Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BSOD-Maustreiber oder doch Virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.04.2013, 13:21   #1
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Hallo aus Wien,
darf ich mich mit folgendem Problem an Sie wenden?
Gegen Jahreswechsel 2012/13 hab ich mir einen neuen Laptop zugelegt, Windows 8 war vorinstalliert, 64 bit Version.
Prozessor ist AMD E1-1200 APU, Grafikkarte Radeon HD, Arbeitsspeicher 4GB.
Von Anfang an verwende ich statt des touchpad eine Microsoft wireless 2000 mouse.
Schon kurz nach Inbetriebnahme sind die ersten bluescreens aufgetreten.
Ich hatte den Eindruck, die Abstürze sind immer bei Betätigen der Maus erfolgt.
Da habe ich bemerkt, daß im Gerätemanager ein 2006-er Treiber , der offenbar allgemein für x beliebige Mäuse installiert ist, angezeigt war. Ich habe mir den aktuellen Treiber von Microsoft für wireless 2000 installiert, und danach war das Problem behoben.
Seit ein paar Tagen treten wieder bluescreens auf, und diesmal weiß ich nicht weiter. Immer noch habe ich den Eindruck, daß die crashes nach Mauseinsätzen auftreten.
Wie kann ich systematisch weiter vorgehen, um den Fehler - oder doch einen Virus - zu finden?
Herzlichen Dank im voraus und Grüße aus Ö
Christoph

PS minidumps sind noch alle vorhanden

Alt 24.04.2013, 15:26   #2
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Wir kümmern uns in diesem Teil des Forum ausschließlich um die Bereinigung von Malware (Viren, Trojaner, Rootkits, Malware, Adware, etc.).
Gerne können wir uns deinen Rechner ansehen. Da es sich um Windows 8 handelt, stehen uns leider nicht alle Tools zur Verfügung. Ggf. passen die Anleitungen nicht zu 100% für Windows 8. Wenn dies so ist, so kannst du mir gerne Bescheid geben.


Mal schaun, ob wir was finden:




Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________

__________________

Alt 24.04.2013, 16:15   #3
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Erst einmal herzlichen Dank für die rasche Antwort!
Hier sind erst einmal die beiden otl-Dateien:
Code:
ATTFilter
OTL logfile created on: 24.04.2013 16:51:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hrl\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,53% Memory free
7,21 Gb Paging File | 6,12 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,69 Gb Total Space | 373,20 Gb Free Space | 82,81% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe
PRC - [2013.02.20 08:28:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.08.06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.08.02 11:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.29 18:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013.01.29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 05:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 09:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 09:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.08.31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012.08.29 09:35:13 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.08.29 09:34:03 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.08.29 09:34:03 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012.08.08 23:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.08.02 12:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.08.02 10:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.01 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 06:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 06:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.23 23:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.07.23 23:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.07.17 18:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.07.04 00:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012.06.19 04:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.06.13 07:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=B8EE689423C4168E
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013.04.01 16:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.11 12:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
[2013.03.29 18:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-919890997-1340977237-2831244317-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - Startup: C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AA41483-FA8E-46C2-8D04-2E5D75E7DC76}: DhcpNameServer = 192.168.0.1 213.33.99.70 80.120.17.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8366D461-FAD5-4D41-89CD-7A97D05A5460}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012.09.05 05:18:38 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2012.08.31 09:41:57 | 000,048,902 | R--- | M] () - E:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2012.09.05 05:18:36 | 000,000,124 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.24 16:48:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe
[2013.04.23 18:29:23 | 000,000,000 | ---D | C] -- C:\Maustreiber
[2013.04.23 17:43:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.20 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\wienfuchs
[2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Temp
[2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Configuration
[2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Backup Tickets
[2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photosketch Demo V3.0
[2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Photosketch
[2013.04.16 19:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SWOS-Total Pack
[2013.04.16 19:00:20 | 000,000,000 | ---D | C] -- C:\games
[2013.04.11 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Blender Foundation
[2013.04.07 07:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2013.04.05 17:12:13 | 000,000,000 | ---D | C] -- C:\000
[2013.04.02 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2013.04.01 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM12_temp
[2013.04.01 17:53:28 | 000,000,000 | ---D | C] -- C:\FIFA 13
[2013.04.01 17:03:27 | 000,000,000 | ---D | C] -- C:\FIFA_Creation_Studio_13_Basic_13.0.3
[2013.04.01 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013.04.01 16:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.04.01 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\PutLockerDownloader
[2013.04.01 16:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader
[2013.04.01 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Mozilla
[2013.04.01 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
[2013.04.01 16:44:35 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM13_temp
[2013.04.01 16:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa Master 12
[2013.04.01 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModdingWay
[2013.03.31 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\FaceGen
[2013.03.31 18:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceShopPro
[2013.03.31 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pantomat
[2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder
[2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder
[2013.03.30 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM10_temp
[2013.03.30 08:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fifa Master
[2013.03.29 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Origin
[2013.03.29 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.03.29 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.03.29 18:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Downloaded Installations
[2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.29 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.29 18:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.29 18:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.29 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Babylon
[2013.03.29 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 10
[2013.03.29 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 11
[2013.03.28 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.03.28 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 09
[2013.03.28 19:51:36 | 000,000,000 | RH-D | C] -- C:\Users\Hrl\AppData\Roaming\SecuROM
[2013.03.28 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 2005
[2013.03.25 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\DOSBox
[2013.03.25 17:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe
[2013.04.24 16:43:32 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.24 16:43:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.24 15:33:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.23 08:01:24 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 08:01:24 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.23 08:01:24 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.23 08:01:24 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.23 08:01:24 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 07:56:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.23 07:56:35 | 376,586,357 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.23 07:56:30 | 3082,186,752 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 07:55:26 | 000,001,960 | ---- | M] () -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk
[2013.04.20 11:16:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHrl.job
[2013.04.19 15:43:59 | 001,530,086 | ---- | M] () -- C:\Users\Hrl\Documents\büchel.skp
[2013.04.18 18:22:33 | 000,003,904 | -H-- | M] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini
[2013.04.16 19:03:57 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk
[2013.04.13 09:45:20 | 000,001,097 | ---- | M] () -- C:\Users\Hrl\Desktop\Das Fussball Studio.lnk
[2013.04.07 07:57:51 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013.04.06 06:07:13 | 000,001,269 | ---- | M] () -- C:\Users\Hrl\Desktop\CM 12.lnk
[2013.04.02 18:19:15 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013.04.01 17:04:42 | 000,001,274 | ---- | M] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk
[2013.04.01 16:41:53 | 000,001,221 | ---- | M] () -- C:\Users\Hrl\Desktop\FileM 12.lnk
[2013.04.01 16:41:36 | 000,001,197 | ---- | M] () -- C:\Users\Hrl\Desktop\DBM 12.lnk
[2013.03.31 19:08:23 | 000,010,539 | ---- | M] () -- C:\Users\Hrl\Documents\1.png
[2013.03.31 19:03:53 | 000,009,701 | ---- | M] () -- C:\Users\Hrl\Documents\aba.fg
[2013.03.29 20:37:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.29 20:25:49 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini
[2013.03.29 18:23:19 | 000,002,060 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013.03.27 07:22:47 | 000,320,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.19 15:43:59 | 001,525,476 | ---- | C] () -- C:\Users\Hrl\Documents\büchel.skb
[2013.04.18 18:22:33 | 000,003,904 | -H-- | C] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini
[2013.04.16 19:03:57 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk
[2013.04.07 07:57:51 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013.04.06 10:09:56 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2013.04.06 06:07:13 | 000,001,269 | ---- | C] () -- C:\Users\Hrl\Desktop\CM 12.lnk
[2013.04.02 18:19:15 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013.04.01 17:04:42 | 000,001,274 | ---- | C] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk
[2013.04.01 16:41:53 | 000,001,221 | ---- | C] () -- C:\Users\Hrl\Desktop\FileM 12.lnk
[2013.04.01 16:41:36 | 000,001,197 | ---- | C] () -- C:\Users\Hrl\Desktop\DBM 12.lnk
[2013.03.31 19:08:22 | 000,010,539 | ---- | C] () -- C:\Users\Hrl\Documents\1.png
[2013.03.31 19:03:53 | 000,009,701 | ---- | C] () -- C:\Users\Hrl\Documents\aba.fg
[2013.03.29 20:37:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.29 18:20:46 | 000,002,060 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013.03.29 15:45:09 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2013.02.14 09:18:37 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.02.03 19:20:48 | 000,000,269 | ---- | C] () -- C:\Users\Hrl\.octave_hist
[2013.02.03 10:07:01 | 000,000,868 | ---- | C] () -- C:\Users\Hrl\AppData\Local\recently-used.xbel
[2013.01.05 14:54:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.08.20 20:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.02 10:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.08.02 10:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2011.09.13 04:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2012.08.20 20:51:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2013 16:51:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hrl\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,53% Memory free
7,21 Gb Paging File | 6,12 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,69 Gb Total Space | 373,20 Gb Free Space | 82,81% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9DCA90-94F1-4F7C-B926-53425E05BCEE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{28BE1BA6-9E49-43ED-9240-67C2DDDBCB20}" = rport=137 | protocol=17 | dir=out | app=system | 
"{372B2882-3DB6-4582-B0B8-94419BCD7705}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4DF403AA-63DD-4631-82B8-172A00075055}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6371972F-FD04-4380-AB1B-D5C89647608C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7D707C2B-66F3-49A3-B3A5-F1E752F23730}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A7D1084C-DC6D-43E3-BDFE-3F2420CC6D77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B2901653-8BD3-4B50-9C4A-C49B9789C1AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3ECBF8D-242F-4369-A4C2-AAB34ADA6483}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C89240F7-A358-4D26-B8A8-9A46A27D7FBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D479AA52-9847-4EB0-BC8B-09017648001C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E915AB00-A3F1-4AA6-A7E1-8BA028440E7A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E978E9A0-CA90-4689-AC35-EA3DDD08710F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F843D29C-AE2C-4953-80D0-A41D03BD1294}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F020E-F751-4BA1-AA3D-CE9DA6F7F44E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{03BBDF1C-4766-4E9B-A8B0-5D4874CB6B3D}" = protocol=6 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe | 
"{0505E55B-81E9-49CB-BCC3-21F15FFA25E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{065C6EDB-D432-43C4-92AE-983366CA597A}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{085BD021-3284-40E3-B411-05AF6229B1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"{0878202E-1313-4036-9D33-EB2DE2373B89}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"{15CF9A0B-9F8B-44CE-8A02-42A56B2BE232}" = dir=out | name=getting started with windows 8 | 
"{15EDF370-A169-4BA5-A9F5-C9778DAF5653}" = dir=out | name=ebay | 
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | 
"{1CE5F3FD-C5AF-44F1-93B4-9DFA7AA3868F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{1D145B11-FA39-4220-8813-CC1BDF107C0A}" = dir=in | name=kindle | 
"{1D71000A-A704-4878-A740-4FEA917BCACC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2B8A66FE-5B03-4319-85E7-AFAEFE11A7CC}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{3253464F-1DEB-48E1-A5E1-C85ADAC6A76A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"{32ABBA5C-45AC-41DF-A1C4-157F93910978}" = dir=out | name=kindle | 
"{3CF5B02B-BEC6-4E26-9D22-55672E4E394B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{44E69452-D0F6-4C11-99FB-D632FAE2E1B0}" = dir=out | name=hp registration | 
"{46EFF4D3-F7C1-437F-B11E-F07F2C99CE98}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{491EEF38-A02E-40A8-B8F9-39B88A3D0194}" = dir=out | name=norton studio | 
"{51FBA43D-26DB-419F-B408-952E06B226BA}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{53222944-180D-4AE8-8C8B-8DE3304AC5E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5D2F28CB-FBCF-4826-8948-F1F979755387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{5FDD5E75-A5EA-4924-BC32-3414B75730EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6403A10B-4EAE-4783-9932-490312223085}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{752E46C7-B1FA-46D1-BC6E-6E49143FF346}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7E741563-8C40-4B77-BB74-2B813CB0384D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{82C0D8CD-7B8D-4A01-B74E-9DA90AE8000F}" = dir=out | name=hp connected photo powered by snapfish | 
"{82EF04DF-3D6C-4D13-9407-CA51EFC17CA6}" = dir=in | name=ebay | 
"{8370EB6F-64E4-40A9-9093-EAB4FB6270A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8468B233-D95F-4688-A6ED-2ED33D446E88}" = dir=out | name=skype | 
"{85C46F73-7EC9-48E6-A7F7-5E2FA8477735}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8CC9B20F-5F4E-4555-A5F1-D68860A73D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{8F3D5532-A371-4EE5-BB85-754B94DC12B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe | 
"{9002D236-6A69-4E2B-BA72-2EB24ABC4517}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9582728C-9537-4130-A13A-E029C198CA4F}" = protocol=6 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe | 
"{95A2DCFE-C77D-4193-B8BF-6B43F64E55B4}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C73D7F0-418E-45C5-8E5E-3A2DE9883F9C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{9CD70374-F221-487E-812F-0A1CE47F7CF0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A296A1A2-BB6A-45C6-ADDB-3D4C40B3DD57}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{A87BD2DA-A780-4E5A-882C-FF1F2A0AB077}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA1CABE1-F9C0-49E6-AD13-D51EF66B0C11}" = protocol=17 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe | 
"{B39174C0-4639-4049-A4EC-B687EA845056}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{B96D8107-3864-4483-8815-5ABD260E151D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe | 
"{C4C3F9ED-4F35-4B00-AB03-682D6B65DCE0}" = protocol=17 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe | 
"{CA55B394-8FD4-4594-B317-6E9CF198A744}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{CF897716-81AA-4A6F-89C6-60D523B63653}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{D13E357E-EDB4-4B53-BE51-9B41394E027C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D300F09B-9C6F-4344-A544-A3C62A1323FE}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D5EBE7EF-55ED-4ADF-8AC3-A1E8277735B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D609A076-F719-42F6-BDE4-6AA63C9C6329}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{D6AE7093-3B4C-46CD-96C1-887DA1FDF6DD}" = dir=in | name=skype | 
"{D6C45A34-6ECA-4E90-A668-97F58AC69606}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E0A18A3C-1D10-43E1-9B5C-56A9626DD5A5}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{E52DE610-063F-4F26-8316-C457B2A19EAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8CF42A2-A934-440C-B8E1-EA86C1F34B26}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{EA05C822-D9E7-4A7A-BC8D-6A943FB3F182}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{ED7C903F-0709-4869-88AC-888B6B018B9C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F5358C8A-CF15-4CA4-BD00-5EDA1F249751}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"{F6506514-4C52-415E-9576-C27560A709FF}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"TCP Query User{6E4050E5-1146-4FEE-973B-6D989D4C4315}C:\program files (x86)\origin\legacypm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"TCP Query User{7EC9BC78-79B9-4165-8DAA-67A099956073}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{7F148541-C67F-4916-8F63-C2C29A45DBD1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{36E10D39-F72B-4440-B85E-8515F305CD48}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{48E259C7-35B2-4D3D-AAFC-0D676C15D320}C:\program files (x86)\origin\legacypm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"UDP Query User{A9869C3D-B5C0-449B-8B79-368091276998}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0D36378E-B482-433F-9E9F-545367ED0511}" = PhoX - Photogrammetric Calculation System
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{285B4FB8-207C-4CBA-BF3C-0AF1FFAA4123}" = Microsoft Windows Build 8250 Retail Debugging Symbols for x64
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai
"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian
"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All
"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7CB625-076C-4812-87B9-A2695C2CFABF}" = HP Documentation
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common
"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese
"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C5C62359-A304-4C6B-B2F0-63AB58F9CBB8}_is1" = PC SWOS-Total Pack version V1.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian
"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish
"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French
"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.5.2 (Beta)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish
"Creation Master 12_is1" = Creation Master 12 Beta 6
"DB Master 12_is1" = DB Master 12 Beta 2
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"File Master 12_is1" = File Master 12 Release 12.0
"GCstar" = GCstar 1.6.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"Origin" = Origin
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.04.2013 11:27:38 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16482,
 Zeitstempel: 0x50cfc9bf  Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.451,
 Zeitstempel: 0x501a0a26  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000624f2  ID des fehlerhaften
 Prozesses: 0x26f4  Startzeit der fehlerhaften Anwendung: 0x01ce35ff74e8f71d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\atidxx32.dll  Berichtskennung: 2ccaad61-a1f3-11e2-be87-10604b4a8871
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 12.04.2013 09:23:19 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
 0x02af1040  Name des fehlerhaften Moduls: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
 0x02af1040  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0254177b  ID des fehlerhaften Prozesses:
 0x2290  Startzeit der fehlerhaften Anwendung: 0x01ce3780df7a47f3  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe  Pfad des 
fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
Berichtskennung:
 238910b6-a374-11e2-be87-10604b4a8871  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 12.04.2013 09:23:19 | Computer Name = Christoph | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm FIFA 13 wurde wegen dieses Fehlers geschlossen.

