Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Online Banking gesperrt - Schadsoftware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.05.2013, 14:47   #1
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Hallo liebe Trojanerbekämpfer!

Da mein Online Banking bei der Sparkasse aufgrund einer Schadsoftware gesperrt wurde, habe ich gleich einmal danach gegoogelt und bin hier aufs Forum gestoßen. Hier habe ich auch schon gesehen, dass ich nicht der einzige mit dem Problem bin. Ich hoffe ihr könnt mir helfen die Schadsoftware (oder was sich da auch eingenistet hat) zu beseitigen ohne dass ich meinen PC neu aufsetzten muss.

Ich habe nun gleich einmal den OTL Scan gemacht wie er in einem Thread beschrieben wird. Hier die LOGs:

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 30.05.2013 15:27:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,01% Memory free
8,25 Gb Paging File | 6,27 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): c:\pagefile.sys 5120 6144i:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,52 Gb Total Space | 33,37 Gb Free Space | 36,87% Space Free | Partition Type: NTFS
Drive D: | 295,37 Gb Total Space | 66,80 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
Drive X: | 79,87 Gb Total Space | 32,46 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009F94DA-CBD8-407D-B0FE-9CB775C3BC8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{06D1948F-644C-4896-9BA9-0F7930F33C83}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{09E2BE97-1853-4E8F-BBA5-175CC1E99FF3}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery | 
"{0A0C3620-F7EC-4DBB-96B4-30F79F3370EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{11E6253B-2AB5-4B6B-9480-B3D848E7A8C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11F9AEE4-E398-4917-BB06-437088F52DE4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1787A7F2-B295-44BF-81B0-035B2C2E07DD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{18847473-1DE7-43F1-AB45-803A65400366}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{1AAD2B6A-D4E3-4916-AAA9-5E75F603A89D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{25A9BE02-A3FD-4499-BEFD-B2CAE381AC3F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{296F624C-116D-4646-A214-65594CFB1109}" = rport=445 | protocol=6 | dir=out | app=system | 
"{29F79B7C-0383-43A8-BA1F-B117C93718F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C93F55C-D159-4D40-950D-3AE60DB785C1}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery | 
"{33128945-6BA1-4CB0-A224-35D3F582EFDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3AF46097-BAEB-4785-9D2B-BCFCF8F301CD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{53B3E999-04A1-460F-85C9-302A57922D65}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections | 
"{5DADB6ED-1E47-4C26-BA62-51143052A917}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{6F6F5851-94D4-479A-8145-D386544A3C62}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections | 
"{7112BBAB-AFB3-4B40-9600-73D67229D637}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{771D0B2A-5DDD-4D87-BDC9-2A771DBC4F47}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7DB7CAD4-F2B5-4345-86E5-E9FA0D7FEEBF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{7FC16EDE-C651-43DE-AD86-6312388BD8B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{876108B7-FC34-4868-B688-48E1F178CA63}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{889459E7-1CE6-4F0D-BB69-687DBDB6A550}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8B494AC4-D0CD-4321-B8E9-959A51691A2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B6231EA-2FA9-4435-A8A8-20F7F76F2973}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8FC4E2DF-485C-463E-B9E0-D6CCD399A3E4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9054ABC2-4A7A-407B-8E3D-7CA6FDE899C8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9ADF84D8-C2B5-4ABB-8635-E3C107DD47DD}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{A3FC3E23-1598-4D8A-9A1C-68E548AC155E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A7688D13-FAC9-4F35-B75C-9311F9C2E210}" = lport=5656 | protocol=17 | dir=in | name=gremoteserver udp port | 
"{B027759C-962F-4611-BB6E-9F1C786C2CFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3A39DEF-CEC9-4469-9164-DFF31FEDAB8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C728CAA3-0AB4-4140-AC55-6E5BA3FB5D78}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{DF16FFA5-3563-4F3B-845B-FC47ECAEBE5B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E3842230-9BF2-4295-8F2C-A9F72ECDC71B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{E9CE0F33-B64D-4552-BFE5-35450376A2C4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EA45B1D4-9274-495F-98F3-07150856F107}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ECFBB29A-CF1F-459C-A580-01148721A594}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EDF0DF3E-95D3-427F-8F16-9E8EF6D04034}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F78FEC8E-35F4-472F-A335-8DA512B6CF39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{FD7BDD81-213E-46D0-B724-11429D2342F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FFBDD387-7D4B-4851-9B39-407BACDFF3C9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E26137-D535-4208-A7F5-AF2FED065BB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{035E12E6-3041-45F2-B98F-A39CB7132580}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0375961E-0337-45E3-98F3-07D6EA3C3A29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05908347-5937-4C8F-BD84-E8AF76D9A056}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | 
