RunGame.exe -- [2004.10.23 07:14:18 | 000,192,512 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.03.01 21:15:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.03.01 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2013.03.01 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 19:07:08 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.01 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.28 19:36:17 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys
[2013.02.28 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.02.27 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Avira
[2013.02.27 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.27 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\APN
[2013.02.27 14:52:10 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.27 14:52:10 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.27 14:52:10 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.27 14:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.27 14:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.19 17:37:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Documents\PCSpeedUp
[2013.02.19 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{605E7B84-DDCA-44C0-A584-FD84F2C6E745}
[2013.02.19 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Iminent
[2013.02.19 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Skype
[2013.02.19 17:25:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.02.19 17:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.19 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.02.19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.02.19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.02.19 17:24:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013.02.19 17:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2013.02.19 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013.02.19 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
[2013.02.19 17:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal
[2013.02.19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.02.19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\DesktopIconForAmazon
[2013.02.19 17:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.19 17:23:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Opera
[2013.02.19 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\OCS
[2013.02.17 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2013.02.17 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{807F134D-B39D-438B-AB8B-B18803245634}
[2013.02.17 09:21:22 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.02.16 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\PMB Files
[2013.02.16 18:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.02.16 18:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.16 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\NFS Underground 2
[2013.02.16 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.16 17:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013.02.16 16:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2013.02.10 17:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Bilder Lumix
[2013.02.08 20:15:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Lieder
[2013.02.06 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Eigene Bilder
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 21:32:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 21:32:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 21:25:11 | 000,103,190 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.03.01 21:23:46 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.01 21:23:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.01 21:23:09 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.03.01 21:12:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.01 20:43:05 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 19:19:15 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001UA.job
[2013.03.01 19:07:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 13:19:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001Core.job
[2013.03.01 13:11:16 | 000,311,661 | ---- | M] () -- C:\Users\Lukas\Desktop\SE.odp
[2013.02.28 21:50:55 | 000,000,340 | ---- | M] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
[2013.02.28 19:36:17 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys
[2013.02.27 14:53:29 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.27 14:50:33 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.27 14:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.27 14:50:31 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.23 15:54:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.19 17:25:30 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 17:25:27 | 000,000,620 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.02.19 17:24:27 | 000,001,048 | ---- | M] () -- C:\Users\Lukas\Desktop\PC Speed Up.lnk
[2013.02.19 17:23:33 | 000,001,456 | ---- | M] () -- C:\Users\Lukas\Desktop\Amazon.lnk
[2013.02.18 17:24:17 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.02.18 17:21:16 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013.02.16 03:21:43 | 000,309,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.16 03:03:06 | 001,665,550 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.16 03:03:06 | 000,707,956 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.16 03:03:06 | 000,661,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.16 03:03:06 | 000,153,410 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.16 03:03:06 | 000,125,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.06 09:40:03 | 000,001,316 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.02.01 17:24:06 | 000,000,000 | ---- | M] () -- C:\END
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 19:07:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 14:53:29 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.19 17:25:30 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 17:25:11 | 000,000,620 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.02.19 17:24:46 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.19 17:24:28 | 000,000,340 | ---- | C] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
[2013.02.19 17:24:27 | 000,001,048 | ---- | C] () -- C:\Users\Lukas\Desktop\PC Speed Up.lnk
[2013.02.19 17:23:33 | 000,001,456 | ---- | C] () -- C:\Users\Lukas\Desktop\Amazon.lnk
[2013.02.18 17:24:17 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.02.04 19:36:29 | 000,311,661 | ---- | C] () -- C:\Users\Lukas\Desktop\SE.odp
[2013.01.31 14:25:59 | 000,000,000 | ---- | C] () -- C:\END
[2013.01.26 14:00:45 | 000,000,056 | ---- | C] () -- C:\windows\Tkkg_6.ini
[2012.09.26 15:07:13 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat
[2012.08.31 19:53:28 | 000,003,584 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.06 04:56:16 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.02.06 04:56:16 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.02.06 04:40:30 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.02.06 04:40:30 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.02.06 04:40:30 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.02.06 04:40:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.02.06 04:40:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.02.06 04:37:49 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2012.02.06 04:37:49 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2012.02.06 04:37:49 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2012.02.06 04:37:49 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2012.02.06 04:37:49 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2012.02.06 04:30:23 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2012.02.06 04:30:23 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2012.02.06 04:30:23 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2012.02.06 04:30:23 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2012.02.06 04:30:23 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012.02.06 04:30:23 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2012.02.06 04:25:29 | 001,621,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.02.06 03:55:55 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.02.06 03:55:53 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.02.06 03:55:53 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 03:55:52 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012.02.06 03:55:52 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.04 20:09:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2013.02.19 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DesktopIconForAmazon
[2013.02.19 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Iminent
[2012.08.31 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\IrfanView
[2013.02.17 11:49:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2012.06.22 14:13:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World
[2013.02.19 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OCS
[2012.06.18 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2013.02.19 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Opera
[2013.01.26 13:25:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin
[2012.08.25 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PerformerSoft
[2012.06.19 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Phase6
[2012.09.07 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Spotify
[2012.07.12 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.08 20:15:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.09.02 21:12:36 | 000,000,000 | ---D | M] -- C:\18c56281912becc1a5
[2012.07.31 14:03:22 | 000,000,000 | ---D | M] -- C:\1a9db15dccfbe560de7b6a
[2012.09.03 20:29:54 | 000,000,000 | ---D | M] -- C:\3c03b59872d18fc0cc460af47c
[2013.01.10 14:06:14 | 000,000,000 | ---D | M] -- C:\478ce7a25d71cc9b3b13e1107f7eb223
[2013.01.26 13:23:05 | 000,000,000 | ---D | M] -- C:\5bf1eab35122566f65b0578e
[2013.01.26 13:23:33 | 000,000,000 | ---D | M] -- C:\9c466c2adb8c21639930f92ff1
[2012.11.17 20:34:23 | 000,000,000 | ---D | M] -- C:\d3c2bf532973a2490d983054
[2012.11.17 17:51:00 | 000,000,000 | ---D | M] -- C:\dceb434f512e9d1b1744861fbb
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.26 13:24:00 | 000,000,000 | ---D | M] -- C:\e01983c7ce5ab491b8
[2013.01.10 13:56:53 | 000,000,000 | ---D | M] -- C:\f2440f98657ff1068edcc6
[2012.02.06 03:56:03 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.17 17:38:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.01 21:09:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.01 21:09:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.17 09:21:26 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.03.01 21:33:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.26 14:00:28 | 000,000,000 | ---D | M] -- C:\Tivola
[2012.02.06 04:33:21 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2012.06.16 18:14:39 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.27 18:54:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,030,866 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.02.06 04:47:03 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 04:47:05 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.17 17:54:21 | 000,001,116 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001Core.job
[2012.06.17 17:54:21 | 000,001,138 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001UA.job
[2013.02.19 17:24:28 | 000,000,340 | ---- | C] () -- C:\windows\Tasks\PC SpeedUp Service Deactivator.job
[2013.02.19 17:24:46 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.03.01 21:37:45 | 004,194,304 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT
[2013.03.01 21:37:45 | 000,262,144 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat.LOG1
[2012.06.16 18:14:45 | 000,000,000 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat.LOG2
[2012.06.16 21:55:01 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.16 21:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.16 21:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.16 18:14:45 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

Tommy

Noch das erste Logfile. Wo finde ich das mit den Funden?

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.03.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lukas :: LUKAS-PC [Administrator]

01.03.2013 19:08:29
mbam-log-2013-03-01 (19-08-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391224
Laufzeit: 1 Stunde(n), 47 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 18
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Daten: I Want This -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\AppData\Local\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-442737726-613137756-1431442485-1001\$R1YQIC1.exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_515\uninstall.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMYTP8PS\minecraft setup.exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lukas\Desktop\soft_pcp_conduit.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hallo,
ich möchte mich entschuldigen, für das etwas chaotische Posting. Aber mit einem Rechner, der alle 3 Sekunden das aktive Fenster wechselt und man dann nicht mehr schreiben kann, ist das recht schwer (zumindest für mich).
Nach dem eersten Scan mit Malwarebytes hab ich danach weder das Logfile noch das Programm auf dem Rechner gefunden. Deshalb hab ich es eben noch mal runtergaladen und einen weiteren Scan gemacht. Nun taucht das 1. Logfile aber wieder im Logbuch auf. Verstehe ich nicht so ganz. Ich hoffe aber, dass du mit den bisherigen Infos mein Problem, oder besser das meines Sohnes, beheben kannst.