Programm:
 FIFA 13  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 12.04.2013 12:00:55 | Computer Name = Christoph | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 12.04.2013 12:00:55 | Computer Name = Christoph | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
 
Error - 14.04.2013 09:56:09 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
 0x02af1040  Name des fehlerhaften Moduls: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
 0x02af1040  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0254177b  ID des fehlerhaften Prozesses:
 0x186c  Startzeit der fehlerhaften Anwendung: 0x01ce3917cb05c275  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe  Pfad des 
fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
Berichtskennung:
 0e75b3f8-a50b-11e2-be88-10604b4a8871  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 14.04.2013 09:56:09 | Computer Name = Christoph | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm FIFA 13 wurde wegen dieses Fehlers geschlossen.

Programm:
 FIFA 13  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 14.04.2013 13:00:10 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
 0x02af1040  Name des fehlerhaften Moduls: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
 0x02af1040  Ausnahmecode: 0xc000001d  Fehleroffset: 0x0254177b  ID des fehlerhaften Prozesses:
 0x241c  Startzeit der fehlerhaften Anwendung: 0x01ce393180294570  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe  Pfad des 
fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
Berichtskennung:
 c38e047e-a524-11e2-be88-10604b4a8871  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 14.04.2013 13:00:10 | Computer Name = Christoph | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm FIFA 13 wurde wegen dieses Fehlers geschlossen.

Programm:
 FIFA 13  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 15.04.2013 12:38:17 | Computer Name = Christoph | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16482 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 208    Startzeit: 01ce39f795087107    Endzeit: 16    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE    Berichts-ID: db0f740c-a5ea-11e2-be88-10604b4a8871

Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
[ System Events ]
Error - 10.04.2013 11:33:35 | Computer Name = Christoph | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 10.04.2013 11:34:21 | Computer Name = Christoph | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 10.04.2013 11:34:41 | Computer Name = Christoph | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 13.04.2013 11:46:01 | Computer Name = Christoph | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?04.?2013 um 10:26:28 unerwartet heruntergefahren.
 
Error - 13.04.2013 11:46:17 | Computer Name = Christoph | Source = BugCheck | ID = 1001
Description = 
 
Error - 13.04.2013 11:47:19 | Computer Name = Christoph | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HPWMISVC erreicht.
 
Error - 16.04.2013 00:47:21 | Computer Name = Christoph | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 06:32:03 unerwartet heruntergefahren.
 
Error - 16.04.2013 00:47:25 | Computer Name = Christoph | Source = BugCheck | ID = 1001
Description = 
 
Error - 16.04.2013 01:42:50 | Computer Name = Christoph | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 07:17:21 unerwartet heruntergefahren.
 
Error - 16.04.2013 01:42:55 | Computer Name = Christoph | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
Und der Inhalt von defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:21 on 24/04/2013 (Hrl)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
__________________

Alt 24.04.2013, 16:32   #4
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Servus,


fehlt nur noch die Logdatei von GMER.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 24.04.2013, 16:55   #5
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Genau, die ist eben fertig geworden
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-24 17:50:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 Hitachi_HTS545050A7E380 rev.GG2OA7A0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Hrl\AppData\Local\Temp\kgtyrpod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[2736] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text   C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[2736] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fd4e201782 4 bytes [20, 4E, FD, 07]
.text   C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text   C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007fd4e201782 4 bytes [20, 4E, FD, 07]
.text   C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\WSOCK32.dll!recvfrom + 742                                                            000007fd4b751b32 4 bytes [75, 4B, FD, 07]
.text   C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\WSOCK32.dll!recvfrom + 750                                                            000007fd4b751b3a 4 bytes [75, 4B, FD, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                        000007fd4a9f1532 4 bytes [9F, 4A, FD, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                        000007fd4a9f153a 4 bytes [9F, 4A, FD, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2992] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                      000007fd4a9f165a 4 bytes [9F, 4A, FD, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3708] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                 000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3708] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                 000007fd4e201782 4 bytes [20, 4E, FD, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4240] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                              000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4240] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                              000007fd4e201782 4 bytes [20, 4E, FD, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [3888:3896]                                                                                                        fffff9600096b5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
Grüße aus Ösiland Christoph


Alt 24.04.2013, 18:39   #6
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



vus,




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAR.
__________________
--> BSOD-Maustreiber oder doch Virus?

Alt 25.04.2013, 05:52   #7
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Hier die Daten von adwcleaner
Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 25/04/2013 um 06:47:37 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Hrl - CHRISTOPH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hrl\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\PutLockerDownloader
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Hrl\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Hrl\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Hrl\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\9e8b8ce06fed12
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9e8b8ce06fed12
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [3062 octets] - [25/04/2013 06:47:37]

########## EOF - C:\AdwCleaner[S1].txt - [3122 octets] ##########
         
junkware removal
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 8 x64
Ran by Hrl on 25.04.2013 at  6:56:40,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} 
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} 



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at  7:03:00,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
mbar- kein cleanup erforderlich wurde angezeigt
Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16484

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 3852734464, free: 2911477760

------------ Kernel report ------------
     04/25/2013 07:10:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800486b420
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000032\
Lower Device Object: 0xfffffa8003f65400
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.25.01
Downloaded database version: v2013.04.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800486b420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004865040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800486b420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003f62910, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8003f65400, DeviceName: \Device\00000032\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00e8dca20, 0xfffffa800486b420, 0xfffffa8003a4f090
Lower DeviceData: 0xfffff8a002779570, 0xfffffa8003f65400, 0xfffffa80066819b0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C87CE4C6

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 976773167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 361418761
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 58d7bd3f-dd1b-414e-8756-8ee82613297a
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 361418761
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 58d7bd3f-dd1b-414e-8756-8ee82613297a
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 99b6817f-9a1f-4086-b586-3efd8a288974
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID c31e054d-997d-42b2-8844-f49c62c1796e
    FirstLBA 821248  Last LBA 1353727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c3a840f4-3e7d-4f90-8433-722f4919268e
    FirstLBA 1353728  Last LBA 1615871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID feaabb5d-b3e3-4d03-8610-312941bfe1b9
    FirstLBA 1615872  Last LBA 946790399
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID a20db402-8594-4b19-8542-9d9c4f496e1e
    FirstLBA 946790400  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
         