"{068BD1D5-DD5F-444C-ACD6-E1F89A1B06F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{072C8F0F-1518-4BC7-BAD3-0E5A83C37DC2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{07CE84FD-A1A4-489C-80AC-45CC8EA138FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0DFDFD8D-606C-408B-B661-124C7DBF418A}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe | 
"{0F51F023-80D5-4E9F-B560-BDDE721B9D9E}" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"{15AEE56B-468F-4D87-A49B-ED162E20C3D1}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{1625F215-C211-4179-98CC-BF27DEE62FD5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{16ACE72D-4508-4F23-864E-4DA498DA45A4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1966F879-ED7C-4D05-898C-1DCD62B789C9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe | 
"{19ACBC3C-CB74-49B5-ACDF-249C76A12F64}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\3dsmax.exe | 
"{1F027B75-4715-4862-AAA6-5D10FE6AEC15}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{21C602CF-B9DB-4D32-A3A8-2AA9179A04C8}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe | 
"{223E1DBF-856C-4BC9-9557-76B62605682B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{261143D8-A802-4762-BE48-95D2F325A54E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2933F36D-59CB-4EE0-83BA-1D54D8C6AE85}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2A160773-B1AA-40A2-895A-8B082E7EEE9B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2B55B782-7692-4F1C-8552-DB3EEC09DD6F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2C817F02-3C3F-44FF-A1FF-2313488F77CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2CA99137-DF28-4712-8686-4FBD5A7F32CB}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\goodsync.exe | 
"{2E0AB9EB-13EA-43E6-B368-8D7DD5C2F4A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3120431D-16B5-4958-BDD3-8ECA53963D15}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\gs-server.exe | 
"{32776A0C-1EDA-489C-ACE9-A62BAF7CD539}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{327EAF38-4580-4DA3-9C13-09950D08E21A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{340DA129-306B-4B9D-BEC0-D1D24C91B0C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{352F6E09-8002-40FC-8EEE-42CA31A80061}" = protocol=6 | dir=in | app=d:\program files\idisplay\idisplay.exe | 
"{36854603-C330-4B4F-93C5-D194DFE3CC1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{368EE2D9-648C-4D55-A169-4D856140FF8D}" = protocol=6 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | 
"{38E459E0-3761-4859-96B4-2B68E69D31A8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{38F0B886-E2E0-4947-A48F-3EC918F46B7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E9D864D-47E8-415E-9657-60DAB604C1AA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3F30BB61-32DB-4377-93A4-7D0E0D4AB580}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{42321214-143B-490A-A986-102118775D6F}" = protocol=6 | dir=in | app=c:\program files\backburner 2\server.exe | 
"{426C7343-414E-4A12-8C9E-F096605507D7}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | 
"{42E9ACA5-A052-4476-AAC9-DADCA657D3E1}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe | 
"{45B7934F-31D9-421B-A78E-1D5B2AC89DAB}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\gsexplorer.exe | 
"{47C8606C-5EA6-4067-BA7C-50B351933472}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{48FD44FF-7B34-4949-9325-6FE2C77D4CBA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4B9CFE6D-FB20-48BC-B5A6-054E40C733A5}" = protocol=17 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | 
"{4BDD1781-90FE-413F-9221-42B49E0EB81C}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe | 
"{4F29CF7F-45AE-44EA-9188-C4C5C9404B51}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{51D3B1D0-98F7-402A-84AB-DCFA15CA50EB}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{51F988AA-0F16-4BA0-823A-CADADE58F8B2}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe | 
"{52354824-D402-487A-AE2E-1E843E485363}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{591C0695-2D57-45E8-97F5-C8791C6A185E}" = protocol=6 | dir=out | app=system | 
"{5AEBED2F-1CB5-4A09-AC36-BA5D7AC10D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5C939CAA-29CD-4F53-A7C5-F1CAC87292DC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5D77A730-2A69-43E4-B173-1A87AAA30E26}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\manager.exe | 