Vielen Dank schon mal

Tommy

Hallo,
ich möchte mich entschuldigen, für das etwas chaotische Posting. Aber mit einem Rechner, der alle 3 Sekunden das aktive Fenster wechselt und man dann nicht mehr schreiben kann, ist das recht schwer (zumindest für mich).
Nach dem eersten Scan mit Malwarebytes hab ich danach weder das Logfile noch das Programm auf dem Rechner gefunden. Deshalb hab ich es eben noch mal runtergaladen und einen weiteren Scan gemacht. Nun taucht das 1. Logfile aber wieder im Logbuch auf. Verstehe ich nicht so ganz. Ich hoffe aber, dass du mit den bisherigen Infos mein Problem, oder besser das meines Sohnes, beheben kannst.

Vielen Dank schon mal

Tommy

Alt 03.03.2013, 19:11   #8
markusg
/// Malware-holic
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RunGame.exe -- [2004.10.23 07:14:18 | 000,192,512 | R--- | M]
(Electronic Arts Inc.)
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 20:44   #9
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi

das Problem besteht weiter. Keine Besserung.

Hier das FileOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.03.2013 21:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lukas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 73,77% Memory free
15,89 Gb Paging File | 13,54 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 578,49 Gb Free Space | 88,36% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,29 Gb Free Space | 90,66% Space Free | Partition Type: NTFS
Drive F: | 661,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LUKAS-PC | User Name: Lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.01 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
PRC - [2013.02.27 14:50:00 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.27 14:47:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.27 14:47:12 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.19 17:23:29 | 000,896,512 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe
PRC - [2013.02.18 17:21:16 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013.02.18 17:21:16 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013.02.16 18:22:40 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
PRC - [2013.01.25 13:47:00 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013.01.25 13:47:00 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
PRC - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2012.09.25 10:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012.07.12 12:14:05 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Lukas\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012.06.04 21:16:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012.05.29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.06 04:40:27 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012.02.06 04:40:01 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.05.12 17:03:10 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.21 04:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.18 17:21:16 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013.02.18 17:21:16 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013.02.16 18:22:40 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013.02.16 03:24:20 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.16 03:24:11 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 03:09:50 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll
MOD - [2013.02.16 03:09:19 | 000,148,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll
MOD - [2013.02.16 03:04:09 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013.01.31 12:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
MOD - [2013.01.10 14:34:35 | 001,078,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013.01.10 14:34:34 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013.01.10 14:33:19 | 001,925,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013.01.10 14:33:10 | 000,787,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 14:33:10 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 14:33:09 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.01.10 14:33:09 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013.01.10 14:33:08 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.01.10 14:33:08 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.10 14:32:41 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 14:30:43 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.10 14:30:43 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.10 14:28:22 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 14:28:20 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.10 14:27:56 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 14:27:45 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 14:27:41 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 14:27:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 14:27:38 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 14:27:33 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 14:04:54 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.10 14:04:20 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013.01.10 14:04:17 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.10 14:03:52 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.10 14:03:44 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 14:03:41 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 14:03:36 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.10 14:03:35 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 14:03:29 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.10 14:03:24 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 14:03:07 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.09.25 10:05:32 | 022,423,984 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012.09.25 10:05:08 | 000,181,680 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012.09.25 10:05:00 | 000,286,640 | ---- | M] () -- C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2012.02.06 04:40:26 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012.02.06 04:40:01 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2012.02.05 19:26:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.02.16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011.02.16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.27 14:50:00 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.27 14:47:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.19 17:24:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.19 17:23:29 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper)
SRV - [2013.02.19 17:23:27 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2013.02.18 17:21:16 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013.01.31 12:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
SRV - [2013.01.25 09:58:02 | 002,663,976 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2012.06.04 21:16:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011.05.12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.05.10 05:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.27 14:50:33 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.27 14:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.27 14:50:31 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.18 17:21:16 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.06 04:50:30 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012.02.06 04:50:29 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.02.06 04:48:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012.02.06 04:48:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012.02.06 04:37:49 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2012.02.06 04:37:49 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011.10.28 12:23:56 | 000,398,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.09.29 04:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.29 04:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.07.27 00:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.07.02 00:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011.05.13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.05.13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.05.13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.05.13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.05.13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.05.10 05:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.09 21:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.01.29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 03:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 03:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:17 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={E984913E-C69E-11E1-952C-9439E5E01A12}
IE - HKLM\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={E984913E-C69E-11E1-952C-9439E5E01A12}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://isearch.avg.com/?cid={5D2B4 [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2nt&d
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = ShowSearchSuggestionsInAddressGlobal
IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4C454E4446382670633D4D414C4E267372633D49452D536561726368426F78&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{31F3255B-015D-475E-BBBA-0A47EBD62A3A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{368DD6F5-786F-4933-B970-99F047C5D4C3}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3E2DE83D-2E43-4EFF-8BE4-F342278F4931}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D3149374C454E4E5F64654445343838&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5D2B4755-22E4-4E20-AA73-7D561C05B608}&mid=ffe573b2e9f947d0b4a24570a304f3e1-85a3ecc6dd4d5d5c32c6a341d266e1bba512cb2c&lang=en&ds=ft011&pr=sa&d=2012-06-16 21:37:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A44BAA04-79DE-4683-B1B8-3A108BF7DC14}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{B2A7BA57-01EA-4829-9B30-8928B2F2F228}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C34D9BA5-B8BF-4769-88EB-BB2A75F9A186}: "URL" = hxxp://search.conduit.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E636F6E647569742E636F6D2F526573756C74734578742E617370783F713D7B7365617263685465726D737D26536561726368536F757263653D3426637469643D435433323237393735&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\..\SearchScopes\{D3A5FBB9-6DA1-4C12-B590-4A17399356D6}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D3626713D7B7365617263685465726D737D266372673D332E313031303030302E31303030322662617269643D7B45393834393133452D433639452D313145312D393532432D3934333945354530314131327D&st={searchTerms}&clid=dfe40c18-5383-406b-b395-3b00e23437e5&pid=odownloadde&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 17:21:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.463.83\FirefoxExtension
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: FoxyDeal = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\5.0.5_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: FoxyDeal = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan\5.0.5_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Wajam = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (appbario2 Toolbar) - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (appbario2 Toolbar) - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Program Files (x86)\appbario2\prxtbappb.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Lukas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O4 - Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Lukas\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6E5E59D-5011-429F-869C-3F57E89ED8AD}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261123~1.78\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.10.23 07:14:18 | 000,000,107 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RunGame.exe -- [2004.10.23 07:14:18 | 000,192,512 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.03.01 21:15:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.03.01 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2013.03.01 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 19:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 19:07:08 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.01 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.28 19:36:17 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys
[2013.02.28 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.02.27 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Avira
[2013.02.27 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.27 14:53:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\APN
[2013.02.27 14:52:10 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.27 14:52:10 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.27 14:52:10 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.27 14:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.27 14:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.19 17:37:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Documents\PCSpeedUp
[2013.02.19 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{605E7B84-DDCA-44C0-A584-FD84F2C6E745}
[2013.02.19 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Iminent
[2013.02.19 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Skype
[2013.02.19 17:25:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.19 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.02.19 17:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.02.19 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.02.19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013.02.19 17:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013.02.19 17:24:43 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2013.02.19 17:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2013.02.19 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013.02.19 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
[2013.02.19 17:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal
[2013.02.19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs
[2013.02.19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\DesktopIconForAmazon
[2013.02.19 17:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.19 17:23:29 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Opera
[2013.02.19 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\OCS
[2013.02.17 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2013.02.17 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\{807F134D-B39D-438B-AB8B-B18803245634}
[2013.02.17 09:21:22 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.02.16 18:22:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\PMB Files
[2013.02.16 18:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013.02.16 18:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.16 17:08:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\NFS Underground 2
[2013.02.16 17:08:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.02.16 17:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2013.02.16 16:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2013.02.10 17:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Bilder Lumix
[2013.02.08 20:15:37 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Lieder
[2013.02.06 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\Eigene Bilder
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 21:32:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 21:32:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 21:25:11 | 000,103,190 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.03.01 21:23:46 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.01 21:23:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.03.01 21:23:09 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2013.03.01 21:12:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.01 20:43:05 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 19:19:15 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001UA.job
[2013.03.01 19:07:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 13:19:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001Core.job
[2013.03.01 13:11:16 | 000,311,661 | ---- | M] () -- C:\Users\Lukas\Desktop\SE.odp
[2013.02.28 21:50:55 | 000,000,340 | ---- | M] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
[2013.02.28 19:36:17 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys
[2013.02.27 14:53:29 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.27 14:50:33 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.02.27 14:50:32 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.02.27 14:50:31 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.02.23 15:54:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.19 17:25:30 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 17:25:27 | 000,000,620 | ---- | M] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.02.19 17:24:27 | 000,001,048 | ---- | M] () -- C:\Users\Lukas\Desktop\PC Speed Up.lnk
[2013.02.19 17:23:33 | 000,001,456 | ---- | M] () -- C:\Users\Lukas\Desktop\Amazon.lnk
[2013.02.18 17:24:17 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.02.18 17:21:16 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013.02.16 03:21:43 | 000,309,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.02.16 03:03:06 | 001,665,550 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.02.16 03:03:06 | 000,707,956 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.02.16 03:03:06 | 000,661,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.02.16 03:03:06 | 000,153,410 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.02.16 03:03:06 | 000,125,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.02.06 09:40:03 | 000,001,316 | ---- | M] () -- C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.02.01 17:24:06 | 000,000,000 | ---- | M] () -- C:\END
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 19:07:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 14:53:29 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.19 17:25:30 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.19 17:25:11 | 000,000,620 | ---- | C] () -- C:\windows\SysWow64\InstallUtil.InstallLog
[2013.02.19 17:24:46 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.02.19 17:24:28 | 000,000,340 | ---- | C] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
[2013.02.19 17:24:27 | 000,001,048 | ---- | C] () -- C:\Users\Lukas\Desktop\PC Speed Up.lnk
[2013.02.19 17:23:33 | 000,001,456 | ---- | C] () -- C:\Users\Lukas\Desktop\Amazon.lnk
[2013.02.18 17:24:17 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.02.04 19:36:29 | 000,311,661 | ---- | C] () -- C:\Users\Lukas\Desktop\SE.odp
[2013.01.31 14:25:59 | 000,000,000 | ---- | C] () -- C:\END
[2013.01.26 14:00:45 | 000,000,056 | ---- | C] () -- C:\windows\Tkkg_6.ini
[2012.09.26 15:07:13 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat
[2012.08.31 19:53:28 | 000,003,584 | ---- | C] () -- C:\Users\Lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.06 04:56:16 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012.02.06 04:56:16 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012.02.06 04:40:30 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012.02.06 04:40:30 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012.02.06 04:40:30 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.02.06 04:40:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012.02.06 04:40:25 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012.02.06 04:37:49 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
[2012.02.06 04:37:49 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
[2012.02.06 04:37:49 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
[2012.02.06 04:37:49 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
[2012.02.06 04:37:49 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
[2012.02.06 04:30:23 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
[2012.02.06 04:30:23 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2012.02.06 04:30:23 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
[2012.02.06 04:30:23 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
[2012.02.06 04:30:23 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012.02.06 04:30:23 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
[2012.02.06 04:25:29 | 001,621,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.02.06 03:55:55 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.02.06 03:55:53 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.02.06 03:55:53 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.02.06 03:55:52 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012.02.06 03:55:52 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.04 20:09:32 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft
[2013.02.19 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DesktopIconForAmazon
[2013.02.19 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Iminent
[2012.08.31 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\IrfanView
[2013.02.17 11:49:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient
[2012.06.22 14:13:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World
[2013.02.19 17:23:27 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OCS
[2012.06.18 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\OpenOffice.org
[2013.02.19 17:23:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Opera
[2013.01.26 13:25:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin
[2012.08.25 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\PerformerSoft
[2012.06.19 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Phase6
[2012.09.07 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Spotify
[2012.07.12 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.08 20:15:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.09.02 21:12:36 | 000,000,000 | ---D | M] -- C:\18c56281912becc1a5
[2012.07.31 14:03:22 | 000,000,000 | ---D | M] -- C:\1a9db15dccfbe560de7b6a
[2012.09.03 20:29:54 | 000,000,000 | ---D | M] -- C:\3c03b59872d18fc0cc460af47c
[2013.01.10 14:06:14 | 000,000,000 | ---D | M] -- C:\478ce7a25d71cc9b3b13e1107f7eb223
[2013.01.26 13:23:05 | 000,000,000 | ---D | M] -- C:\5bf1eab35122566f65b0578e
[2013.01.26 13:23:33 | 000,000,000 | ---D | M] -- C:\9c466c2adb8c21639930f92ff1
[2012.11.17 20:34:23 | 000,000,000 | ---D | M] -- C:\d3c2bf532973a2490d983054
[2012.11.17 17:51:00 | 000,000,000 | ---D | M] -- C:\dceb434f512e9d1b1744861fbb
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.26 13:24:00 | 000,000,000 | ---D | M] -- C:\e01983c7ce5ab491b8
[2013.01.10 13:56:53 | 000,000,000 | ---D | M] -- C:\f2440f98657ff1068edcc6
[2012.02.06 03:56:03 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.17 17:38:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.01 21:09:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.01 21:09:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.06.16 18:14:28 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.17 09:21:26 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.03.01 21:33:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.26 14:00:28 | 000,000,000 | ---D | M] -- C:\Tivola
[2012.02.06 04:33:21 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2012.06.16 18:14:39 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.27 18:54:59 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,030,866 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.02.06 04:47:03 | 000,001,120 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 04:47:05 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.17 17:54:21 | 000,001,116 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001Core.job
[2012.06.17 17:54:21 | 000,001,138 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-442737726-613137756-1431442485-1001UA.job
[2013.02.19 17:24:28 | 000,000,340 | ---- | C] () -- C:\windows\Tasks\PC SpeedUp Service Deactivator.job
[2013.02.19 17:24:46 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.09.29 04:19:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.09.29 04:19:34 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.29 04:23:24 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.29 04:23:24 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.03.01 21:37:45 | 004,194,304 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT
[2013.03.01 21:37:45 | 000,262,144 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat.LOG1
[2012.06.16 18:14:45 | 000,000,000 | -HS- | M] () -- C:\Users\Lukas\ntuser.dat.LOG2
[2012.06.16 21:55:01 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.16 21:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.16 21:55:01 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.16 18:14:45 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