Alt 25.04.2013, 10:06   #8
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Servus,



ein bisschen Adware wurde entfernt. Wir werfen noch einen 2. Blick auf dein System:





Schritt 1
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *PutLockerDownloader*
    *Babylon*
    *SoftSafe*
    *1ClickDownload*
    *DataMngr*
    *Softonic*
    
    :folderfind
    *PutLockerDownloader*
    *Babylon*
    *SoftSafe*
    *1ClickDownload*
    *DataMngr*
    *Softonic*
    
    :regfind
    PutLockerDownloader
    Babylon
    SoftSafe
    1ClickDownload
    DataMngr
    Softonic
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Schritt 3
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von SystemLook,
  • die Logdatei von TDSS-Killer.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 25.04.2013, 15:05   #9
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Hallo,
Code:
ATTFilter
OTL logfile created on: 25.04.2013 15:50:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hrl\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,76% Memory free
7,21 Gb Paging File | 6,25 Gb Available in Paging File | 86,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,69 Gb Total Space | 373,09 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe
PRC - [2013.02.20 08:28:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.08.06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.08.02 11:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012.07.25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.29 18:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013.01.29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 05:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 09:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 09:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.08.31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012.08.29 09:35:13 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.08.29 09:34:03 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.08.29 09:34:03 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012.08.08 23:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012.08.02 12:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.08.02 10:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.01 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 06:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 06:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.23 23:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012.07.23 23:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.07.17 18:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.07.04 00:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012.06.19 04:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.06.13 07:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013.04.01 16:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.02.11 12:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
[2013.03.29 18:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - Startup: C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AA41483-FA8E-46C2-8D04-2E5D75E7DC76}: DhcpNameServer = 192.168.0.1 213.33.99.70 80.120.17.70
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8366D461-FAD5-4D41-89CD-7A97D05A5460}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012.09.05 05:18:38 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2012.08.31 09:41:57 | 000,048,902 | R--- | M] () - E:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2012.09.05 05:18:36 | 000,000,124 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 07:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.25 07:09:24 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Desktop\mbar-1.05.0.1001
[2013.04.25 06:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.25 06:56:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.25 06:55:56 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Hrl\Desktop\JRT.exe
[2013.04.24 16:48:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe
[2013.04.23 18:29:23 | 000,000,000 | ---D | C] -- C:\Maustreiber
[2013.04.23 17:43:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.20 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\wienfuchs
[2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Temp
[2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Configuration
[2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Backup Tickets
[2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photosketch Demo V3.0
[2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Photosketch
[2013.04.16 19:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SWOS-Total Pack
[2013.04.16 19:00:20 | 000,000,000 | ---D | C] -- C:\games
[2013.04.11 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Blender Foundation
[2013.04.07 07:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2013.04.05 17:12:13 | 000,000,000 | ---D | C] -- C:\000
[2013.04.02 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12
[2013.04.01 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM12_temp
[2013.04.01 17:53:28 | 000,000,000 | ---D | C] -- C:\FIFA 13
[2013.04.01 17:03:27 | 000,000,000 | ---D | C] -- C:\FIFA_Creation_Studio_13_Basic_13.0.3
[2013.04.01 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Mozilla
[2013.04.01 16:44:35 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM13_temp
[2013.04.01 16:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa Master 12
[2013.04.01 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModdingWay
[2013.03.31 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\FaceGen
[2013.03.31 18:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceShopPro
[2013.03.31 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pantomat
[2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder
[2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder
[2013.03.30 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM10_temp
[2013.03.30 08:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fifa Master
[2013.03.29 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Origin
[2013.03.29 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.03.29 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.03.29 18:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Downloaded Installations
[2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.29 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.29 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 10
[2013.03.29 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 11
[2013.03.28 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.03.28 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 09
[2013.03.28 19:51:36 | 000,000,000 | RH-D | C] -- C:\Users\Hrl\AppData\Roaming\SecuROM
[2013.03.28 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 2005
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 15:48:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.25 15:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 07:33:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 07:08:44 | 012,917,756 | ---- | M] () -- C:\Users\Hrl\Desktop\mbar-1.05.0.1001.zip
[2013.04.25 06:55:57 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Hrl\Desktop\JRT.exe
[2013.04.25 06:54:02 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 06:54:02 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 06:54:02 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 06:54:02 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 06:54:02 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 06:49:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.25 06:49:29 | 3082,186,752 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 06:46:59 | 000,619,461 | ---- | M] () -- C:\Users\Hrl\Desktop\adwcleaner.exe
[2013.04.24 17:28:32 | 000,377,856 | ---- | M] () -- C:\Users\Hrl\Desktop\gmer_2.1.19163.exe
[2013.04.24 17:21:18 | 000,000,000 | ---- | M] () -- C:\Users\Hrl\defogger_reenable
[2013.04.24 17:20:19 | 000,050,477 | ---- | M] () -- C:\Users\Hrl\Desktop\Defogger.exe
[2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe
[2013.04.23 07:56:35 | 376,586,357 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.23 07:55:26 | 000,001,960 | ---- | M] () -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk
[2013.04.20 11:16:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHrl.job
[2013.04.19 15:43:59 | 001,530,086 | ---- | M] () -- C:\Users\Hrl\Documents\büchel.skp
[2013.04.18 18:22:33 | 000,003,904 | -H-- | M] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini
[2013.04.16 19:03:57 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk
[2013.04.13 09:45:20 | 000,001,097 | ---- | M] () -- C:\Users\Hrl\Desktop\Das Fussball Studio.lnk
[2013.04.07 07:57:51 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013.04.06 06:07:13 | 000,001,269 | ---- | M] () -- C:\Users\Hrl\Desktop\CM 12.lnk
[2013.04.02 18:19:15 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013.04.01 17:04:42 | 000,001,274 | ---- | M] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk
[2013.04.01 16:41:53 | 000,001,221 | ---- | M] () -- C:\Users\Hrl\Desktop\FileM 12.lnk
[2013.04.01 16:41:36 | 000,001,197 | ---- | M] () -- C:\Users\Hrl\Desktop\DBM 12.lnk
[2013.03.31 19:08:23 | 000,010,539 | ---- | M] () -- C:\Users\Hrl\Documents\1.png
[2013.03.31 19:03:53 | 000,009,701 | ---- | M] () -- C:\Users\Hrl\Documents\aba.fg
[2013.03.29 20:37:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.29 20:25:49 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini
[2013.03.29 18:23:19 | 000,002,060 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013.03.27 07:22:47 | 000,320,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.25 07:08:44 | 012,917,756 | ---- | C] () -- C:\Users\Hrl\Desktop\mbar-1.05.0.1001.zip
[2013.04.25 06:46:44 | 000,619,461 | ---- | C] () -- C:\Users\Hrl\Desktop\adwcleaner.exe
[2013.04.24 17:28:32 | 000,377,856 | ---- | C] () -- C:\Users\Hrl\Desktop\gmer_2.1.19163.exe
[2013.04.24 17:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Hrl\defogger_reenable
[2013.04.24 17:20:19 | 000,050,477 | ---- | C] () -- C:\Users\Hrl\Desktop\Defogger.exe
[2013.04.19 15:43:59 | 001,525,476 | ---- | C] () -- C:\Users\Hrl\Documents\büchel.skb
[2013.04.18 18:22:33 | 000,003,904 | -H-- | C] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini
[2013.04.16 19:03:57 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk
[2013.04.07 07:57:51 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013.04.06 10:09:56 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2013.04.06 06:07:13 | 000,001,269 | ---- | C] () -- C:\Users\Hrl\Desktop\CM 12.lnk
[2013.04.02 18:19:15 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk
[2013.04.01 17:04:42 | 000,001,274 | ---- | C] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk
[2013.04.01 16:41:53 | 000,001,221 | ---- | C] () -- C:\Users\Hrl\Desktop\FileM 12.lnk
[2013.04.01 16:41:36 | 000,001,197 | ---- | C] () -- C:\Users\Hrl\Desktop\DBM 12.lnk
[2013.03.31 19:08:22 | 000,010,539 | ---- | C] () -- C:\Users\Hrl\Documents\1.png
[2013.03.31 19:03:53 | 000,009,701 | ---- | C] () -- C:\Users\Hrl\Documents\aba.fg
[2013.03.29 20:37:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.29 18:20:46 | 000,002,060 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2013.03.29 15:45:09 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2013.02.14 09:18:37 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.02.03 19:20:48 | 000,000,269 | ---- | C] () -- C:\Users\Hrl\.octave_hist
[2013.02.03 10:07:01 | 000,000,868 | ---- | C] () -- C:\Users\Hrl\AppData\Local\recently-used.xbel
[2013.01.05 14:54:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.08.20 20:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.02 10:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.08.02 10:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2011.09.13 04:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2012.08.20 20:51:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 15:50:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hrl\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,76% Memory free
7,21 Gb Paging File | 6,25 Gb Available in Paging File | 86,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,69 Gb Total Space | 373,09 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9DCA90-94F1-4F7C-B926-53425E05BCEE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{28BE1BA6-9E49-43ED-9240-67C2DDDBCB20}" = rport=137 | protocol=17 | dir=out | app=system | 
"{372B2882-3DB6-4582-B0B8-94419BCD7705}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4DF403AA-63DD-4631-82B8-172A00075055}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6371972F-FD04-4380-AB1B-D5C89647608C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7D707C2B-66F3-49A3-B3A5-F1E752F23730}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A7D1084C-DC6D-43E3-BDFE-3F2420CC6D77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B2901653-8BD3-4B50-9C4A-C49B9789C1AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3ECBF8D-242F-4369-A4C2-AAB34ADA6483}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C89240F7-A358-4D26-B8A8-9A46A27D7FBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D479AA52-9847-4EB0-BC8B-09017648001C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E915AB00-A3F1-4AA6-A7E1-8BA028440E7A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E978E9A0-CA90-4689-AC35-EA3DDD08710F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F843D29C-AE2C-4953-80D0-A41D03BD1294}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F020E-F751-4BA1-AA3D-CE9DA6F7F44E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{03BBDF1C-4766-4E9B-A8B0-5D4874CB6B3D}" = protocol=6 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe | 
"{0505E55B-81E9-49CB-BCC3-21F15FFA25E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{065C6EDB-D432-43C4-92AE-983366CA597A}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{085BD021-3284-40E3-B411-05AF6229B1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"{0878202E-1313-4036-9D33-EB2DE2373B89}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"{15CF9A0B-9F8B-44CE-8A02-42A56B2BE232}" = dir=out | name=getting started with windows 8 | 
"{15EDF370-A169-4BA5-A9F5-C9778DAF5653}" = dir=out | name=ebay | 
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | 
"{1CE5F3FD-C5AF-44F1-93B4-9DFA7AA3868F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{1D145B11-FA39-4220-8813-CC1BDF107C0A}" = dir=in | name=kindle | 
"{1D71000A-A704-4878-A740-4FEA917BCACC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2B8A66FE-5B03-4319-85E7-AFAEFE11A7CC}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{3253464F-1DEB-48E1-A5E1-C85ADAC6A76A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"{32ABBA5C-45AC-41DF-A1C4-157F93910978}" = dir=out | name=kindle | 
"{3CF5B02B-BEC6-4E26-9D22-55672E4E394B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{44E69452-D0F6-4C11-99FB-D632FAE2E1B0}" = dir=out | name=hp registration | 
"{46EFF4D3-F7C1-437F-B11E-F07F2C99CE98}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{491EEF38-A02E-40A8-B8F9-39B88A3D0194}" = dir=out | name=norton studio | 
"{51FBA43D-26DB-419F-B408-952E06B226BA}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{53222944-180D-4AE8-8C8B-8DE3304AC5E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5D2F28CB-FBCF-4826-8948-F1F979755387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{5FDD5E75-A5EA-4924-BC32-3414B75730EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6403A10B-4EAE-4783-9932-490312223085}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{752E46C7-B1FA-46D1-BC6E-6E49143FF346}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7E741563-8C40-4B77-BB74-2B813CB0384D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{82C0D8CD-7B8D-4A01-B74E-9DA90AE8000F}" = dir=out | name=hp connected photo powered by snapfish | 
"{82EF04DF-3D6C-4D13-9407-CA51EFC17CA6}" = dir=in | name=ebay | 
"{8370EB6F-64E4-40A9-9093-EAB4FB6270A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{8468B233-D95F-4688-A6ED-2ED33D446E88}" = dir=out | name=skype | 
"{85C46F73-7EC9-48E6-A7F7-5E2FA8477735}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8CC9B20F-5F4E-4555-A5F1-D68860A73D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{8F3D5532-A371-4EE5-BB85-754B94DC12B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe | 
"{9002D236-6A69-4E2B-BA72-2EB24ABC4517}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9582728C-9537-4130-A13A-E029C198CA4F}" = protocol=6 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe | 
"{95A2DCFE-C77D-4193-B8BF-6B43F64E55B4}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9C73D7F0-418E-45C5-8E5E-3A2DE9883F9C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{9CD70374-F221-487E-812F-0A1CE47F7CF0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{A296A1A2-BB6A-45C6-ADDB-3D4C40B3DD57}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{A87BD2DA-A780-4E5A-882C-FF1F2A0AB077}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA1CABE1-F9C0-49E6-AD13-D51EF66B0C11}" = protocol=17 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe | 
"{B39174C0-4639-4049-A4EC-B687EA845056}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{B96D8107-3864-4483-8815-5ABD260E151D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe | 
"{C4C3F9ED-4F35-4B00-AB03-682D6B65DCE0}" = protocol=17 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe | 
"{CA55B394-8FD4-4594-B317-6E9CF198A744}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{CF897716-81AA-4A6F-89C6-60D523B63653}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{D13E357E-EDB4-4B53-BE51-9B41394E027C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D300F09B-9C6F-4344-A544-A3C62A1323FE}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D5EBE7EF-55ED-4ADF-8AC3-A1E8277735B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D609A076-F719-42F6-BDE4-6AA63C9C6329}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{D6AE7093-3B4C-46CD-96C1-887DA1FDF6DD}" = dir=in | name=skype | 
"{D6C45A34-6ECA-4E90-A668-97F58AC69606}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E0A18A3C-1D10-43E1-9B5C-56A9626DD5A5}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{E52DE610-063F-4F26-8316-C457B2A19EAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E8CF42A2-A934-440C-B8E1-EA86C1F34B26}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{EA05C822-D9E7-4A7A-BC8D-6A943FB3F182}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{ED7C903F-0709-4869-88AC-888B6B018B9C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F5358C8A-CF15-4CA4-BD00-5EDA1F249751}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"{F6506514-4C52-415E-9576-C27560A709FF}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"TCP Query User{6E4050E5-1146-4FEE-973B-6D989D4C4315}C:\program files (x86)\origin\legacypm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"TCP Query User{7EC9BC78-79B9-4165-8DAA-67A099956073}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{7F148541-C67F-4916-8F63-C2C29A45DBD1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{36E10D39-F72B-4440-B85E-8515F305CD48}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{48E259C7-35B2-4D3D-AAFC-0D676C15D320}C:\program files (x86)\origin\legacypm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe | 
"UDP Query User{A9869C3D-B5C0-449B-8B79-368091276998}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0D36378E-B482-433F-9E9F-545367ED0511}" = PhoX - Photogrammetric Calculation System
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{285B4FB8-207C-4CBA-BF3C-0AF1FFAA4123}" = Microsoft Windows Build 8250 Retail Debugging Symbols for x64
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai
"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian
"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All
"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7CB625-076C-4812-87B9-A2695C2CFABF}" = HP Documentation
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common
"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese
"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C5C62359-A304-4C6B-B2F0-63AB58F9CBB8}_is1" = PC SWOS-Total Pack version V1.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian
"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish
"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French
"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.5.2 (Beta)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish
"Creation Master 12_is1" = Creation Master 12 Beta 6
"DB Master 12_is1" = DB Master 12 Beta 2
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"File Master 12_is1" = File Master 12 Release 12.0
"GCstar" = GCstar 1.6.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"Origin" = Origin
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
 