"{615FDF69-E1AC-4D8A-89E1-67475C23B3A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{62E96D18-CC00-49DE-8F38-0F07EE2948BB}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{669F3289-ED87-47CE-997C-946F54BCA972}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{694EB7EA-85F4-4E99-A1E0-B2147CD492D7}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6D9B4F4B-4073-425A-BAD8-9434626961A2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6F5C7B5A-392C-4213-B454-0F391AC28F0F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6FC9F265-7215-4EC4-B1D5-02C486A37B8B}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3.exe | 
"{73C882FE-805B-4006-BE8B-B6DDC44E186E}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | 
"{7C26D67B-19EE-4DD7-8D17-C7B8F12B5A20}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"{82909D90-CA4D-4A13-89EB-8E0260706FCC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{82C1B06C-8959-499E-87B6-2C51DDF6AAC3}" = protocol=6 | dir=in | app=d:\program files\siber systems\goodsync\goodsync.exe | 
"{8A0BA3F2-9470-42D8-96E7-FE9A169DB7AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8AD93B54-D05A-4708-8833-E01255A84DD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8B0A0DC5-8C74-41BA-9024-488CD78FD01E}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe | 
"{8BFB7093-8B09-4B34-95F4-0D0117155524}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | 
"{8C1F23BD-E20C-402F-987C-56007C4BA3B9}" = protocol=17 | dir=in | app=c:\program files\backburner 2\server.exe | 
"{8D4B2110-75FC-4C64-9FC5-EBBFD11D4FBE}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\gs-server.exe | 
"{8FB52C9D-BBFD-4644-80C4-B8F2E63C7F35}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{90183AC0-B8E1-425A-A317-9CE761F8CAEC}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\manager.exe | 
"{937A28EA-3E96-410D-B294-3EBF3876C5F2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbupswx.exe | 
"{951D2E66-D162-43CA-94D7-BFB49C907084}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95D2B67E-8207-4038-8089-AE94A2D8CD0B}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\server.exe | 
"{992AF70C-8CEF-48A4-87EA-A2F1ABCA08C1}" = protocol=17 | dir=in | app=c:\program files\backburner 2\monitor.exe | 
"{99D09D79-B9AC-46E4-87BF-E1F981014DE3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9AEFC9E4-1E48-4070-BA36-30D444131913}" = protocol=6 | dir=in | app=c:\program files\backburner 2\monitor.exe | 
"{9D5EE270-9B9B-4442-9477-A36491868858}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe | 
"{9E7A0B81-AFA4-407E-A7EA-AFDE3437A1E5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9F2B409E-16EC-4966-990E-7C639985CCB7}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{A3F0A002-7EBB-4D0B-A7EE-89ED3B0FB9C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A5C8C719-6E5E-42A1-A42A-556C4624E940}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AC462C6B-6BF5-458C-B67E-F895AB4EF239}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3y.exe | 
"{ADC8156F-D5EE-4BEC-A852-77EF3BF8A688}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B06EEEEE-3EE4-43F7-B4B0-F28879FC6DD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1C05667-57B1-44AE-945B-A9D64A3ED774}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | 
"{B41BC928-7536-4684-A307-2CA17AE78402}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B56ADB45-742F-443A-9B5D-DA5B83670298}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B606879E-95CC-4EA2-AA5F-3A9272C07B40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B635AA8A-2ED0-450A-8BB9-D8C30CC2AAC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8D8996A-71E0-46C9-A49B-5F3D2BA60C33}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{B8F0F1B0-DF66-45F2-986A-75B03D6EE072}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BC0FB2B8-CF73-4C6D-B7CD-299EE792D254}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe | 
"{BDE2D687-0055-40FB-AC4E-F8E379BA06EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BE7A5EBF-B7CE-4D5A-A996-81CE9FDC1AF1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbupswx.exe | 
"{BE872ABA-FE1B-4A1E-912E-DC5795724E88}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BF552EE1-8E94-4100-B023-A72F2AD8DFD0}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{C0EBE799-EFEA-40AD-B9B0-D5A3E3C83C44}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\server.exe | 
"{C149A3BB-48A0-40B4-B60D-7C4B6667144C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C14B69C3-3A1B-4301-8C71-D16B9E511E36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C39398DF-1DB2-4EC8-80C2-2544B358C975}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C53E7953-74DC-4320-AC44-D5B798DAC4DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C55AA09B-5525-4FE2-A6EB-FE17E44E1B92}" = protocol=6 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe | 
"{CD502786-FA52-4F1E-B195-031C915833EE}" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | 