Alt 03.03.2013, 20:47   #10
markusg
/// Malware-holic
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



das ist otl.txt erneut, aber du solltest einen fix ausführen und den Log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 20:57   #11
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi

sorry, hab die falsche Datei kopiert

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e83a26de-506d-11e1-a4f2-806e6f6e6963}\ not found.
File move failed. F:\RunGame.exe scheduled to be moved on reboot.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1206312 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lukas
->Temp folder emptied: 370427047 bytes
->Temporary Internet Files folder emptied: 394134859 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 352147835 bytes
->Flash cache emptied: 100990 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 350022287 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 3048987071 bytes

Total Files Cleaned = 4.308,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03032013_202956

Files\Folders moved on Reboot...
File move failed. F:\RunGame.exe scheduled to be moved on reboot.
C:\Users\Lukas\AppData\Local\Temp\OCS\Downloads\7ed8df94d7e5a4dbe1c7c8d0c7ab9d82\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe moved successfully.
File move failed. C:\Users\Lukas\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 03.03.2013, 21:24   #12
markusg
/// Malware-holic
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 21:41   #13
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi,

Danke schon mal

Tommy

21:34:27.0420 11884 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:34:27.0607 11884 ============================================================
21:34:27.0607 11884 Current date / time: 2013/03/03 21:34:27.0607
21:34:27.0607 11884 SystemInfo:
21:34:27.0607 11884
21:34:27.0607 11884 OS Version: 6.1.7601 ServicePack: 1.0
21:34:27.0607 11884 Product type: Workstation
21:34:27.0607 11884 ComputerName: LUKAS-PC
21:34:27.0607 11884 UserName: Lukas
21:34:27.0607 11884 Windows directory: C:\windows
21:34:27.0607 11884 System windows directory: C:\windows
21:34:27.0607 11884 Running under WOW64
21:34:27.0607 11884 Processor architecture: Intel x64
21:34:27.0607 11884 Number of processors: 4
21:34:27.0607 11884 Page size: 0x1000
21:34:27.0607 11884 Boot type: Normal boot
21:34:27.0607 11884 ============================================================
21:34:28.0293 11884 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:28.0309 11884 ============================================================
21:34:28.0309 11884 \Device\Harddisk0\DR0:
21:34:28.0309 11884 MBR partitions:
21:34:28.0309 11884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
21:34:28.0309 11884 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
21:34:28.0340 11884 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
21:34:28.0340 11884 ============================================================
21:34:28.0387 11884 C: <-> \Device\Harddisk0\DR0\Partition2
21:34:28.0449 11884 D: <-> \Device\Harddisk0\DR0\Partition3
21:34:28.0449 11884 ============================================================
21:34:28.0449 11884 Initialize success
21:34:28.0449 11884 ============================================================
21:36:24.0841 12632 ============================================================
21:36:24.0841 12632 Scan started
21:36:24.0841 12632 Mode: Manual; SigCheck; TDLFS;
21:36:24.0841 12632 ============================================================
21:36:25.0262 12632 ================ Scan system memory ========================
21:36:25.0262 12632 System memory - ok
21:36:25.0262 12632 ================ Scan services =============================
21:36:25.0559 12632 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:36:25.0652 12632 1394ohci - ok
21:36:25.0699 12632 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:36:25.0730 12632 ACPI - ok
21:36:25.0746 12632 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:36:25.0777 12632 AcpiPmi - ok
21:36:25.0808 12632 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
21:36:25.0824 12632 ACPIVPC - ok
21:36:25.0933 12632 AddonsHelper - ok
21:36:26.0089 12632 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:26.0120 12632 AdobeFlashPlayerUpdateSvc - ok
21:36:26.0167 12632 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
21:36:26.0214 12632 adp94xx - ok
21:36:26.0245 12632 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
21:36:26.0292 12632 adpahci - ok
21:36:26.0323 12632 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
21:36:26.0354 12632 adpu320 - ok
21:36:26.0386 12632 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:36:26.0432 12632 AeLookupSvc - ok
21:36:26.0479 12632 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
21:36:26.0542 12632 AFD - ok
21:36:26.0573 12632 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:36:26.0588 12632 agp440 - ok
21:36:26.0620 12632 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:36:26.0666 12632 ALG - ok
21:36:26.0698 12632 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:36:26.0713 12632 aliide - ok
21:36:26.0729 12632 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:36:26.0744 12632 amdide - ok
21:36:26.0760 12632 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
21:36:26.0791 12632 AmdK8 - ok
21:36:26.0822 12632 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
21:36:26.0854 12632 AmdPPM - ok
21:36:26.0885 12632 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
21:36:26.0900 12632 amdsata - ok
21:36:26.0932 12632 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
21:36:26.0963 12632 amdsbs - ok
21:36:26.0994 12632 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:36:27.0010 12632 amdxata - ok
21:36:27.0025 12632 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\windows\system32\Drivers\ssadadb.sys
21:36:27.0056 12632 androidusb - ok
21:36:27.0181 12632 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:36:27.0197 12632 AntiVirSchedulerService - ok
21:36:27.0228 12632 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:36:27.0244 12632 AntiVirService - ok
21:36:27.0290 12632 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:36:27.0384 12632 AppID - ok
21:36:27.0415 12632 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:36:27.0446 12632 AppIDSvc - ok
21:36:27.0462 12632 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:36:27.0524 12632 Appinfo - ok
21:36:27.0540 12632 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
21:36:27.0556 12632 arc - ok
21:36:27.0571 12632 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
21:36:27.0587 12632 arcsas - ok
21:36:27.0696 12632 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:36:27.0727 12632 aspnet_state - ok
21:36:27.0758 12632 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:36:27.0836 12632 AsyncMac - ok
21:36:27.0868 12632 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:36:27.0868 12632 atapi - ok
21:36:27.0899 12632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:36:27.0961 12632 AudioEndpointBuilder - ok
21:36:27.0977 12632 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:36:28.0008 12632 AudioSrv - ok
21:36:28.0039 12632 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
21:36:28.0055 12632 avgntflt - ok
21:36:28.0102 12632 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\windows\system32\drivers\avgtpx64.sys
21:36:28.0133 12632 avgtp - ok
21:36:28.0180 12632 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
21:36:28.0211 12632 avipbb - ok
21:36:28.0226 12632 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
21:36:28.0226 12632 avkmgr - ok
21:36:28.0258 12632 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:36:28.0304 12632 AxInstSV - ok
21:36:28.0351 12632 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
21:36:28.0398 12632 b06bdrv - ok
21:36:28.0429 12632 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:36:28.0460 12632 b57nd60a - ok
21:36:28.0585 12632 [ 43AD3D3E7674833FCA9A7C4E7180AD54 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
21:36:28.0648 12632 BCM43XX - ok
21:36:28.0819 12632 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:36:28.0882 12632 BDESVC - ok
21:36:28.0913 12632 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:36:29.0022 12632 Beep - ok
21:36:29.0069 12632 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:36:29.0162 12632 BFE - ok
21:36:29.0194 12632 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
21:36:29.0225 12632 BITS - ok
21:36:29.0240 12632 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:36:29.0272 12632 blbdrive - ok
21:36:29.0303 12632 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:36:29.0318 12632 bowser - ok
21:36:29.0350 12632 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
21:36:29.0365 12632 BPntDrv - ok
21:36:29.0506 12632 [ B98EF68B1E3DC5AC79A432900947EA2D ] bProtector C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
21:36:29.0552 12632 bProtector - ok
21:36:29.0584 12632 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
21:36:29.0630 12632 BrFiltLo - ok
21:36:29.0630 12632 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
21:36:29.0662 12632 BrFiltUp - ok
21:36:29.0708 12632 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
21:36:29.0724 12632 Browser - ok
21:36:29.0755 12632 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:36:29.0802 12632 Brserid - ok
21:36:29.0833 12632 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:36:29.0880 12632 BrSerWdm - ok
21:36:29.0880 12632 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:36:29.0911 12632 BrUsbMdm - ok
21:36:29.0927 12632 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:36:29.0942 12632 BrUsbSer - ok
21:36:29.0989 12632 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:36:30.0036 12632 BthEnum - ok
21:36:30.0067 12632 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
21:36:30.0114 12632 BTHMODEM - ok
21:36:30.0145 12632 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:36:30.0192 12632 BthPan - ok
21:36:30.0254 12632 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:36:30.0317 12632 BTHPORT - ok
21:36:30.0348 12632 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:36:30.0410 12632 bthserv - ok
21:36:30.0426 12632 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:36:30.0442 12632 BTHUSB - ok
21:36:30.0504 12632 [ F8CFAFBD5BF8B3DDB0D3C2943A5AF8CE ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
21:36:30.0551 12632 BTWAMPFL - ok
21:36:30.0566 12632 [ 44770A3C07EBD5D6D7CD7DBA915B49BC ] btwaudio C:\windows\system32\drivers\btwaudio.sys