< End of report >
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:10 on 25/04/2013 by Hrl
Administrator - Elevation successful

========== filefind ==========

Searching for "*PutLockerDownloader*"
C:\Users\Hrl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3C3DSZ1\PutLockerDownloader[1].exe	--a---- 1117808 bytes	[14:47 01/04/2013]	[14:47 01/04/2013] 2222C63F23A895B88D418F543F143F5D
C:\Users\Hrl\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi	--a---- 214122 bytes	[10:58 11/02/2013]	[10:58 11/02/2013] 985AC93755E0BE63531966D64A299E2F

Searching for "*Babylon*"
C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1\Latest\Babylon.dat	--a---- 12384 bytes	[12:17 19/02/2013]	[12:17 19/02/2013] 825E5733974586A0A1229A53361ED13E
C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1\Latest\MyBabylonTB.exe	--a---- 2028384 bytes	[13:15 23/01/2013]	[13:15 23/01/2013] 42D8EBB6DCB232E81F93CD4F280058DC

Searching for "*SoftSafe*"
No files found.

Searching for "*1ClickDownload*"
No files found.

Searching for "*DataMngr*"
No files found.

Searching for "*Softonic*"
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2YW6QVBT\football-manager-2013.en.softonic[1].xml	--a---- 13 bytes	[15:20 23/03/2013]	[15:20 23/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PSZNT4H\en.softonic[1].xml	--a---- 13 bytes	[15:03 22/02/2013]	[06:53 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PSZNT4H\league-scheduler.en.softonic[1].xml	--a---- 13 bytes	[15:06 22/02/2013]	[15:06 22/02/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PSZNT4H\sensible-soccer-2006.softonic[1].xml	--a---- 13 bytes	[06:59 24/03/2013]	[07:01 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NY5GL6KW\art-of-illusion.softonic[1].xml	--a---- 13 bytes	[14:40 15/04/2013]	[14:40 15/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NY5GL6KW\blender-64bits.softonic[1].xml	--a---- 13 bytes	[17:45 23/01/2013]	[17:45 23/01/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NY5GL6KW\fifa-manager-13.softonic[1].xml	--a---- 13 bytes	[07:52 24/03/2013]	[07:52 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\gimp.softonic[1].xml	--a---- 13 bytes	[16:19 25/12/2012]	[16:19 25/12/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\microsoft-soccer-scoreboard.en.softonic[1].xml	--a---- 13 bytes	[15:03 22/02/2013]	[15:03 22/02/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\sculptris.softonic[1].xml	--a---- 13 bytes	[14:38 15/04/2013]	[14:41 15/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\www.softonic[1].xml	--a---- 13 bytes	[17:45 23/01/2013]	[07:01 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe	--a---- 373424 bytes	[16:20 25/12/2012]	[16:20 25/12/2012] 4BC80A8F90C059950CE07D30EE1B1CF2
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe	--a---- 393064 bytes	[07:00 24/03/2013]	[07:00 24/03/2013] 0F3007119ECDDB7736EE08627746C0C6
C:\Windows\Prefetch\SOFTONICDOWNLOADER_FUER_SENSI-BB758226.pf	--a---- 131550 bytes	[07:14 24/03/2013]	[13:31 25/03/2013] 5778B51D311894B73197E1F5C8EE821B

========== folderfind ==========

Searching for "*PutLockerDownloader*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*SoftSafe*"
No folders found.

Searching for "*1ClickDownload*"
No folders found.

Searching for "*DataMngr*"
No folders found.

Searching for "*Softonic*"
C:\Users\Hrl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4N2TRY4\static.softonic.de	d------	[16:28 25/12/2012]
C:\Users\Hrl\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de	d------	[16:28 25/12/2012]

========== regfind ==========

Searching for "PutLockerDownloader"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.FriendlyAppName"="PutLockerDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej]
"path"="C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.FriendlyAppName"="PutLockerDownloader"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.FriendlyAppName"="PutLockerDownloader"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "SoftSafe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Hrl\Downloads\FIFA_Creation_Studio_13_Basic_13.0.3.rar.exe.ApplicationCompany"="SoftSafe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Hrl\Downloads\FIFA_Creation_Studio_13_Basic_13.0.3.rar.exe.ApplicationCompany"="SoftSafe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Hrl\Downloads\FIFA_Creation_Studio_13_Basic_13.0.3.rar.exe.ApplicationCompany"="SoftSafe"

Searching for "1ClickDownload"
No data found.

Searching for "DataMngr"
No data found.

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\49df99ef_0]
@="{2}.\\?\hdaudio#func_01&ven_1002&dev_aa01&subsys_00aa0100&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\e0hdmiout2topo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec4b3745_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0269&subsys_103c1885&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\49df99ef_0]
@="{2}.\\?\hdaudio#func_01&ven_1002&dev_aa01&subsys_00aa0100&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\e0hdmiout2topo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec4b3745_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0269&subsys_103c1885&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]

Searching for "         "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1\Target Id 0\Logical Unit Id 0]
"SerialNumber"="M32CA3C0253         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="3.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="28800" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="3.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                         
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="3.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                 