"{CD7BC678-DAD4-42B2-888F-85E10DABB878}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CE20CE75-6E56-4C46-B6F9-729977790F76}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe | 
"{CFCDCFF8-61A6-48FF-9149-D066CAC41D10}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"{D052D553-11B4-457E-9ACD-BB5B26BBCA06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D45501EB-FEC5-46A5-AACE-41F3342A73A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D55F51D7-F784-4F67-8AB4-02D1816868AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D7E37804-02D9-44BE-8E60-F0396E11312D}" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"{D97D1A9B-9C6A-443B-B496-5301699D85C8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D9A34361-1FF4-4A6F-B322-F2BCBF841B16}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBDDC718-2424-40FF-A660-6016C0B35062}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC38B7A1-7A19-4572-B804-231FA9CB50E3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DC551ABC-F82D-4790-8BAE-591A9829533C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DDA1CA55-32DD-4E60-BB67-699197D1FAF8}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe | 
"{DDE7E29B-05BA-4E5A-8181-03661C71A136}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | 
"{DE070C7C-2D36-4F1B-958A-703CD2B84E8C}" = protocol=6 | dir=in | app=d:\program files\smartftp client\smartftp.exe | 
"{DF43F3F7-7B1B-452B-927E-FDEDF48E7B7A}" = protocol=17 | dir=in | app=d:\program files\autodesk\3ds max 2010\3dsmax.exe | 
"{DFEEA257-873B-4630-82AB-9AACA41BFDD0}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{E114EFDB-4644-40C8-AE70-713830269671}" = protocol=17 | dir=in | app=c:\program files\backburner 2\manager.exe | 
"{E202C588-7DD2-48E8-B46A-A91AAEFA4A5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2DBD22A-1ED6-4296-8BA9-7122C581BCFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4DEB344-75BB-477B-AD79-85DD288615D7}" = protocol=17 | dir=in | app=d:\program files\idisplay\idisplay.exe | 
"{E5605F38-7950-458D-BDD0-75D40AA6352C}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires iii\age3y.exe | 
"{E723A605-7E07-4C14-AC5C-96E4F64D20A7}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{E78E6DBB-2928-497A-8A31-607565F791D2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E880C361-C135-451E-A136-34181AAA1844}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED0B4C47-FA5E-4F0C-9209-6330535D9419}" = protocol=17 | dir=in | app=d:\program files\siber systems\goodsync\gsexplorer.exe | 
"{F12CCF94-7941-414A-9FB4-966B0208590D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F3239163-F0AF-4759-B0F1-31DF2F31CB44}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe | 
"{F6963C29-9F24-4AD6-BC27-F6B01B418D4D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F832AC05-3A68-4054-8915-99D2176CDE09}" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | 
"{FB225D7F-CECC-4854-A40B-E36D48C19D49}" = protocol=6 | dir=in | app=c:\program files\backburner 2\manager.exe | 
"{FE817B56-B7F1-4436-901B-449D36087CE8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{059C752D-1FC9-44FF-9A50-F27E5B46BA24}D:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=d:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe | 
"TCP Query User{0BA3652B-F4B5-4662-AF88-B1970C5A7044}D:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"TCP Query User{136E423E-34A7-448A-A643-791DB8C12AB9}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{1A25D4C9-0F54-4D46-9E7F-4485009BF066}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{1EDEAD11-6D23-43C0-8CC6-FA0061F14AA7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{21C2D761-EDDE-4B5F-BA93-3325F2A125D2}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"TCP Query User{3400678C-1FAF-482A-A952-9C6FA6DAFDD6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3BE6D1F8-1DF8-465D-967B-6A0EAD4E9B3B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{4A7B64B0-D97C-450E-910B-F8D222DAF7A6}D:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | 
"TCP Query User{4BD62CB5-8702-4025-BAA1-FA0A6E8ECFD6}D:\program files\idisplay\idisplay.exe" = protocol=6 | dir=in | app=d:\program files\idisplay\idisplay.exe | 
"TCP Query User{4C7C430B-31B0-4530-91A0-EB26BC91A343}D:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"TCP Query User{551C577B-B3A2-4AE8-AB9B-E66E100CF79E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{56E35F55-8B7B-45BD-9376-B95952327BF6}D:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | 
"TCP Query User{5AFB474E-1409-4EA9-A864-A07C2269352E}X:\fsx\aerosoft\airbus x\airbusxconnect.exe" = protocol=6 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | 
"TCP Query User{5DC31A97-624E-4481-98B0-22036563013A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{6AF74A2F-6B52-49BA-8B37-345F4362A782}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{6DFB3240-5D39-40F0-B32D-95048128E4A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{781BC3BA-B39F-43CF-96F0-13E733ED2075}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{83A15E0A-2A60-4865-A452-028EBD9ED5AE}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{83B38E4D-B4F8-4D8A-9928-FF393831DDB2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{924F1177-3C84-49B9-80CB-ADDDC2862353}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{AAA5B836-1CD0-4A4B-BAB4-D9B64A4D3C43}D:\program files\netcommy\netcommy.exe" = protocol=6 | dir=in | app=d:\program files\netcommy\netcommy.exe | 