21:36:30.0582 12632 btwaudio - ok
21:36:30.0598 12632 [ 75B59923087AE6EB064D13D8F58A02B6 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
21:36:30.0613 12632 btwavdt - ok
21:36:30.0722 12632 [ E1C1BCC8211E3AE2B524DEEF071FAF2A ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
21:36:30.0738 12632 btwdins - ok
21:36:30.0785 12632 [ E06FE51893B481A200214760C0DE2621 ] BTWDPAN C:\windows\system32\DRIVERS\btwdpan.sys
21:36:30.0785 12632 BTWDPAN - ok
21:36:30.0800 12632 [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
21:36:30.0816 12632 btwl2cap - ok
21:36:30.0847 12632 [ 9555E15F828760341751E9183BD34E60 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
21:36:30.0847 12632 btwrchid - ok
21:36:30.0925 12632 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:36:31.0019 12632 cdfs - ok
21:36:31.0034 12632 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:36:31.0066 12632 cdrom - ok
21:36:31.0097 12632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:36:31.0190 12632 CertPropSvc - ok
21:36:31.0206 12632 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
21:36:31.0222 12632 circlass - ok
21:36:31.0253 12632 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:36:31.0268 12632 CLFS - ok
21:36:31.0331 12632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:31.0346 12632 clr_optimization_v2.0.50727_32 - ok
21:36:31.0393 12632 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:36:31.0409 12632 clr_optimization_v2.0.50727_64 - ok
21:36:31.0456 12632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:31.0456 12632 clr_optimization_v4.0.30319_32 - ok
21:36:31.0487 12632 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:36:31.0487 12632 clr_optimization_v4.0.30319_64 - ok
21:36:31.0518 12632 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
21:36:31.0534 12632 clwvd - ok
21:36:31.0565 12632 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:36:31.0596 12632 CmBatt - ok
21:36:31.0612 12632 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:36:31.0643 12632 cmdide - ok
21:36:31.0674 12632 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
21:36:31.0721 12632 CNG - ok
21:36:31.0752 12632 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
21:36:31.0768 12632 Compbatt - ok
21:36:31.0783 12632 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
21:36:31.0830 12632 CompositeBus - ok
21:36:31.0830 12632 COMSysApp - ok
21:36:31.0861 12632 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
21:36:31.0877 12632 crcdisk - ok
21:36:31.0924 12632 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
21:36:31.0939 12632 CryptSvc - ok
21:36:32.0002 12632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:36:32.0080 12632 DcomLaunch - ok
21:36:32.0111 12632 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:36:32.0142 12632 defragsvc - ok
21:36:32.0173 12632 [ FFD82C1C4ABB5B0859EB081664DBDA11 ] DelayMan C:\windows\system32\DRIVERS\delayman.sys
21:36:32.0204 12632 DelayMan - ok
21:36:32.0236 12632 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:36:32.0314 12632 DfsC - ok
21:36:32.0345 12632 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:36:32.0360 12632 Dhcp - ok
21:36:32.0392 12632 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:36:32.0485 12632 discache - ok
21:36:32.0516 12632 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
21:36:32.0532 12632 Disk - ok
21:36:32.0563 12632 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:36:32.0579 12632 Dnscache - ok
21:36:32.0610 12632 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:36:32.0657 12632 dot3svc - ok
21:36:32.0672 12632 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:36:32.0704 12632 DPS - ok
21:36:32.0750 12632 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:36:32.0797 12632 drmkaud - ok
21:36:32.0828 12632 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:36:32.0844 12632 DXGKrnl - ok
21:36:32.0875 12632 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:36:32.0922 12632 EapHost - ok
21:36:33.0016 12632 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
21:36:33.0203 12632 ebdrv - ok
21:36:33.0234 12632 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
21:36:33.0265 12632 EFS - ok
21:36:33.0343 12632 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:36:33.0390 12632 ehRecvr - ok
21:36:33.0406 12632 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:36:33.0421 12632 ehSched - ok
21:36:33.0468 12632 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
21:36:33.0484 12632 elxstor - ok
21:36:33.0499 12632 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:36:33.0515 12632 ErrDev - ok
21:36:33.0562 12632 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:36:33.0608 12632 EventSystem - ok
21:36:33.0655 12632 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:36:33.0718 12632 exfat - ok
21:36:33.0733 12632 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:36:33.0842 12632 fastfat - ok
21:36:33.0874 12632 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:36:33.0889 12632 Fax - ok
21:36:33.0905 12632 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\windows\system32\drivers\fbfmon.sys
21:36:33.0920 12632 fbfmon - ok
21:36:33.0936 12632 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
21:36:33.0967 12632 fdc - ok
21:36:33.0983 12632 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:36:34.0014 12632 fdPHost - ok
21:36:34.0030 12632 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:36:34.0076 12632 FDResPub - ok
21:36:34.0092 12632 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:36:34.0108 12632 FileInfo - ok
21:36:34.0108 12632 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:36:34.0139 12632 Filetrace - ok
21:36:34.0170 12632 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
21:36:34.0186 12632 flpydisk - ok
21:36:34.0201 12632 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:36:34.0217 12632 FltMgr - ok
21:36:34.0248 12632 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
21:36:34.0279 12632 FontCache - ok
21:36:34.0326 12632 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:36:34.0342 12632 FontCache3.0.0.0 - ok
21:36:34.0373 12632 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:36:34.0388 12632 FsDepends - ok
21:36:34.0435 12632 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:36:34.0466 12632 Fs_Rec - ok
21:36:34.0482 12632 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:36:34.0498 12632 fvevol - ok
21:36:34.0529 12632 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
21:36:34.0544 12632 gagp30kx - ok
21:36:34.0591 12632 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
21:36:34.0638 12632 gpsvc - ok
21:36:34.0685 12632 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:34.0700 12632 gupdate - ok
21:36:34.0716 12632 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:34.0732 12632 gupdatem - ok
21:36:34.0778 12632 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:36:34.0794 12632 gusvc - ok
21:36:34.0810 12632 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:36:34.0825 12632 hcw85cir - ok
21:36:34.0856 12632 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:36:34.0872 12632 HdAudAddService - ok
21:36:34.0903 12632 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:36:34.0950 12632 HDAudBus - ok
21:36:34.0966 12632 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
21:36:34.0997 12632 HidBatt - ok
21:36:35.0012 12632 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
21:36:35.0044 12632 HidBth - ok
21:36:35.0075 12632 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
21:36:35.0090 12632 HidIr - ok
21:36:35.0106 12632 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
21:36:35.0137 12632 hidserv - ok
21:36:35.0184 12632 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:36:35.0231 12632 HidUsb - ok
21:36:35.0278 12632 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:36:35.0356 12632 hkmsvc - ok
21:36:35.0371 12632 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:36:35.0402 12632 HomeGroupListener - ok
21:36:35.0434 12632 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:36:35.0465 12632 HomeGroupProvider - ok
21:36:35.0496 12632 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:36:35.0512 12632 HpSAMD - ok
21:36:35.0543 12632 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:36:35.0605 12632 HTTP - ok
21:36:35.0621 12632 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:36:35.0636 12632 hwpolicy - ok
21:36:35.0668 12632 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:36:35.0683 12632 i8042prt - ok
21:36:35.0730 12632 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:36:35.0761 12632 iaStor - ok
21:36:35.0824 12632 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:36:35.0839 12632 IAStorDataMgrSvc - ok
21:36:35.0870 12632 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:36:35.0902 12632 iaStorV - ok
21:36:35.0980 12632 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:36:36.0026 12632 idsvc - ok
21:36:36.0292 12632 [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
21:36:36.0635 12632 igfx - ok
21:36:36.0666 12632 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
21:36:36.0682 12632 iirsp - ok
21:36:36.0713 12632 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
21:36:36.0775 12632 IKEEXT - ok
21:36:36.0884 12632 [ 1CE438B31551746AB450D8FFA403BDB5 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
21:36:36.0931 12632 IntcAzAudAddService - ok
21:36:36.0994 12632 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
21:36:37.0040 12632 IntcDAud - ok
21:36:37.0056 12632 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
21:36:37.0072 12632 intelide - ok
21:36:37.0103 12632 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:36:37.0118 12632 intelppm - ok
21:36:37.0165 12632 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:36:37.0274 12632 IPBusEnum - ok
21:36:37.0306 12632 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:36:37.0337 12632 IpFilterDriver - ok
21:36:37.0384 12632 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:36:37.0446 12632 iphlpsvc - ok
21:36:37.0462 12632 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:36:37.0493 12632 IPMIDRV - ok
21:36:37.0508 12632 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:36:37.0571 12632 IPNAT - ok
21:36:37.0586 12632 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:36:37.0618 12632 IRENUM - ok
21:36:37.0633 12632 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:36:37.0649 12632 isapnp - ok
21:36:37.0664 12632 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:36:37.0680 12632 iScsiPrt - ok
21:36:37.0727 12632 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