-= EOF =-
         

Alt 25.04.2013, 15:30   #10
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Code:
ATTFilter
16:27:50.0909 2248  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:27:50.0909 2248  UEFI system
16:27:51.0205 2248  ============================================================
16:27:51.0205 2248  Current date / time: 2013/04/25 16:27:51.0205
16:27:51.0205 2248  SystemInfo:
16:27:51.0205 2248  
16:27:51.0205 2248  OS Version: 6.2.9200 ServicePack: 0.0
16:27:51.0205 2248  Product type: Workstation
16:27:51.0205 2248  ComputerName: CHRISTOPH
16:27:51.0205 2248  UserName: Hrl
16:27:51.0205 2248  Windows directory: C:\Windows
16:27:51.0205 2248  System windows directory: C:\Windows
16:27:51.0205 2248  Running under WOW64
16:27:51.0205 2248  Processor architecture: Intel x64
16:27:51.0205 2248  Number of processors: 2
16:27:51.0205 2248  Page size: 0x1000
16:27:51.0205 2248  Boot type: Normal boot
16:27:51.0205 2248  ============================================================
16:27:52.0079 2248  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:52.0079 2248  ============================================================
16:27:52.0079 2248  \Device\Harddisk0\DR0:
16:27:52.0079 2248  GPT partitions:
16:27:52.0079 2248  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {99B6817F-9A1F-4086-B586-3EFD8A288974}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
16:27:52.0079 2248  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C31E054D-997D-42B2-8844-F49C62C1796E}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
16:27:52.0079 2248  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C3A840F4-3E7D-4F90-8433-722F4919268E}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
16:27:52.0079 2248  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FEAABB5D-B3E3-4D03-8610-312941BFE1B9}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x38563800
16:27:52.0079 2248  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A20DB402-8594-4B19-8542-9D9C4F496E1E}, Name: Basic data partition, StartLBA 0x386EE000, BlocksNum 0x1C98000
16:27:52.0079 2248  MBR partitions:
16:27:52.0079 2248  ============================================================
16:27:52.0110 2248  C: <-> \Device\Harddisk0\DR0\Partition4
16:27:52.0157 2248  D: <-> \Device\Harddisk0\DR0\Partition5
16:27:52.0157 2248  ============================================================
16:27:52.0157 2248  Initialize success
16:27:52.0157 2248  ============================================================
16:28:09.0380 1076  ============================================================
16:28:09.0380 1076  Scan started
16:28:09.0380 1076  Mode: Manual; SigCheck; TDLFS; 
16:28:09.0380 1076  ============================================================
16:28:10.0269 1076  ================ Scan system memory ========================
16:28:10.0269 1076  System memory - ok
16:28:10.0269 1076  ================ Scan services =============================
16:28:10.0504 1076  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:28:10.0613 1076  1394ohci - ok
16:28:10.0644 1076  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:28:10.0675 1076  3ware - ok
16:28:10.0754 1076  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:28:10.0847 1076  ACPI - ok
16:28:10.0894 1076  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:28:10.0925 1076  acpiex - ok
16:28:10.0956 1076  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:28:11.0003 1076  acpipagr - ok
16:28:11.0019 1076  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:28:11.0081 1076  AcpiPmi - ok
16:28:11.0097 1076  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:28:11.0144 1076  acpitime - ok
16:28:11.0175 1076  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:28:11.0222 1076  adp94xx - ok
16:28:11.0253 1076  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:28:11.0377 1076  adpahci - ok
16:28:11.0409 1076  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:28:11.0456 1076  adpu320 - ok
16:28:11.0502 1076  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:28:11.0533 1076  AeLookupSvc - ok
16:28:11.0596 1076  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:28:11.0627 1076  AERTFilters - ok
16:28:11.0674 1076  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
16:28:11.0736 1076  AFD - ok
16:28:11.0768 1076  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:28:11.0799 1076  agp440 - ok
16:28:11.0830 1076  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
16:28:11.0877 1076  ALG - ok
16:28:11.0908 1076  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
16:28:11.0955 1076  AllUserInstallAgent - ok
16:28:11.0986 1076  [ 1F500945F87AA517BD2F049256B304DD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:28:12.0064 1076  AMD External Events Utility - ok
16:28:12.0111 1076  AMD FUEL Service - ok
16:28:12.0158 1076  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:28:12.0204 1076  AmdK8 - ok
16:28:12.0438 1076  [ 2A831A7F9031B5BBA6EF189381D65228 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:28:12.0844 1076  amdkmdag - ok
16:28:12.0891 1076  [ B9ACB2AA40709E060CDC34F13F1C9C8F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:28:12.0969 1076  amdkmdap - ok
16:28:13.0016 1076  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:28:13.0062 1076  AmdPPM - ok
16:28:13.0109 1076  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:28:13.0140 1076  amdsata - ok
16:28:13.0156 1076  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:28:13.0203 1076  amdsbs - ok
16:28:13.0218 1076  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:28:13.0250 1076  amdxata - ok
16:28:13.0281 1076  [ A2EFE3869B976296E097DEF368280F95 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
16:28:13.0328 1076  amd_sata - ok
16:28:13.0359 1076  [ 625396421C29FB305C6C6235D01130B8 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
16:28:13.0374 1076  amd_xata - ok
16:28:13.0437 1076  [ 823F34D1DEF120A657BB7529ABF4461F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
16:28:13.0484 1076  AppHostSvc - ok
16:28:13.0515 1076  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
16:28:13.0562 1076  AppID - ok
16:28:13.0593 1076  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:28:13.0640 1076  AppIDSvc - ok
16:28:13.0655 1076  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
16:28:13.0718 1076  Appinfo - ok
16:28:13.0749 1076  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
16:28:13.0780 1076  arc - ok
16:28:13.0811 1076  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:28:13.0842 1076  arcsas - ok
16:28:13.0967 1076  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:28:14.0014 1076  aspnet_state - ok
16:28:14.0030 1076  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:14.0076 1076  AsyncMac - ok
16:28:14.0108 1076  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:28:14.0139 1076  atapi - ok
16:28:14.0170 1076  [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
16:28:14.0186 1076  AtiHDAudioService - ok
16:28:14.0233 1076  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:28:14.0279 1076  AudioEndpointBuilder - ok
16:28:14.0326 1076  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:28:14.0388 1076  Audiosrv - ok
16:28:14.0435 1076  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:28:14.0466 1076  AxInstSV - ok
16:28:14.0513 1076  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:28:14.0560 1076  b06bdrv - ok
16:28:14.0591 1076  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:28:14.0638 1076  BasicDisplay - ok
16:28:14.0654 1076  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:28:14.0700 1076  BasicRender - ok
16:28:14.0732 1076  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:28:14.0794 1076  BDESVC - ok
16:28:14.0825 1076  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:28:14.0905 1076  Beep - ok
16:28:14.0967 1076  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
16:28:15.0014 1076  BFE - ok
16:28:15.0061 1076  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
16:28:15.0123 1076  BITS - ok
16:28:15.0170 1076  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:15.0201 1076  Bonjour Service - ok
16:28:15.0217 1076  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:28:15.0263 1076  bowser - ok
16:28:15.0310 1076  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:28:15.0357 1076  BrokerInfrastructure - ok
16:28:15.0404 1076  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
16:28:15.0451 1076  Browser - ok
16:28:15.0482 1076  [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:28:15.0513 1076  BthAvrcpTg - ok
16:28:15.0544 1076  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:28:15.0607 1076  BthHFEnum - ok
16:28:15.0653 1076  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:28:15.0700 1076  bthhfhid - ok
16:28:15.0732 1076  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:28:15.0794 1076  BTHMODEM - ok
16:28:15.0825 1076  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
16:28:15.0872 1076  bthserv - ok
16:28:15.0903 1076  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:28:15.0950 1076  cdfs - ok
16:28:15.0981 1076  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:28:16.0028 1076  cdrom - ok
16:28:16.0075 1076  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:28:16.0106 1076  CertPropSvc - ok
16:28:16.0153 1076  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
16:28:16.0231 1076  circlass - ok
16:28:16.0262 1076  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:28:16.0309 1076  CLFS - ok
16:28:16.0356 1076  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:28:16.0387 1076  CmBatt - ok
16:28:16.0434 1076  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:28:16.0496 1076  CNG - ok
16:28:16.0543 1076  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:28:16.0621 1076  CompositeBus - ok
16:28:16.0636 1076  COMSysApp - ok
16:28:16.0668 1076  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
16:28:16.0699 1076  condrv - ok
16:28:16.0746 1076  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:28:16.0777 1076  CryptSvc - ok
16:28:16.0824 1076  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
16:28:16.0855 1076  dam - ok
16:28:16.0886 1076  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\System32\drivers\dc3d.sys
16:28:16.0901 1076  dc3d - ok
16:28:16.0948 1076  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:28:17.0026 1076  DcomLaunch - ok
16:28:17.0073 1076  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:28:17.0136 1076  defragsvc - ok
16:28:17.0167 1076  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
16:28:17.0245 1076  DeviceAssociationService - ok
16:28:17.0292 1076  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:28:17.0338 1076  DeviceInstall - ok
16:28:17.0385 1076  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:28:17.0416 1076  Dfsc - ok
16:28:17.0463 1076  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:28:17.0541 1076  Dhcp - ok
16:28:17.0588 1076  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
16:28:17.0635 1076  discache - ok
16:28:17.0666 1076  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
16:28:17.0697 1076  disk - ok
16:28:17.0728 1076  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:28:17.0759 1076  dmvsc - ok
16:28:17.0806 1076  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:28:17.0853 1076  Dnscache - ok
16:28:17.0900 1076  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
16:28:17.0947 1076  dot3svc - ok
16:28:17.0978 1076  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
16:28:18.0040 1076  DPS - ok
16:28:18.0087 1076  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:28:18.0118 1076  drmkaud - ok
16:28:18.0150 1076  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:28:18.0212 1076  DsmSvc - ok
16:28:18.0274 1076  [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:28:18.0368 1076  DXGKrnl - ok
16:28:18.0399 1076  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
16:28:18.0446 1076  Eaphost - ok
16:28:18.0540 1076  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:28:18.0727 1076  ebdrv - ok
16:28:18.0758 1076  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
16:28:18.0805 1076  EFS - ok
16:28:18.0836 1076  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:28:18.0883 1076  EhStorClass - ok
16:28:18.0914 1076  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:28:18.0945 1076  EhStorTcgDrv - ok
16:28:18.0961 1076  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:28:18.0992 1076  ErrDev - ok
16:28:19.0070 1076  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
16:28:19.0132 1076  EventSystem - ok
16:28:19.0179 1076  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:28:19.0226 1076  exfat - ok
16:28:19.0257 1076  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:28:19.0304 1076  fastfat - ok
16:28:19.0351 1076  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
16:28:19.0413 1076  Fax - ok
16:28:19.0445 1076  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:28:19.0491 1076  fdc - ok
16:28:19.0523 1076  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:28:19.0569 1076  fdPHost - ok
16:28:19.0585 1076  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
16:28:19.0647 1076  FDResPub - ok
16:28:19.0694 1076  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
16:28:19.0741 1076  fhsvc - ok
16:28:19.0756 1076  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:28:19.0788 1076  FileInfo - ok
16:28:19.0819 1076  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:28:19.0866 1076  Filetrace - ok
16:28:19.0913 1076  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:28:19.0944 1076  flpydisk - ok
16:28:19.0975 1076  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:28:20.0022 1076  FltMgr - ok
16:28:20.0084 1076  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
16:28:20.0162 1076  FontCache - ok
16:28:20.0225 1076  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:20.0240 1076  FontCache3.0.0.0 - ok
16:28:20.0287 1076  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:28:20.0302 1076  FsDepends - ok
16:28:20.0334 1076  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:28:20.0349 1076  Fs_Rec - ok
16:28:20.0412 1076  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:28:20.0458 1076  fvevol - ok
16:28:20.0505 1076  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:28:20.0536 1076  FxPPM - ok
16:28:20.0583 1076  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:28:20.0614 1076  gagp30kx - ok
16:28:20.0630 1076  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:28:20.0661 1076  gencounter - ok
16:28:20.0708 1076  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:28:20.0739 1076  GPIOClx0101 - ok
16:28:20.0802 1076  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:28:20.0895 1076  gpsvc - ok
16:28:21.0004 1076  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:21.0036 1076  gupdate - ok
16:28:21.0051 1076  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:21.0067 1076  gupdatem - ok
16:28:21.0083 1076  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:21.0114 1076  gusvc - ok
16:28:21.0145 1076  [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:21.0207 1076  HdAudAddService - ok
16:28:21.0239 1076  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:28:21.0285 1076  HDAudBus - ok
16:28:21.0317 1076  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:28:21.0363 1076  HidBatt - ok
16:28:21.0395 1076  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:28:21.0457 1076  HidBth - ok
16:28:21.0504 1076  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:28:21.0535 1076  hidi2c - ok
16:28:21.0582 1076  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:28:21.0629 1076  HidIr - ok
16:28:21.0675 1076  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
16:28:21.0722 1076  hidserv - ok
16:28:21.0738 1076  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:28:21.0800 1076  HidUsb - ok
16:28:21.0863 1076  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:28:21.0909 1076  hkmsvc - ok
16:28:21.0956 1076  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:22.0003 1076  HomeGroupListener - ok
16:28:22.0050 1076  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:22.0112 1076  HomeGroupProvider - ok
16:28:22.0190 1076  [ 6515296E8F9D81BB6C4588C4878A9AC1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:28:22.0206 1076  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
16:28:22.0206 1076  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
16:28:22.0299 1076  [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:28:22.0362 1076  hpqwmiex - ok
16:28:22.0393 1076  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:28:22.0424 1076  HpSAMD - ok
16:28:22.0455 1076  [ F50912B0A861ED396F6062E79C37A4A7 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:28:22.0471 1076  HPWMISVC - ok
16:28:22.0533 1076  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:28:22.0611 1076  HTTP - ok
16:28:22.0643 1076  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:28:22.0674 1076  hwpolicy - ok
16:28:22.0705 1076  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:28:22.0736 1076  hyperkbd - ok
16:28:22.0767 1076  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:28:22.0814 1076  HyperVideo - ok
16:28:22.0830 1076  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:28:22.0877 1076  i8042prt - ok
16:28:22.0923 1076  [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
16:28:22.0970 1076  iaStorA - ok