"TCP Query User{D4F45617-B12A-4493-A1F1-BC095D735EE7}D:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | 
"TCP Query User{DAFB5FC9-A974-4FE4-A91B-C10F45E675F7}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{E3C68974-81CE-4651-9A9B-810811B24F1E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{E8C37F4E-EC7F-4533-851D-02FA1190CFAC}D:\program files\netcommy\netcommy.exe" = protocol=6 | dir=in | app=d:\program files\netcommy\netcommy.exe | 
"TCP Query User{F15E12E7-0BB0-4B20-A258-89EDC6C5D200}C:\program files\apm planner\ardupilotmegaplanner10.exe" = protocol=6 | dir=in | app=c:\program files\apm planner\ardupilotmegaplanner10.exe | 
"TCP Query User{F7E7CD97-C1D5-459D-A531-85122A0ECAA3}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{0B3FF12A-4257-44F8-BE08-43F033F9B79E}D:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\cnext.exe | 
"UDP Query User{0EFB661D-39C1-4CBA-B41D-C05DF1960852}D:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=d:\users\martin\desktop\my mobile\mymobiler\mymobiler.exe | 
"UDP Query User{22D2C70F-D75B-472B-AC69-3B2B36C2425D}C:\program files\apm planner\ardupilotmegaplanner10.exe" = protocol=17 | dir=in | app=c:\program files\apm planner\ardupilotmegaplanner10.exe | 
"UDP Query User{2528374E-F523-48DE-B4B9-F4A14D99C53B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{2B491EE1-5012-4AAF-89B8-89294E7175B2}D:\program files\netcommy\netcommy.exe" = protocol=17 | dir=in | app=d:\program files\netcommy\netcommy.exe | 
"UDP Query User{2D41A54B-D1D1-4827-9A90-336373FDCC3A}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{30A93AE1-CBAD-46B7-B681-65571E57BFE8}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{317CF065-C65C-4535-93E4-814BDC84D0E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3A84B6EA-F33E-4210-9586-D5F1A3DC6A99}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{3E76244C-96C2-49EA-8EE2-17137AD30318}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{402F8884-F988-483A-AB17-5D6927643736}X:\fsx\aerosoft\airbus x\airbusxconnect.exe" = protocol=17 | dir=in | app=x:\fsx\aerosoft\airbus x\airbusxconnect.exe | 
"UDP Query User{4BAC178C-8AC0-4A2E-BB71-761F73B8432B}D:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{4F475238-25A2-46B2-A03D-F4BB4EC6B8C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{56268A59-A90D-4BB1-94B7-62A84DDB7899}D:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\cnext.exe | 
"UDP Query User{5F85D056-1694-41F9-A040-F89B4BAC7370}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{882A0A0F-1E98-41B7-AA79-4DAAC9E39AB3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8DCA4174-8EA5-4B2D-8004-D834F0094743}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{91D47CDA-40AA-44FB-B50F-46181055F9A1}D:\program files\idisplay\idisplay.exe" = protocol=17 | dir=in | app=d:\program files\idisplay\idisplay.exe | 
"UDP Query User{B7165220-5A9D-4CF0-94E9-39DD65E162DB}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{B8DBB5C1-7CD0-4F0C-B52B-BA2CC1F7B57F}D:\program files\netcommy\netcommy.exe" = protocol=17 | dir=in | app=d:\program files\netcommy\netcommy.exe | 
"UDP Query User{C9F985FD-E2BF-4F9B-94D5-6EEA9900E82B}D:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{CF6957E8-63D7-482B-BA5F-B896B19CCD1A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D380BC74-21AF-4B7B-B970-6660C0A0D147}D:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\b18\intel_a\code\bin\orbixd.exe | 
"UDP Query User{D8A13A2F-4DD1-4FDA-8117-6402A378507A}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{DFC2CBF5-1B6B-4876-8286-9FFD23E85F3E}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe | 
"UDP Query User{E68B1C36-A389-4BB3-8B03-AE8C5C9A0673}D:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\program files\dassault systemes\r20b20\intel_a\code\bin\orbixd.exe | 
"UDP Query User{F6416E5F-D574-4BAA-86A1-9C160B91AB97}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{F727E7ED-DDAF-4180-993B-1BB1CCA7FA8B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02220E03-0B8C-44F5-8E20-AD8917AA6DD1}" = openAir2kml
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.8
"{07B30B65-6615-46CF-ABB2-4AD33B9CE87A}" = OutSync
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12EE0B2A-84C6-494E-A7AC-6771E898F6A0}_is1" = HD2 Toolkit Version 4.1
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{16BF9FAA-2804-48A9-823F-87DFD06969E0}" = LX navigation LXE
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225B779B-94BA-4A83-9E11-6F1D99ECE7CD}" = Windchill ProductPoint Client Manager-2.0_2010.09.06.001
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2336573C-3213-48AA-A306-8309BA9BD92C}" = Aerosoft's - Airbus X