21:36:37.0758 12632 JMCR - ok
21:36:37.0789 12632 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
21:36:37.0805 12632 k57nd60a - ok
21:36:37.0836 12632 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:36:37.0852 12632 kbdclass - ok
21:36:37.0867 12632 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:36:37.0883 12632 kbdhid - ok
21:36:37.0898 12632 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
21:36:37.0914 12632 KeyIso - ok
21:36:37.0945 12632 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:36:37.0961 12632 KSecDD - ok
21:36:37.0961 12632 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:36:37.0976 12632 KSecPkg - ok
21:36:38.0008 12632 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:36:38.0054 12632 ksthunk - ok
21:36:38.0070 12632 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:36:38.0117 12632 KtmRm - ok
21:36:38.0148 12632 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
21:36:38.0195 12632 LanmanServer - ok
21:36:38.0226 12632 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:36:38.0257 12632 LanmanWorkstation - ok
21:36:38.0288 12632 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
21:36:38.0320 12632 LHDmgr - ok
21:36:38.0351 12632 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:36:38.0398 12632 lltdio - ok
21:36:38.0429 12632 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:36:38.0476 12632 lltdsvc - ok
21:36:38.0491 12632 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:36:38.0569 12632 lmhosts - ok
21:36:38.0600 12632 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:36:38.0616 12632 LMS - ok
21:36:38.0647 12632 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
21:36:38.0663 12632 LSI_FC - ok
21:36:38.0678 12632 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
21:36:38.0694 12632 LSI_SAS - ok
21:36:38.0694 12632 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
21:36:38.0710 12632 LSI_SAS2 - ok
21:36:38.0710 12632 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
21:36:38.0725 12632 LSI_SCSI - ok
21:36:38.0756 12632 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:36:38.0803 12632 luafv - ok
21:36:38.0819 12632 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:36:38.0850 12632 Mcx2Svc - ok
21:36:38.0850 12632 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
21:36:38.0866 12632 megasas - ok
21:36:38.0897 12632 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
21:36:38.0959 12632 MegaSR - ok
21:36:38.0959 12632 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
21:36:38.0975 12632 MEIx64 - ok
21:36:39.0006 12632 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:36:39.0037 12632 MMCSS - ok
21:36:39.0053 12632 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:36:39.0100 12632 Modem - ok
21:36:39.0115 12632 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:36:39.0162 12632 monitor - ok
21:36:39.0193 12632 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:36:39.0193 12632 mouclass - ok
21:36:39.0224 12632 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:36:39.0240 12632 mouhid - ok
21:36:39.0271 12632 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:36:39.0287 12632 mountmgr - ok
21:36:39.0318 12632 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
21:36:39.0334 12632 mpio - ok
21:36:39.0334 12632 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:36:39.0365 12632 mpsdrv - ok
21:36:39.0412 12632 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:36:39.0474 12632 MpsSvc - ok
21:36:39.0474 12632 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:36:39.0505 12632 MRxDAV - ok
21:36:39.0521 12632 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:36:39.0536 12632 mrxsmb - ok
21:36:39.0568 12632 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:36:39.0583 12632 mrxsmb10 - ok
21:36:39.0599 12632 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:36:39.0614 12632 mrxsmb20 - ok
21:36:39.0630 12632 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:36:39.0646 12632 msahci - ok
21:36:39.0661 12632 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:36:39.0677 12632 msdsm - ok
21:36:39.0692 12632 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:36:39.0708 12632 MSDTC - ok
21:36:39.0755 12632 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:36:39.0786 12632 Msfs - ok
21:36:39.0833 12632 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:36:39.0911 12632 mshidkmdf - ok
21:36:39.0911 12632 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:36:39.0926 12632 msisadrv - ok
21:36:39.0942 12632 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:36:39.0973 12632 MSiSCSI - ok
21:36:39.0973 12632 msiserver - ok
21:36:39.0989 12632 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:36:40.0036 12632 MSKSSRV - ok
21:36:40.0067 12632 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:36:40.0129 12632 MSPCLOCK - ok
21:36:40.0160 12632 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:36:40.0207 12632 MSPQM - ok
21:36:40.0254 12632 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:36:40.0285 12632 MsRPC - ok
21:36:40.0301 12632 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:36:40.0316 12632 mssmbios - ok
21:36:40.0316 12632 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:36:40.0363 12632 MSTEE - ok
21:36:40.0363 12632 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
21:36:40.0379 12632 MTConfig - ok
21:36:40.0394 12632 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:36:40.0410 12632 Mup - ok
21:36:40.0441 12632 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
21:36:40.0488 12632 napagent - ok
21:36:40.0519 12632 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:36:40.0550 12632 NativeWifiP - ok
21:36:40.0597 12632 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
21:36:40.0644 12632 NDIS - ok
21:36:40.0660 12632 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:36:40.0691 12632 NdisCap - ok
21:36:40.0722 12632 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:36:40.0800 12632 NdisTapi - ok
21:36:40.0816 12632 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:36:40.0862 12632 Ndisuio - ok
21:36:40.0878 12632 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:36:40.0925 12632 NdisWan - ok
21:36:40.0956 12632 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:36:40.0987 12632 NDProxy - ok
21:36:41.0018 12632 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:36:41.0065 12632 NetBIOS - ok
21:36:41.0081 12632 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:36:41.0112 12632 NetBT - ok
21:36:41.0143 12632 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
21:36:41.0143 12632 Netlogon - ok
21:36:41.0174 12632 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:36:41.0221 12632 Netman - ok
21:36:41.0252 12632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:41.0268 12632 NetMsmqActivator - ok
21:36:41.0268 12632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:41.0284 12632 NetPipeActivator - ok
21:36:41.0315 12632 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:36:41.0362 12632 netprofm - ok
21:36:41.0393 12632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:41.0393 12632 NetTcpActivator - ok
21:36:41.0393 12632 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:41.0408 12632 NetTcpPortSharing - ok
21:36:41.0455 12632 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
21:36:41.0502 12632 nfrd960 - ok
21:36:41.0549 12632 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
21:36:41.0596 12632 NlaSvc - ok
21:36:41.0627 12632 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:36:41.0689 12632 Npfs - ok
21:36:41.0705 12632 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:36:41.0736 12632 nsi - ok
21:36:41.0752 12632 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:36:41.0798 12632 nsiproxy - ok
21:36:41.0861 12632 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:36:41.0939 12632 Ntfs - ok
21:36:41.0970 12632 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:36:42.0017 12632 Null - ok
21:36:42.0048 12632 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
21:36:42.0064 12632 nusb3hub - ok
21:36:42.0079 12632 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
21:36:42.0095 12632 nusb3xhc - ok
21:36:42.0376 12632 [ E56852A3743C2FBC46C9AF4B687522CA ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
21:36:42.0516 12632 nvlddmkm - ok
21:36:42.0578 12632 [ D38952A15D728EB5AC9C6618A65FDFDE ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
21:36:42.0594 12632 nvpciflt - ok
21:36:42.0625 12632 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
21:36:42.0656 12632 nvraid - ok
21:36:42.0688 12632 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
21:36:42.0703 12632 nvstor - ok
21:36:42.0750 12632 [ DD9AC38BD31D8ADBC3138BD868B52289 ] NVSvc C:\windows\system32\nvvsvc.exe
21:36:42.0797 12632 NVSvc - ok
21:36:42.0906 12632 [ 7C804B02415A58B0C01E79DA44BE2E32 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:36:42.0953 12632 nvUpdatusService - ok
21:36:42.0968 12632 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:36:42.0984 12632 nv_agp - ok
21:36:43.0000 12632 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:36:43.0031 12632 ohci1394 - ok
21:36:43.0046 12632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:36:43.0078 12632 p2pimsvc - ok
21:36:43.0093 12632 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:36:43.0109 12632 p2psvc - ok
21:36:43.0140 12632 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
21:36:43.0156 12632 Parport - ok
21:36:43.0171 12632 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
21:36:43.0187 12632 partmgr - ok
21:36:43.0202 12632 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:36:43.0234 12632 PcaSvc - ok
21:36:43.0265 12632 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
21:36:43.0280 12632 pci - ok
21:36:43.0296 12632 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
21:36:43.0312 12632 pciide - ok
21:36:43.0327 12632 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
21:36:43.0343 12632 pcmcia - ok
21:36:43.0390 12632 [ 362D3DE9C7E7E87665F3C8E0EE3F27B6 ] PCSUService C:\Program Files (x86)\PC Speed Up\PCSUService.exe
21:36:43.0405 12632 PCSUService - ok
21:36:43.0421 12632 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:36:43.0436 12632 pcw - ok
21:36:43.0452 12632 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:36:43.0514 12632 PEAUTH - ok
21:36:43.0608 12632 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:36:43.0686 12632 PerfHost - ok
21:36:43.0733 12632 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
21:36:43.0795 12632 pla - ok