16:28:23.0001 1076  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:28:23.0064 1076  iaStorV - ok
16:28:23.0157 1076  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:28:23.0235 1076  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
16:28:23.0235 1076  IconMan_R - detected UnsignedFile.Multi.Generic (1)
16:28:23.0314 1076  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:28:23.0329 1076  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:28:23.0329 1076  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:28:23.0594 1076  [ 83915E05E168AB63B48302F7DC5D8E00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:24.0000 1076  igfx - ok
16:28:24.0031 1076  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:28:24.0062 1076  iirsp - ok
16:28:24.0125 1076  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:28:24.0203 1076  IKEEXT - ok
16:28:24.0359 1076  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:28:24.0530 1076  IntcAzAudAddService - ok
16:28:24.0562 1076  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:28:24.0577 1076  intelide - ok
16:28:24.0608 1076  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:28:24.0655 1076  intelppm - ok
16:28:24.0671 1076  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:24.0718 1076  IpFilterDriver - ok
16:28:24.0780 1076  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:28:24.0842 1076  iphlpsvc - ok
16:28:24.0874 1076  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:28:24.0905 1076  IPMIDRV - ok
16:28:24.0920 1076  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:28:24.0967 1076  IPNAT - ok
16:28:24.0998 1076  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:28:25.0045 1076  IRENUM - ok
16:28:25.0061 1076  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:28:25.0092 1076  isapnp - ok
16:28:25.0139 1076  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:28:25.0170 1076  iScsiPrt - ok
16:28:25.0217 1076  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:28:25.0248 1076  kbdclass - ok
16:28:25.0264 1076  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:28:25.0310 1076  kbdhid - ok
16:28:25.0342 1076  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:28:25.0373 1076  kdnic - ok
16:28:25.0388 1076  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
16:28:25.0435 1076  KeyIso - ok
16:28:25.0482 1076  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:28:25.0513 1076  KSecDD - ok
16:28:25.0560 1076  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:28:25.0591 1076  KSecPkg - ok
16:28:25.0622 1076  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:28:25.0669 1076  ksthunk - ok
16:28:25.0716 1076  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:28:25.0763 1076  KtmRm - ok
16:28:25.0810 1076  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:28:25.0856 1076  LanmanServer - ok
16:28:25.0888 1076  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:25.0934 1076  LanmanWorkstation - ok
16:28:25.0981 1076  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:28:26.0028 1076  lltdio - ok
16:28:26.0075 1076  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:28:26.0137 1076  lltdsvc - ok
16:28:26.0168 1076  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:28:26.0200 1076  lmhosts - ok
16:28:26.0231 1076  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:28:26.0262 1076  LSI_SAS - ok
16:28:26.0293 1076  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:28:26.0324 1076  LSI_SAS2 - ok
16:28:26.0356 1076  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:28:26.0387 1076  LSI_SCSI - ok
16:28:26.0418 1076  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:28:26.0449 1076  LSI_SSS - ok
16:28:26.0480 1076  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
16:28:26.0527 1076  LSM - ok
16:28:26.0558 1076  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:28:26.0621 1076  luafv - ok
16:28:26.0668 1076  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
16:28:26.0683 1076  megasas - ok
16:28:26.0714 1076  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:28:26.0761 1076  MegaSR - ok
16:28:26.0824 1076  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
16:28:26.0855 1076  MMCSS - ok
16:28:26.0870 1076  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
16:28:26.0933 1076  Modem - ok
16:28:26.0948 1076  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:28:26.0995 1076  monitor - ok
16:28:27.0026 1076  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:28:27.0058 1076  mouclass - ok
16:28:27.0073 1076  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:28:27.0104 1076  mouhid - ok
16:28:27.0136 1076  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:28:27.0167 1076  mountmgr - ok
16:28:27.0198 1076  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:28:27.0229 1076  mpsdrv - ok
16:28:27.0292 1076  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:28:27.0370 1076  MpsSvc - ok
16:28:27.0401 1076  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:28:27.0448 1076  MRxDAV - ok
16:28:27.0510 1076  [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:27.0557 1076  mrxsmb - ok
16:28:27.0604 1076  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:27.0650 1076  mrxsmb10 - ok
16:28:27.0666 1076  [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:27.0713 1076  mrxsmb20 - ok
16:28:27.0744 1076  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:28:27.0791 1076  MsBridge - ok
16:28:27.0838 1076  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
16:28:27.0884 1076  MSDTC - ok
16:28:27.0931 1076  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:28:27.0978 1076  Msfs - ok
16:28:28.0009 1076  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:28:28.0040 1076  msgpiowin32 - ok
16:28:28.0072 1076  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:28:28.0087 1076  mshidkmdf - ok
16:28:28.0119 1076  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:28:28.0150 1076  mshidumdf - ok
16:28:28.0165 1076  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:28:28.0196 1076  msisadrv - ok
16:28:28.0228 1076  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:28:28.0274 1076  MSiSCSI - ok
16:28:28.0290 1076  msiserver - ok
16:28:28.0321 1076  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:28:28.0368 1076  MSKSSRV - ok
16:28:28.0384 1076  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:28:28.0430 1076  MsLldp - ok
16:28:28.0462 1076  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:28.0493 1076  MSPCLOCK - ok
16:28:28.0524 1076  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:28:28.0571 1076  MSPQM - ok
16:28:28.0602 1076  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:28:28.0649 1076  MsRPC - ok
16:28:28.0711 1076  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:28:28.0727 1076  mssmbios - ok
16:28:28.0758 1076  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:28:28.0789 1076  MSTEE - ok
16:28:28.0805 1076  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:28:28.0852 1076  MTConfig - ok
16:28:28.0883 1076  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:28:28.0914 1076  Mup - ok
16:28:28.0930 1076  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:28:28.0961 1076  mvumis - ok
16:28:29.0008 1076  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
16:28:29.0070 1076  napagent - ok
16:28:29.0117 1076  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:28:29.0164 1076  NativeWifiP - ok
16:28:29.0210 1076  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:28:29.0257 1076  NcaSvc - ok
16:28:29.0273 1076  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:28:29.0304 1076  NcdAutoSetup - ok
16:28:29.0382 1076  [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:28:29.0444 1076  NDIS - ok
16:28:29.0476 1076  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:29.0522 1076  NdisCap - ok
16:28:29.0554 1076  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:28:29.0600 1076  NdisImPlatform - ok
16:28:29.0632 1076  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:29.0678 1076  NdisTapi - ok
16:28:29.0710 1076  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:29.0788 1076  Ndisuio - ok
16:28:29.0819 1076  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:29.0897 1076  NdisWan - ok
16:28:29.0897 1076  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:29.0944 1076  NDISWANLEGACY - ok
16:28:29.0959 1076  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:28:30.0037 1076  NDProxy - ok
16:28:30.0069 1076  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:28:30.0100 1076  Ndu - ok
16:28:30.0131 1076  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:28:30.0178 1076  NetBIOS - ok
16:28:30.0209 1076  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:28:30.0256 1076  NetBT - ok
16:28:30.0287 1076  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
16:28:30.0318 1076  Netlogon - ok
16:28:30.0349 1076  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
16:28:30.0412 1076  Netman - ok
16:28:30.0443 1076  [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:28:30.0505 1076  netprofm - ok
16:28:30.0583 1076  [ 06C59F7859970C445F09E233D607FA4C ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
16:28:30.0661 1076  netr28x - ok
16:28:30.0692 1076  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:30.0724 1076  NetTcpPortSharing - ok
16:28:30.0755 1076  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:28:30.0786 1076  nfrd960 - ok
16:28:30.0817 1076  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:28:30.0880 1076  NlaSvc - ok
16:28:30.0911 1076  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:28:30.0942 1076  Npfs - ok
16:28:30.0958 1076  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:28:31.0005 1076  npsvctrig - ok
16:28:31.0036 1076  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
16:28:31.0067 1076  nsi - ok
16:28:31.0098 1076  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:28:31.0145 1076  nsiproxy - ok
16:28:31.0223 1076  [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:28:31.0348 1076  Ntfs - ok
16:28:31.0395 1076  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
16:28:31.0410 1076  Null - ok
16:28:31.0426 1076  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:28:31.0473 1076  nvraid - ok
16:28:31.0488 1076  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:28:31.0519 1076  nvstor - ok
16:28:31.0535 1076  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:28:31.0566 1076  nv_agp - ok
16:28:31.0691 1076  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:28:31.0738 1076  odserv - ok
16:28:31.0785 1076  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:31.0800 1076  ose - ok
16:28:31.0847 1076  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:28:31.0894 1076  p2pimsvc - ok
16:28:31.0925 1076  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:28:31.0987 1076  p2psvc - ok
16:28:32.0019 1076  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
16:28:32.0050 1076  Parport - ok
16:28:32.0097 1076  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:28:32.0128 1076  partmgr - ok
16:28:32.0175 1076  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:28:32.0221 1076  PcaSvc - ok
16:28:32.0253 1076  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
16:28:32.0284 1076  pci - ok
16:28:32.0315 1076  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:28:32.0346 1076  pciide - ok
16:28:32.0393 1076  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:28:32.0440 1076  pcmcia - ok
16:28:32.0455 1076  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:28:32.0487 1076  pcw - ok
16:28:32.0518 1076  [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc             C:\Windows\system32\drivers\pdc.sys
16:28:32.0549 1076  pdc - ok
16:28:32.0596 1076  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:28:32.0658 1076  PEAUTH - ok
16:28:32.0752 1076  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:28:32.0783 1076  PerfHost - ok
16:28:32.0877 1076  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
16:28:32.0970 1076  pla - ok
16:28:33.0017 1076  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:28:33.0048 1076  PlugPlay - ok
16:28:33.0064 1076  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:28:33.0111 1076  PNRPAutoReg - ok
16:28:33.0157 1076  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:28:33.0189 1076  PNRPsvc - ok
16:28:33.0220 1076  [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64         C:\Windows\System32\drivers\point64.sys
16:28:33.0251 1076  Point64 - ok
16:28:33.0282 1076  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:28:33.0345 1076  PolicyAgent - ok
16:28:33.0396 1076  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
16:28:33.0442 1076  Power - ok
16:28:33.0473 1076  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:28:33.0520 1076  PptpMiniport - ok
16:28:33.0629 1076  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
16:28:33.0739 1076  PrintNotify - ok
16:28:33.0801 1076  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
16:28:33.0832 1076  Processor - ok
16:28:33.0895 1076  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:28:33.0941 1076  ProfSvc - ok
16:28:33.0973 1076  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:28:34.0035 1076  Psched - ok
16:28:34.0066 1076  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
16:28:34.0113 1076  QWAVE - ok
16:28:34.0144 1076  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:28:34.0175 1076  QWAVEdrv - ok
16:28:34.0191 1076  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:28:34.0238 1076  RasAcd - ok
16:28:34.0269 1076  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:34.0300 1076  RasAgileVpn - ok
16:28:34.0347 1076  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:28:34.0394 1076  RasAuto - ok
16:28:34.0425 1076  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:34.0472 1076  Rasl2tp - ok
16:28:34.0503 1076  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
16:28:34.0565 1076  RasMan - ok
16:28:34.0597 1076  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:34.0643 1076  RasPppoe - ok
16:28:34.0675 1076  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:28:34.0706 1076  RasSstp - ok
16:28:34.0737 1076  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:28:34.0768 1076  rdbss - ok
16:28:34.0815 1076  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:28:34.0862 1076  rdpbus - ok
16:28:34.0862 1076  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:28:34.0909 1076  RDPDR - ok
16:28:34.0956 1076  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:28:34.0987 1076  RdpVideoMiniport - ok
16:28:35.0002 1076  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:28:35.0049 1076  RDPWD - ok
16:28:35.0080 1076  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:28:35.0127 1076  rdyboost - ok
16:28:35.0158 1076  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:28:35.0205 1076  RemoteAccess - ok
16:28:35.0236 1076  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:28:35.0283 1076  RemoteRegistry - ok
16:28:35.0346 1076  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:28:35.0392 1076  RpcEptMapper - ok
16:28:35.0424 1076  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
16:28:35.0455 1076  RpcLocator - ok
16:28:35.0502 1076  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
16:28:35.0548 1076  RpcSs - ok
16:28:35.0595 1076  [ D38250F459BF60D6F4B69B79DCD948CC ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
16:28:35.0611 1076  RSP2STOR - ok
16:28:35.0658 1076  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:28:35.0704 1076  rspndr - ok
16:28:35.0736 1076  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
16:28:35.0798 1076  RTL8168 - ok
16:28:35.0813 1076  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:28:35.0860 1076  s3cap - ok
16:28:35.0892 1076  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
16:28:35.0923 1076  SamSs - ok
16:28:35.0954 1076  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:28:35.0985 1076  sbp2port - ok
16:28:36.0032 1076  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:28:36.0079 1076  SCardSvr - ok
16:28:36.0110 1076  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:28:36.0141 1076  scfilter - ok
16:28:36.0188 1076  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
16:28:36.0281 1076  Schedule - ok
16:28:36.0313 1076  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:28:36.0360 1076  SCPolicySvc - ok
16:28:36.0375 1076  [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:28:36.0422 1076  sdbus - ok
16:28:36.0453 1076  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:28:36.0500 1076  SDRSVC - ok
16:28:36.0531 1076  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:28:36.0562 1076  sdstor - ok
16:28:36.0594 1076  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:28:36.0625 1076  secdrv - ok
16:28:36.0640 1076  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
16:28:36.0703 1076  seclogon - ok
16:28:36.0734 1076  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
16:28:36.0781 1076  SENS - ok
16:28:36.0812 1076  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:28:36.0859 1076  SensrSvc - ok
16:28:36.0890 1076  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:28:36.0921 1076  SerCx - ok
16:28:36.0968 1076  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:28:36.0984 1076  Serenum - ok
16:28:37.0015 1076  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
16:28:37.0046 1076  Serial - ok