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2F4493E4-7237-4B2F-B693-B13BA827DBA7}" = Rhinoceros 4.0 Trainingsmaterial - Stufe 1
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{388BB822-33BF-4ED9-8A04-7007CC37A24E}" = REFLEX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{46181E57-7362-4FCC-A30E-6E31429E160F}_is1" = NaviComputer V0.95
"{4689C255-3373-4A61-8E3C-3E9C92EFA4E5}" = AeroFly Professional Deluxe
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{5BD1BBB6-DC09-420F-B459-DD61DD351541}" = aerosoft's - Menorca X for FSX
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64996B10-0B55-4625-A124-551CB65F09CE}" = aerosoft's - London City Airport X
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7668700F-1E1D-4E37-A7AE-29DFA7BE4B8F}" = eDocPrintPro v3.17.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F702E8C-D01F-4128-AD93-4A9AE07603A9}" = Aerosoft's - German Airfields FREE - Wasserkuppe
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{917FBB8E-C606-4ADD-9E5D-236646F5A1AA}" = PhoenixRC
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{990A2B02-0C8F-4BD4-989B-9F4561D8FAD2}" = RealFlight G5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4003C3C-30EF-41F6-87DD-33DDC471651C}" = Autodesk 123D Catch
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF209F10-BD3A-4AA7-A485-845508D6C672}" = aerosoft's - German Airports 2-Hannover X
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBA5E54-5B3C-11DE-BAEA-F9C855D89593}" = insight3d 0.3.2
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C0A6F8BF-2C50-4D70-B98E-590EA298E5A1}" = WinSpice v1.06.00
"{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CDDE8723-0D3C-4446-BFCC-6AFAED649A71}" = Mission Planner
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FDD9AD-F2FA-42D7-B4B6-43202C53F142}" = 'PTC Places' Namespace Shell Extension
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E630D30A-79EE-407A-8F51-9D57D1F45230}" = gs_x86
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EB2423B8-2060-4260-874B-3ED7A68D1275}" = FS Flight Keeper (3.0)
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE18E4CF-6732-470B-A526-3FE205AC69D5}" = CompanionLink
"{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{FB56079B-7D0C-4D1D-864A-09BA159CC31B}" = Active Sky Evolution
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"{FF63DB41-2880-4C24-A06A-B8BF69B6406B}" = Unified Remote
"1C403B82E4E446F5F271843776F81232792700B4" = Windows-Treiberpaket - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.0)
"7-Zip" = 7-Zip 9.20
"ABViewer 7_is1" = ABViewer 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Condor: The Competition Soaring Simulator" = Condor: The Competition Soaring Simulator 1.1.2
"D4BE65E2BB029E9D50B48199CCFFE66D0F514A27" = Windows-Treiberpaket - 3D Robotics (usbser) Ports  (03/28/2013 1.6.2.0)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B18_0" = Dassault Systemes Software B18
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"DivX Setup.divx.com" = DivX-Setup
"doubleTwist" = doubleTwist
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition
"EasternAlps Scenery" = EasternAlps Scenery 2.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"f1mustang_FSX" = Flight1 Citation Mustang
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.7.0.1
"FinePrint" = FinePrint
"Flamingo 1.1" = Flamingo 1.1
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FlightGear_is1" = FlightGear 2.10.0.3
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Google Calendar Sync" = Google Calendar Sync
"Ground Environment X Europe" = Ground Environment X Europe
"Hugin" = Hugin 2011.0.0
"iDisplay_is1" = iDisplay 2.0.0
"IGC GE Flight_is1" = IGC Flight Replay  1.0
"ImgBurn" = ImgBurn
"InstallShield_{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"JDownloader" = JDownloader
"KeyShot2" = KeyShot2 2.3 32 bit
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.8
"LX Styler_is1" = LX Styler
"MatlabR2011a" = MATLAB R2011a
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"NetCommy_is1" = NetCommy 1.14
"nHancer" = nHancer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"openAir2kml" = openAir2kml
"OpenAL" = OpenAL
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Rhinoceros 3.0" = Rhinoceros 3.0
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SeeYou Mobile" = SeeYou Mobile
"SeeYou_is1" = SeeYou Version 4.22
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TS3 Overlay" = TS3 Overlay
"VAIOSoft Recovery Manager" = VAIOSoft Recovery Manager
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR
"wxdevcpp" = wxDev-C++ 7.3.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aerosoft Mega Airport Munich v 1.00 for FSX" = Aerosoft Mega Airport Munich v 1.00 for FSX
"Dropbox" = Dropbox
"FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279
"GeoGebra WebStart" = GeoGebra WebStart
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Spotify" = Spotify
"Titan Casino" = Titan Casino
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8143
 