21:36:43.0842 12632 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:36:43.0873 12632 PlugPlay - ok
21:36:43.0889 12632 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:36:43.0920 12632 PNRPAutoReg - ok
21:36:43.0936 12632 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:36:43.0936 12632 PNRPsvc - ok
21:36:43.0967 12632 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:36:44.0045 12632 PolicyAgent - ok
21:36:44.0076 12632 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:36:44.0107 12632 Power - ok
21:36:44.0138 12632 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:36:44.0201 12632 PptpMiniport - ok
21:36:44.0216 12632 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
21:36:44.0232 12632 Processor - ok
21:36:44.0263 12632 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
21:36:44.0279 12632 ProfSvc - ok
21:36:44.0294 12632 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:36:44.0310 12632 ProtectedStorage - ok
21:36:44.0357 12632 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:36:44.0450 12632 Psched - ok
21:36:44.0528 12632 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
21:36:44.0575 12632 ql2300 - ok
21:36:44.0606 12632 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
21:36:44.0622 12632 ql40xx - ok
21:36:44.0638 12632 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:36:44.0669 12632 QWAVE - ok
21:36:44.0669 12632 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:36:44.0700 12632 QWAVEdrv - ok
21:36:44.0700 12632 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:36:44.0731 12632 RasAcd - ok
21:36:44.0762 12632 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:36:44.0794 12632 RasAgileVpn - ok
21:36:44.0825 12632 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:36:44.0856 12632 RasAuto - ok
21:36:44.0887 12632 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:36:44.0918 12632 Rasl2tp - ok
21:36:44.0950 12632 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
21:36:44.0996 12632 RasMan - ok
21:36:45.0012 12632 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:36:45.0059 12632 RasPppoe - ok
21:36:45.0074 12632 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:36:45.0121 12632 RasSstp - ok
21:36:45.0137 12632 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:36:45.0184 12632 rdbss - ok
21:36:45.0199 12632 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
21:36:45.0215 12632 rdpbus - ok
21:36:45.0230 12632 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:36:45.0262 12632 RDPCDD - ok
21:36:45.0293 12632 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:36:45.0324 12632 RDPENCDD - ok
21:36:45.0340 12632 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:36:45.0371 12632 RDPREFMP - ok
21:36:45.0386 12632 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:36:45.0418 12632 RDPWD - ok
21:36:45.0449 12632 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:36:45.0449 12632 rdyboost - ok
21:36:45.0496 12632 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:36:45.0558 12632 RemoteAccess - ok
21:36:45.0589 12632 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:36:45.0667 12632 RemoteRegistry - ok
21:36:45.0698 12632 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:36:45.0730 12632 RFCOMM - ok
21:36:45.0761 12632 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:36:45.0823 12632 RpcEptMapper - ok
21:36:45.0854 12632 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:36:45.0870 12632 RpcLocator - ok
21:36:45.0901 12632 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
21:36:45.0932 12632 RpcSs - ok
21:36:45.0964 12632 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:36:46.0042 12632 rspndr - ok
21:36:46.0057 12632 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
21:36:46.0073 12632 RTL8167 - ok
21:36:46.0104 12632 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
21:36:46.0120 12632 SamSs - ok
21:36:46.0120 12632 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:36:46.0135 12632 sbp2port - ok
21:36:46.0166 12632 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:36:46.0213 12632 SCardSvr - ok
21:36:46.0229 12632 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:36:46.0291 12632 scfilter - ok
21:36:46.0322 12632 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
21:36:46.0369 12632 Schedule - ok
21:36:46.0385 12632 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
21:36:46.0416 12632 SCPolicySvc - ok
21:36:46.0447 12632 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
21:36:46.0463 12632 sdbus - ok
21:36:46.0510 12632 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:36:46.0541 12632 SDRSVC - ok
21:36:46.0619 12632 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Lukas\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
21:36:46.0650 12632 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
21:36:46.0650 12632 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
21:36:46.0681 12632 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:36:46.0790 12632 secdrv - ok
21:36:46.0806 12632 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
21:36:46.0837 12632 seclogon - ok
21:36:46.0868 12632 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
21:36:46.0900 12632 SENS - ok
21:36:46.0931 12632 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:36:46.0978 12632 SensrSvc - ok
21:36:46.0978 12632 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
21:36:47.0009 12632 Serenum - ok
21:36:47.0040 12632 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
21:36:47.0071 12632 Serial - ok
21:36:47.0102 12632 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
21:36:47.0134 12632 sermouse - ok
21:36:47.0165 12632 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:36:47.0243 12632 SessionEnv - ok
21:36:47.0274 12632 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:36:47.0274 12632 sffdisk - ok
21:36:47.0290 12632 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:36:47.0305 12632 sffp_mmc - ok
21:36:47.0321 12632 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:36:47.0352 12632 sffp_sd - ok
21:36:47.0352 12632 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
21:36:47.0368 12632 sfloppy - ok
21:36:47.0414 12632 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:36:47.0446 12632 SharedAccess - ok
21:36:47.0492 12632 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:36:47.0570 12632 ShellHWDetection - ok
21:36:47.0617 12632 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
21:36:47.0648 12632 SiSRaid2 - ok
21:36:47.0664 12632 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
21:36:47.0680 12632 SiSRaid4 - ok
21:36:47.0711 12632 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:36:47.0711 12632 SkypeUpdate - ok
21:36:47.0742 12632 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:36:47.0820 12632 Smb - ok
21:36:47.0851 12632 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:36:47.0867 12632 SNMPTRAP - ok
21:36:47.0882 12632 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:36:47.0898 12632 spldr - ok
21:36:47.0914 12632 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
21:36:47.0929 12632 Spooler - ok
21:36:48.0038 12632 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
21:36:48.0179 12632 sppsvc - ok
21:36:48.0194 12632 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:36:48.0226 12632 sppuinotify - ok
21:36:48.0319 12632 [ 791227582A5070BD78B7E05285D13446 ] SProtection C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
21:36:48.0366 12632 SProtection - ok
21:36:48.0413 12632 [ 454800C2BC7F3927CE030141EE4F4C50 ] SPUVCbv C:\windows\system32\Drivers\usbvideo.sys
21:36:48.0460 12632 SPUVCbv - ok
21:36:48.0475 12632 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
21:36:48.0506 12632 srv - ok
21:36:48.0522 12632 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:36:48.0553 12632 srv2 - ok
21:36:48.0569 12632 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:36:48.0569 12632 srvnet - ok
21:36:48.0616 12632 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
21:36:48.0647 12632 ssadbus - ok
21:36:48.0678 12632 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
21:36:48.0709 12632 ssadmdfl - ok
21:36:48.0740 12632 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
21:36:48.0756 12632 ssadmdm - ok
21:36:48.0787 12632 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys
21:36:48.0850 12632 ssadserd - ok
21:36:48.0881 12632 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:36:48.0912 12632 SSDPSRV - ok
21:36:48.0928 12632 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:36:48.0959 12632 SstpSvc - ok
21:36:48.0974 12632 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
21:36:48.0974 12632 stexstor - ok
21:36:49.0021 12632 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
21:36:49.0068 12632 stisvc - ok
21:36:49.0099 12632 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:36:49.0115 12632 swenum - ok
21:36:49.0146 12632 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:36:49.0193 12632 swprv - ok
21:36:49.0224 12632 [ 126AE059261C9234CD697F441F2C85CA ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:36:49.0240 12632 SynTP - ok
21:36:49.0365 12632 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
21:36:49.0427 12632 SysMain - ok
21:36:49.0443 12632 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:36:49.0474 12632 TabletInputService - ok
21:36:49.0489 12632 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:36:49.0536 12632 TapiSrv - ok
21:36:49.0552 12632 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:36:49.0583 12632 TBS - ok
21:36:49.0630 12632 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:36:49.0677 12632 Tcpip - ok
21:36:49.0739 12632 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:36:49.0786 12632 TCPIP6 - ok
21:36:49.0817 12632 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:36:49.0833 12632 tcpipreg - ok
21:36:49.0848 12632 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:36:49.0879 12632 TDPIPE - ok
21:36:49.0926 12632 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:36:49.0926 12632 TDTCP - ok
21:36:49.0957 12632 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:36:50.0004 12632 tdx - ok
21:36:50.0004 12632 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:36:50.0020 12632 TermDD - ok
21:36:50.0067 12632 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
21:36:50.0160 12632 TermService - ok
21:36:50.0191 12632 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:36:50.0207 12632 Themes - ok
21:36:50.0223 12632 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:36:50.0254 12632 THREADORDER - ok
21:36:50.0285 12632 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:36:50.0332 12632 TrkWks - ok