16:28:37.0062 1076  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:28:37.0093 1076  sermouse - ok
16:28:37.0155 1076  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
16:28:37.0202 1076  SessionEnv - ok
16:28:37.0218 1076  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:28:37.0264 1076  sfloppy - ok
16:28:37.0311 1076  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:28:37.0374 1076  SharedAccess - ok
16:28:37.0436 1076  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:37.0514 1076  ShellHWDetection - ok
16:28:37.0545 1076  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:28:37.0576 1076  SiSRaid2 - ok
16:28:37.0592 1076  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:28:37.0623 1076  SiSRaid4 - ok
16:28:37.0670 1076  [ AF5CC3F9B88F140D78FC967ABF0F4EC7 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
16:28:37.0686 1076  SmbDrv - ok
16:28:37.0701 1076  [ 19555D03CB179BED8B8AAA239A36BDA4 ] SmbDrvI         C:\Windows\System32\drivers\Smb_driver_Intel.sys
16:28:37.0717 1076  SmbDrvI - ok
16:28:37.0764 1076  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:28:37.0810 1076  SNMPTRAP - ok
16:28:37.0842 1076  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:28:37.0888 1076  spaceport - ok
16:28:37.0904 1076  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:28:37.0951 1076  SpbCx - ok
16:28:37.0982 1076  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
16:28:38.0044 1076  Spooler - ok
16:28:38.0169 1076  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:28:38.0388 1076  sppsvc - ok
16:28:38.0434 1076  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:28:38.0481 1076  srv - ok
16:28:38.0528 1076  [ C2106BB710AA34A046126AED7BCA6964 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:28:38.0575 1076  srv2 - ok
16:28:38.0606 1076  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:28:38.0653 1076  srvnet - ok
16:28:38.0700 1076  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:28:38.0746 1076  SSDPSRV - ok
16:28:38.0778 1076  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:28:38.0824 1076  SstpSvc - ok
16:28:38.0856 1076  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:28:38.0871 1076  stexstor - ok
16:28:38.0918 1076  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
16:28:38.0980 1076  stisvc - ok
16:28:39.0012 1076  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:28:39.0043 1076  storahci - ok
16:28:39.0074 1076  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
16:28:39.0090 1076  storflt - ok
16:28:39.0136 1076  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
16:28:39.0183 1076  StorSvc - ok
16:28:39.0230 1076  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:28:39.0246 1076  storvsc - ok
16:28:39.0292 1076  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
16:28:39.0355 1076  svsvc - ok
16:28:39.0386 1076  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
16:28:39.0417 1076  swenum - ok
16:28:39.0449 1076  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
16:28:39.0526 1076  swprv - ok
16:28:39.0558 1076  [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:28:39.0589 1076  SynTP - ok
16:28:39.0667 1076  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
16:28:39.0760 1076  SysMain - ok
16:28:39.0792 1076  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:28:39.0838 1076  SystemEventsBroker - ok
16:28:39.0870 1076  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:39.0901 1076  TabletInputService - ok
16:28:39.0932 1076  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:28:39.0979 1076  TapiSrv - ok
16:28:40.0072 1076  [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:28:40.0197 1076  Tcpip - ok
16:28:40.0244 1076  [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:28:40.0369 1076  TCPIP6 - ok
16:28:40.0478 1076  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:28:40.0540 1076  tcpipreg - ok
16:28:40.0572 1076  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:28:40.0603 1076  tdx - ok
16:28:40.0743 1076  [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service      C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
16:28:40.0775 1076  Te.Service ( UnsignedFile.Multi.Generic ) - warning
16:28:40.0775 1076  Te.Service - detected UnsignedFile.Multi.Generic (1)
16:28:40.0806 1076  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:28:40.0821 1076  terminpt - ok
16:28:40.0868 1076  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
16:28:40.0930 1076  TermService - ok
16:28:40.0946 1076  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
16:28:41.0008 1076  Themes - ok
16:28:41.0055 1076  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:28:41.0086 1076  THREADORDER - ok
16:28:41.0118 1076  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:28:41.0180 1076  TimeBroker - ok
16:28:41.0211 1076  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
16:28:41.0242 1076  TPM - ok
16:28:41.0289 1076  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
16:28:41.0320 1076  TrkWks - ok
16:28:41.0383 1076  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:41.0445 1076  TrustedInstaller - ok
16:28:41.0508 1076  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:28:41.0539 1076  TsUsbFlt - ok
16:28:41.0554 1076  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:28:41.0601 1076  TsUsbGD - ok
16:28:41.0617 1076  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:28:41.0679 1076  tunnel - ok
16:28:41.0695 1076  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:28:41.0726 1076  uagp35 - ok
16:28:41.0757 1076  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:28:41.0788 1076  UASPStor - ok
16:28:41.0820 1076  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:28:41.0867 1076  UCX01000 - ok
16:28:41.0882 1076  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:28:41.0945 1076  udfs - ok
16:28:41.0991 1076  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:28:42.0054 1076  UI0Detect - ok
16:28:42.0069 1076  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:28:42.0100 1076  uliagpkx - ok
16:28:42.0116 1076  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:28:42.0163 1076  umbus - ok
16:28:42.0194 1076  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:28:42.0225 1076  UmPass - ok
16:28:42.0272 1076  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
16:28:42.0335 1076  UmRdpService - ok
16:28:42.0366 1076  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
16:28:42.0428 1076  upnphost - ok
16:28:42.0459 1076  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:28:42.0553 1076  usbccgp - ok
16:28:42.0584 1076  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:28:42.0647 1076  usbcir - ok
16:28:42.0678 1076  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:28:42.0709 1076  usbehci - ok
16:28:42.0740 1076  [ 4875DC63E548812C75D4FDEF84970C89 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:28:42.0771 1076  usbfilter - ok
16:28:42.0802 1076  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:28:42.0849 1076  usbhub - ok
16:28:42.0881 1076  [ B7A948501424805571BF562BB0BFE31D ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:28:42.0943 1076  USBHUB3 - ok
16:28:42.0959 1076  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:28:43.0005 1076  usbohci - ok
16:28:43.0037 1076  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:28:43.0068 1076  usbprint - ok
16:28:43.0099 1076  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\Windows\System32\drivers\usbscan.sys
16:28:43.0130 1076  usbscan - ok
16:28:43.0146 1076  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:28:43.0177 1076  USBSTOR - ok
16:28:43.0208 1076  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:28:43.0255 1076  usbuhci - ok
16:28:43.0286 1076  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:28:43.0317 1076  usbvideo - ok
16:28:43.0349 1076  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:28:43.0395 1076  USBXHCI - ok
16:28:43.0411 1076  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
16:28:43.0458 1076  VaultSvc - ok
16:28:43.0473 1076  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:28:43.0505 1076  vdrvroot - ok
16:28:43.0551 1076  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
16:28:43.0629 1076  vds - ok
16:28:43.0661 1076  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:28:43.0692 1076  VerifierExt - ok
16:28:43.0723 1076  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:28:43.0770 1076  vhdmp - ok
16:28:43.0801 1076  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
16:28:43.0832 1076  viaide - ok
16:28:43.0863 1076  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:28:43.0879 1076  vmbus - ok
16:28:43.0910 1076  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:28:43.0941 1076  VMBusHID - ok
16:28:43.0973 1076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:28:44.0019 1076  vmicheartbeat - ok
16:28:44.0035 1076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:28:44.0066 1076  vmickvpexchange - ok
16:28:44.0082 1076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:28:44.0113 1076  vmicrdv - ok
16:28:44.0144 1076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:28:44.0175 1076  vmicshutdown - ok
16:28:44.0191 1076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:28:44.0222 1076  vmictimesync - ok
16:28:44.0238 1076  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:28:44.0285 1076  vmicvss - ok
16:28:44.0300 1076  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:28:44.0331 1076  volmgr - ok
16:28:44.0363 1076  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:28:44.0409 1076  volmgrx - ok
16:28:44.0441 1076  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:28:44.0487 1076  volsnap - ok
16:28:44.0519 1076  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
16:28:44.0550 1076  vpci - ok
16:28:44.0581 1076  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:28:44.0628 1076  vsmraid - ok
16:28:44.0690 1076  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
16:28:44.0815 1076  VSS - ok
16:28:44.0831 1076  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:28:44.0877 1076  VSTXRAID - ok
16:28:44.0909 1076  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:28:44.0955 1076  vwifibus - ok
16:28:44.0987 1076  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:45.0033 1076  vwififlt - ok
16:28:45.0049 1076  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:45.0080 1076  vwifimp - ok
16:28:45.0127 1076  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
16:28:45.0174 1076  W32Time - ok
16:28:45.0205 1076  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:28:45.0236 1076  WacomPen - ok
16:28:45.0267 1076  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:28:45.0299 1076  Wanarp - ok
16:28:45.0299 1076  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:28:45.0330 1076  Wanarpv6 - ok
16:28:45.0408 1076  [ 901CC968412F8155B08D7ABE0171166A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
16:28:45.0470 1076  WAS - ok
16:28:45.0533 1076  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
16:28:45.0626 1076  wbengine - ok
16:28:45.0657 1076  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:28:45.0704 1076  WbioSrvc - ok
16:28:45.0751 1076  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:28:45.0798 1076  Wcmsvc - ok
16:28:45.0845 1076  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:28:45.0891 1076  wcncsvc - ok
16:28:45.0923 1076  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:45.0969 1076  WcsPlugInService - ok
16:28:46.0016 1076  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
16:28:46.0047 1076  Wd - ok
16:28:46.0063 1076  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:28:46.0094 1076  WdBoot - ok
16:28:46.0141 1076  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:28:46.0188 1076  Wdf01000 - ok
16:28:46.0219 1076  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:28:46.0250 1076  WdFilter - ok
16:28:46.0313 1076  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:28:46.0391 1076  WdiServiceHost - ok
16:28:46.0391 1076  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:28:46.0453 1076  WdiSystemHost - ok
16:28:46.0469 1076  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
16:28:46.0531 1076  WebClient - ok
16:28:46.0562 1076  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:28:46.0625 1076  Wecsvc - ok
16:28:46.0640 1076  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:28:46.0703 1076  wercplsupport - ok
16:28:46.0718 1076  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:28:46.0796 1076  WerSvc - ok
16:28:46.0828 1076  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:28:46.0874 1076  WFPLWFS - ok
16:28:46.0890 1076  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:28:46.0937 1076  WiaRpc - ok
16:28:46.0952 1076  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:28:46.0983 1076  WIMMount - ok
16:28:47.0015 1076  WinDefend - ok
16:28:47.0077 1076  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:28:47.0139 1076  WinHttpAutoProxySvc - ok
16:28:47.0202 1076  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:28:47.0233 1076  Winmgmt - ok
16:28:47.0327 1076  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:28:47.0451 1076  WinRM - ok
16:28:47.0498 1076  [ 4F2A80D65AE6F845776E2F06AE6782ED ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
16:28:47.0514 1076  WirelessButtonDriver - ok
16:28:47.0592 1076  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:28:47.0670 1076  WlanSvc - ok
16:28:47.0748 1076  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:28:47.0841 1076  wlidsvc - ok
16:28:47.0888 1076  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:28:47.0935 1076  WmiAcpi - ok
16:28:47.0966 1076  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:28:48.0013 1076  wmiApSrv - ok
16:28:48.0044 1076  WMPNetworkSvc - ok
16:28:48.0075 1076  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:28:48.0153 1076  wpcfltr - ok
16:28:48.0185 1076  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:28:48.0231 1076  WPCSvc - ok
16:28:48.0247 1076  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:28:48.0294 1076  WPDBusEnum - ok
16:28:48.0325 1076  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:28:48.0356 1076  WpdUpFltr - ok
16:28:48.0403 1076  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:28:48.0419 1076  ws2ifsl - ok
16:28:48.0450 1076  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:28:48.0497 1076  wscsvc - ok
16:28:48.0512 1076  WSearch - ok
16:28:48.0606 1076  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
16:28:48.0762 1076  WSService - ok
16:28:48.0902 1076  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
16:28:49.0027 1076  wuauserv - ok
16:28:49.0058 1076  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:28:49.0089 1076  WudfPf - ok
16:28:49.0105 1076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:28:49.0152 1076  WUDFRd - ok
16:28:49.0183 1076  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:28:49.0230 1076  wudfsvc - ok
16:28:49.0261 1076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:49.0324 1076  WUDFWpdFs - ok
16:28:49.0355 1076  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:28:49.0417 1076  WwanSvc - ok
16:28:49.0464 1076  ================ Scan global ===============================
16:28:49.0542 1076  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
16:28:49.0589 1076  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
16:28:49.0620 1076  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
16:28:49.0713 1076  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
16:28:49.0729 1076  [Global] - ok
16:28:49.0745 1076  ================ Scan MBR ==================================
16:28:49.0776 1076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:28:49.0932 1076  \Device\Harddisk0\DR0 - ok
16:28:49.0948 1076  ================ Scan VBR ==================================
16:28:49.0948 1076  [ 6F8DA339B7DAC3368B1C576D3D4091F4 ] \Device\Harddisk0\DR0\Partition1
16:28:49.0948 1076  \Device\Harddisk0\DR0\Partition1 - ok
16:28:49.0994 1076  [ 216056526544C32BFC585E260FF4E59A ] \Device\Harddisk0\DR0\Partition2
16:28:49.0994 1076  \Device\Harddisk0\DR0\Partition2 - ok
16:28:50.0010 1076  [ 62D149ADBE3E8863DDEF557DA85E5E8A ] \Device\Harddisk0\DR0\Partition3
16:28:50.0010 1076  \Device\Harddisk0\DR0\Partition3 - ok
16:28:50.0026 1076  [ 90B81A0EFA454B2B8396FB5C53AA6976 ] \Device\Harddisk0\DR0\Partition4
16:28:50.0026 1076  \Device\Harddisk0\DR0\Partition4 - ok
16:28:50.0057 1076  [ 714FC2300270B0FBB45DC01F40072D0B ] \Device\Harddisk0\DR0\Partition5
16:28:50.0072 1076  \Device\Harddisk0\DR0\Partition5 - ok
16:28:50.0072 1076  ============================================================
16:28:50.0072 1076  Scan finished
16:28:50.0072 1076  ============================================================
16:28:50.0088 0380  Detected object count: 4
16:28:50.0088 0380  Actual detected object count: 4
16:29:11.0810 0380  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0810 0380  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:11.0810 0380  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0810 0380  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:11.0810 0380  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0810 0380  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:11.0826 0380  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0826 0380  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:23.0668 0348  Deinitialize success
         