Error - 28.05.2013 16:07:33 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8143
 
Error - 28.05.2013 22:50:46 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files\CompanionLink\ClxMapi64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.05.2013 22:53:18 | Computer Name = Martin-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030
 
Error - 29.05.2013 17:00:46 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error - 30.05.2013 05:38:32 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Program Files\CompanionLink\ClxMapi64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.05.2013 05:42:48 | Computer Name = Martin-PC | Source = System Restore | ID = 8193
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 30.05.2013 05:06:41 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:41 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 30.05.2013 05:06:42 | Computer Name = Martin-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ OSession Events ]
Error - 25.01.2011 19:33:57 | Computer Name = Martin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3752
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.05.2013 03:35:56 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR32 
gefunden.
 
Error - 26.05.2013 05:27:30 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 26.05.2013 05:27:30 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 26.05.2013 05:27:31 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 26.05.2013 05:27:31 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 26.05.2013 05:27:32 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 27.05.2013 01:14:52 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
 
Error - 27.05.2013 01:14:53 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
 
Error - 27.05.2013 01:14:53 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
 
Error - 27.05.2013 01:14:54 | Computer Name = Martin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.
 
 
< End of report >
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 30.05.2013 15:27:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 63,01% Memory free
8,25 Gb Paging File | 6,27 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): c:\pagefile.sys 5120 6144i:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,52 Gb Total Space | 33,37 Gb Free Space | 36,87% Space Free | Partition Type: NTFS
Drive D: | 295,37 Gb Total Space | 66,80 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
Drive X: | 79,87 Gb Total Space | 32,46 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe ()
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - X:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Windows\System32\lxbucoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - D:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Java\jre7\bin\jp2native.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
 
 
========== Services (SafeList) ==========
 
SRV - (mi-raysat_3dsmax9_32) -- D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (GsServer) -- D:\Program Files\Siber Systems\GoodSync\Gs-Server.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nHancer) -- X:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (BBDemon) -- D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2010_32) -- D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( )
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (DxkgFilter) -- D:\Program Files\iDisplay\idisplay.sys ()
DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.at/ [binary data]
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 6D 55 81 97 BB CB 01  [binary data]
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT"
FF - prefs.js..extensions.enabledAddons: linky%40gemal.dk:3.0.0
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:2.8.5
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.24 09:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.24 09:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.05.24 16:38:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.05.24 16:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013.05.24 16:38:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2013.05.24 16:38:38 | 000,000,000 | ---D | M]
 