21:36:50.0363 12632 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:36:50.0425 12632 TrustedInstaller - ok
21:36:50.0425 12632 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:36:50.0472 12632 tssecsrv - ok
21:36:50.0488 12632 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:36:50.0503 12632 TsUsbFlt - ok
21:36:50.0535 12632 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
21:36:50.0550 12632 TsUsbGD - ok
21:36:50.0566 12632 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:36:50.0597 12632 tunnel - ok
21:36:50.0613 12632 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
21:36:50.0628 12632 uagp35 - ok
21:36:50.0659 12632 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:36:50.0691 12632 udfs - ok
21:36:50.0722 12632 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:36:50.0769 12632 UI0Detect - ok
21:36:50.0800 12632 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:36:50.0831 12632 uliagpkx - ok
21:36:50.0862 12632 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:36:50.0893 12632 umbus - ok
21:36:50.0893 12632 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
21:36:50.0925 12632 UmPass - ok
21:36:51.0049 12632 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:36:51.0096 12632 UNS - ok
21:36:51.0127 12632 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:36:51.0190 12632 upnphost - ok
21:36:51.0221 12632 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:36:51.0252 12632 usbccgp - ok
21:36:51.0268 12632 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:36:51.0299 12632 usbcir - ok
21:36:51.0315 12632 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:36:51.0361 12632 usbehci - ok
21:36:51.0393 12632 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:36:51.0424 12632 usbhub - ok
21:36:51.0439 12632 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:36:51.0471 12632 usbohci - ok
21:36:51.0502 12632 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
21:36:51.0533 12632 usbprint - ok
21:36:51.0549 12632 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:36:51.0580 12632 USBSTOR - ok
21:36:51.0595 12632 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:36:51.0627 12632 usbuhci - ok
21:36:51.0658 12632 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:36:51.0673 12632 usbvideo - ok
21:36:51.0705 12632 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:36:51.0783 12632 UxSms - ok
21:36:51.0798 12632 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
21:36:51.0798 12632 VaultSvc - ok
21:36:51.0829 12632 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:36:51.0845 12632 vdrvroot - ok
21:36:51.0845 12632 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
21:36:51.0907 12632 vds - ok
21:36:51.0939 12632 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:36:51.0954 12632 vga - ok
21:36:51.0954 12632 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:36:52.0001 12632 VgaSave - ok
21:36:52.0017 12632 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:36:52.0032 12632 vhdmp - ok
21:36:52.0048 12632 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
21:36:52.0048 12632 viaide - ok
21:36:52.0079 12632 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:36:52.0079 12632 volmgr - ok
21:36:52.0095 12632 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:36:52.0110 12632 volmgrx - ok
21:36:52.0126 12632 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:36:52.0141 12632 volsnap - ok
21:36:52.0173 12632 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
21:36:52.0188 12632 vsmraid - ok
21:36:52.0391 12632 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
21:36:52.0453 12632 VSS - ok
21:36:52.0531 12632 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
21:36:52.0563 12632 vToolbarUpdater14.2.0 - ok
21:36:52.0578 12632 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:36:52.0594 12632 vwifibus - ok
21:36:52.0625 12632 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:36:52.0656 12632 vwififlt - ok
21:36:52.0687 12632 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
21:36:52.0703 12632 vwifimp - ok
21:36:52.0734 12632 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:36:52.0765 12632 W32Time - ok
21:36:52.0781 12632 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
21:36:52.0812 12632 WacomPen - ok
21:36:52.0843 12632 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
21:36:52.0859 12632 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
21:36:52.0859 12632 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
21:36:52.0890 12632 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:36:52.0937 12632 WANARP - ok
21:36:52.0953 12632 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:36:52.0968 12632 Wanarpv6 - ok
21:36:53.0046 12632 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:36:53.0093 12632 WatAdminSvc - ok
21:36:53.0171 12632 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
21:36:53.0233 12632 wbengine - ok
21:36:53.0249 12632 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:36:53.0265 12632 WbioSrvc - ok
21:36:53.0280 12632 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
21:36:53.0311 12632 wcncsvc - ok
21:36:53.0327 12632 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:36:53.0358 12632 WcsPlugInService - ok
21:36:53.0374 12632 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
21:36:53.0389 12632 Wd - ok
21:36:53.0421 12632 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:36:53.0436 12632 Wdf01000 - ok
21:36:53.0452 12632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:36:53.0483 12632 WdiServiceHost - ok
21:36:53.0483 12632 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:36:53.0499 12632 WdiSystemHost - ok
21:36:53.0530 12632 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
21:36:53.0608 12632 WebClient - ok
21:36:53.0623 12632 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:36:53.0686 12632 Wecsvc - ok
21:36:53.0717 12632 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:36:53.0764 12632 wercplsupport - ok
21:36:53.0779 12632 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:36:53.0811 12632 WerSvc - ok
21:36:53.0842 12632 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:36:53.0873 12632 WfpLwf - ok
21:36:53.0904 12632 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:36:53.0920 12632 WIMMount - ok
21:36:53.0935 12632 WinDefend - ok
21:36:53.0951 12632 WinHttpAutoProxySvc - ok
21:36:53.0982 12632 [ FEF576B25641012FA927B0A2703C51F9 ] winioex C:\windows\system32\drivers\winioex.sys
21:36:53.0998 12632 winioex - ok
21:36:54.0045 12632 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:36:54.0076 12632 Winmgmt - ok
21:36:54.0123 12632 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
21:36:54.0185 12632 WinRM - ok
21:36:54.0216 12632 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:36:54.0263 12632 WinUsb - ok
21:36:54.0310 12632 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:36:54.0357 12632 Wlansvc - ok
21:36:54.0403 12632 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:36:54.0419 12632 wlcrasvc - ok
21:36:54.0528 12632 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:54.0575 12632 wlidsvc - ok
21:36:54.0591 12632 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
21:36:54.0622 12632 WmiAcpi - ok
21:36:54.0653 12632 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:36:54.0669 12632 wmiApSrv - ok
21:36:54.0715 12632 WMPNetworkSvc - ok
21:36:54.0731 12632 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:36:54.0762 12632 WPCSvc - ok
21:36:54.0793 12632 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:36:54.0809 12632 WPDBusEnum - ok
21:36:54.0825 12632 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:36:54.0871 12632 ws2ifsl - ok
21:36:54.0903 12632 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
21:36:54.0934 12632 wscsvc - ok
21:36:54.0981 12632 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
21:36:55.0012 12632 WSDPrintDevice - ok
21:36:55.0012 12632 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
21:36:55.0043 12632 WSDScan - ok
21:36:55.0043 12632 WSearch - ok
21:36:55.0059 12632 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
21:36:55.0074 12632 wsvd - ok
21:36:55.0121 12632 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
21:36:55.0168 12632 wuauserv - ok
21:36:55.0199 12632 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:36:55.0215 12632 WudfPf - ok
21:36:55.0230 12632 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:36:55.0261 12632 WUDFRd - ok
21:36:55.0293 12632 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:36:55.0324 12632 wudfsvc - ok
21:36:55.0355 12632 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:36:55.0386 12632 WwanSvc - ok
21:36:55.0433 12632 ================ Scan global ===============================
21:36:55.0449 12632 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:36:55.0480 12632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
21:36:55.0495 12632 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
21:36:55.0511 12632 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:36:55.0527 12632 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:36:55.0527 12632 [Global] - ok
21:36:55.0527 12632 ================ Scan MBR ==================================
21:36:55.0542 12632 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:55.0839 12632 \Device\Harddisk0\DR0 - ok
21:36:55.0839 12632 ================ Scan VBR ==================================
21:36:55.0854 12632 [ 68AEA019A073F1357C7D0A3EDB4CC31A ] \Device\Harddisk0\DR0\Partition1
21:36:55.0854 12632 \Device\Harddisk0\DR0\Partition1 - ok
21:36:55.0885 12632 [ 0DAB0F723E359D50CDE78E929804A587 ] \Device\Harddisk0\DR0\Partition2
21:36:55.0885 12632 \Device\Harddisk0\DR0\Partition2 - ok
21:36:55.0917 12632 [ 149C32D3FC987105A187DEBD53CFD8D0 ] \Device\Harddisk0\DR0\Partition3
21:36:55.0932 12632 \Device\Harddisk0\DR0\Partition3 - ok
21:36:55.0932 12632 ============================================================
21:36:55.0932 12632 Scan finished
21:36:55.0932 12632 ============================================================
21:36:55.0948 3036 Detected object count: 2
21:36:55.0948 3036 Actual detected object count: 2
21:37:46.0445 3036 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:46.0445 3036 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:46.0445 3036 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:46.0445 3036 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 04.03.2013, 20:21   #14
markusg
/// Malware-holic
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 20:36   #15
Boinger
 