Danke für die Geduld!
Grüße Christoph

Alt 25.04.2013, 16:27   #11
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Servus,



wir entfernen noch ein paar Reste und kontrollieren nochmal alles:






Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:files
C:\Users\Hrl\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe
C:\Windows\Prefetch\SOFTONICDOWNLOADER_FUER_SENSI-BB758226.pf

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]
[-HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 25.04.2013, 17:17   #12
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Guten Abend,
Code:
ATTFilter
All processes killed
========== FILES ==========
File\Folder C:\Users\Hrl\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi not found.
File\Folder C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1 not found.
File\Folder C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe not found.
File\Folder C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe not found.
File\Folder C:\Windows\Prefetch\SOFTONICDOWNLOADER_FUER_SENSI-BB758226.pf not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hrl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17574930 bytes
->Flash cache emptied: 22726 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2177664 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209702518 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 16078926593 bytes
 
Total Files Cleaned = 15*553,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04252013_181044

Files\Folders moved on Reboot...
C:\Users\Hrl\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.25.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Hrl :: CHRISTOPH [Administrator]

25.04.2013 18:23:04
mbam-log-2013-04-25 (18-23-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213750
Laufzeit: 5 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 25.04.2013, 18:44   #13
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Servus,


bist du dir sicher, dass du den OTL-Fix richtig ausgeführt hast?

Fehlen noch ESET und SecurityCheck.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Alt 26.04.2013, 04:35   #14
christoph03
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Guten Morgen,
sicher bin ich mir bei pc Dingen NIE.
Allerdings könnte ich nicht sagen, WAS ich falsch gemacht haben könnte.
ESET hat über die ganze Nacht "gearbeitet" oder auch nicht - mußte mich in der Früh neu am pc anmelden - und stand erst nach 11 Stunden bei 46%.
Poste daher nur Teilergebnis, weil ich meinen einzigen pc brauche.
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=302766fd6fc0d14593c52bdb5d24776a
# engine=13695
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-26 03:30:08
# local_time=2013-04-26 05:30:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 128246 23676920 0 0
# scanned=132496
# found=0
# cleaned=0
# scan_time=39326
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
   x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Alt 26.04.2013, 10:13   #15
M-K-D-B
/// TB-Ausbilder
 
BSOD-Maustreiber oder doch Virus? - Standard

BSOD-Maustreiber oder doch Virus?



Servus,



Malware sehe ich keine mehr, scheint in der Tat wohl eher ein Problem mit dem Maustreiber zu sein.
In diesem Bereich des Forums könntest du dein Anliegen noch schildern:
Netzwerk und Hardware



Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Sofern verwendet, starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 2
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  • Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.





Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC


Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links:
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern

=========================

Das Trojaner-Board unterstützen

Antwort

Themen zu BSOD-Maustreiber oder doch Virus?
abstürze, aktuelle, allgemein, amd, angezeigt, arbeitsspeicher, beliebige, betrieb, bluescreens, fehler, folge, grafikkarte, laptop, maus, microsoft, mäuse, neue, neuen, problem, radeon, touchpad, treiber, version., virus, virus?, windows, wireless



Ähnliche Themen: BSOD-Maustreiber oder doch Virus?


  1. PC schaltet ab Temperatur Problem oder doch Virus
    Netzwerk und Hardware - 08.07.2014 (5)
  2. BKA Virus - oder doch nicht?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2013 (23)
  3. Ein Virus? oder doch nur eine Einstellungssache des Laptops?
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (12)
  4. Google Redirect Virus oder doch nicht?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (42)
  5. Virenprogramme versagen oder ist es doch kein Virus?
    Log-Analyse und Auswertung - 24.12.2012 (2)
  6. VIRUS oder doch nicht
    Plagegeister aller Art und deren Bekämpfung - 06.08.2011 (1)
  7. Virus oder doch nicht?
    Plagegeister aller Art und deren Bekämpfung - 21.07.2011 (44)
  8. Virus/Trojaner oder doch Wurm
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (9)
  9. Virus, Trojaner oder doch Hardwaredefekt?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2009 (2)
  10. Malware.trace network\UID Zlob oder doch anderer Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2008 (1)
  11. Trojaner Gorshok.a was nun Fehler oder doch echter Virus ?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2008 (3)
  12. Troianisches Pferd - Virus oder doch keiner? bitte helft mir
    Plagegeister aller Art und deren Bekämpfung - 28.09.2007 (13)
  13. Störung des Provides oder doch ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2007 (2)
  14. Ist doch nix dabei oder?
    Log-Analyse und Auswertung - 19.11.2006 (3)
  15. Virus oder doch Windows-Fehler??? Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 12.11.2006 (1)
  16. mp3-virus? oder doch ein anderes problem?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2005 (6)
  17. Böswilliger Exploit??? Oder doch nen Virus??
    Plagegeister aller Art und deren Bekämpfung - 11.09.2005 (1)

Zum Thema BSOD-Maustreiber oder doch Virus? - Hallo aus Wien, darf ich mich mit folgendem Problem an Sie wenden? Gegen Jahreswechsel 2012/13 hab ich mir einen neuen Laptop zugelegt, Windows 8 war vorinstalliert, 64 bit Version. Prozessor - BSOD-Maustreiber oder doch Virus?...
Archiv
Du betrachtest: BSOD-Maustreiber oder doch Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.