bprotect.exe und/oder werfault.exe blockieren Rechner - Standard

bprotect.exe und/oder werfault.exe blockieren Rechner



Hi,

eine Frage noch bevor ich Starte: was sind CODE-tags?

Tommy

Antwort

Themen zu bprotect.exe und/oder werfault.exe blockieren Rechner
ablaufen, adware.gameplaylab, adware.gameplaylabs, aktive, aktiven, anleitung, blockieren, dateien, durchgeführt, foxydeal, gefunde, komplette, kompletten, leitung, malwarebytes, praktisch, prozesse, pup.adbundle, pup.bundleinstaller.ib, pup.crossfire.sa, pup.installbrain, runtergeladen, thomas, vorgehensweise, wechsel, werfault.exe




Ähnliche Themen: bprotect.exe und/oder werfault.exe blockieren Rechner


  1. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  2. AVG lässt sich nicht öffnen oder deinstallieren (Gruppenrichtlinien blockieren) , brauche Anweisung was zu tun ist
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (17)
  3. Fenster Blinken, Maus lädt ständig und im Task Manager gehe die Anwendungen WerFault.exe, wermgr.exe, bcmwltry.exe an und aus
    Log-Analyse und Auswertung - 06.12.2014 (11)
  4. Gruppenrichtlinien blockieren Avira
    Plagegeister aller Art und deren Bekämpfung - 11.09.2014 (35)
  5. Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (38)
  6. Windows-Firewall und/oder Avira blockieren Download vom Game-Server
    Antiviren-, Firewall- und andere Schutzprogramme - 01.07.2014 (26)
  7. WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft
    Log-Analyse und Auswertung - 05.06.2014 (12)
  8. Virenfund beim Öffnen von Werfault.exe
    Log-Analyse und Auswertung - 07.02.2014 (5)
  9. adware bprotect
    Log-Analyse und Auswertung - 10.09.2013 (4)
  10. Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (21)
  11. GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer
    Log-Analyse und Auswertung - 22.01.2013 (31)
  12. svchost.exe(n) blockieren das Internet
    Log-Analyse und Auswertung - 03.04.2012 (27)
  13. Bluescreen = WerFault.exe
    Alles rund um Windows - 11.01.2012 (4)
  14. Habe ich einen Virus oder Malware oder sonstiges auf dem Rechner?
    Log-Analyse und Auswertung - 15.08.2010 (23)
  15. WERFAULT.exe schließen oder entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 15.05.2010 (0)
  16. Unter Windows 7 werfault.exe oder wermgr.exe Fehler
    Plagegeister aller Art und deren Bekämpfung - 04.01.2010 (0)
  17. WerFault.exe - Dunkles Windows-Geheimnis?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2009 (4)

Zum Thema bprotect.exe und/oder werfault.exe blockieren Rechner - Hallo, ich habe das Problem, dass mein Rechner laufend aus einem aktiven Fenster, in dem ich z.B. gerade etwas schreibe, in ein anders wechselt. Ich habe daraufhin in den aktiven - bprotect.exe und/oder werfault.exe blockieren Rechner...
Archiv
Du betrachtest: bprotect.exe und/oder werfault.exe blockieren Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.