[2011.01.24 09:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013.05.23 23:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions
[2013.03.12 16:55:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013.05.07 22:35:16 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\foxyproxy@eric.h.jung
[2011.02.17 00:36:55 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\linky@gemal.dk
[2013.05.07 22:35:11 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
[2011.03.04 00:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\rypciewz.default\extensions
[2011.03.04 00:19:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\rypciewz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.24 23:34:11 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\youtube2mp3@mondayx.de.xpi
[2011.12.08 19:42:35 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013.05.09 20:29:38 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.23 23:39:39 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.08 07:28:48 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.01.20 16:35:01 | 000,002,059 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\daemon-search.xml
[2013.05.30 11:09:56 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-1.xml
[2011.04.30 21:09:36 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-2.xml
[2011.05.05 23:06:57 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-3.xml
[2011.06.21 06:52:49 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-4.xml
[2011.08.19 15:15:09 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-5.xml
[2011.09.12 23:04:33 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin-6.xml
[2011.03.25 15:37:06 | 000,001,056 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\icqplugin.xml
[2012.08.20 01:55:49 | 000,003,915 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\2k1ibfdb.default\searchplugins\sweetim.xml
 
O1 HOSTS File: ([2011.01.24 21:36:54 | 000,001,730 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 4 more lines...
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Programme\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Spotify Web Helper] C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Zaemectiot] C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe (Sysinternals - www.sysinternals.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CA416F6-55F8-461A-B1D4-A0FB030B6945}: NameServer = 212.18.3.5 212.18.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06AFEE5-B9BC-4DB3-A216-146EB60EC29B}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9d2bd751-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun
O33 - MountPoints2\{9d2bd751-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{9d2bd75d-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun
O33 - MountPoints2\{9d2bd75d-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{9d2bd769-548e-11e0-a74a-0023549c1a34}\Shell - "" = AutoRun
O33 - MountPoints2\{9d2bd769-548e-11e0-a74a-0023549c1a34}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{cf19e7c0-56a6-11e0-b760-0023549c1a34}\Shell - "" = AutoRun
O33 - MountPoints2\{cf19e7c0-56a6-11e0-b760-0023549c1a34}\Shell\AutoRun\command - "" = S:\AutoRun.exe
O33 - MountPoints2\{f82bf3ed-53b7-11e1-b4ff-0023549c1a34}\Shell - "" = AutoRun
O33 - MountPoints2\{f82bf3ed-53b7-11e1-b4ff-0023549c1a34}\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.27 21:30:18 | 000,000,000 | ---D | C] -- D:\Dokumente\XCSoarData
[2013.05.25 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\FileZilla
[2013.05.25 13:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.05.22 16:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.22 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.22 16:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.22 16:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Yqzi
[2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Quit
[2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Ehma
[2013.05.12 18:19:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.8
[2013.05.12 18:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\MiniTool Partition Wizard Home Edition 7.8
[2013.05.12 17:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD2 Toolkit
[2013.05.12 17:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\HD2 Toolkit
[2013.05.11 13:50:25 | 000,000,000 | ---D | C] -- D:\Dokumente\HTC HD2 Android
[2013.05.11 12:20:09 | 000,000,000 | ---D | C] -- D:\Dokumente\WhatsApp
[2013.05.08 21:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.08 21:10:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.08 21:10:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.08 21:10:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.08 20:05:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\insight3d
[2013.05.08 20:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\insight3d
[2013.05.08 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013.05.08 17:04:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SmartFTP Client 4.1 Setup
[2013.05.07 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\Downloads
[2013.05.07 22:44:12 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.02 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\flightgear.org
[2013.05.02 22:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org
[2013.05.02 22:56:55 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2013.05.02 22:56:55 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2013.05.02 22:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2013.05.02 22:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.10.0.3
[2013.04.30 17:59:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\GMap.NET
[2013.04.30 17:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.04.30 17:57:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APM Planner
[2013.04.30 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\APM Planner
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Martin\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Martin\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Martin\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Martin\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 15:21:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.30 14:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 11:12:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.30 11:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 16:20:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 16:20:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 16:13:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.05.28 16:12:56 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 13:32:55 | 000,000,976 | ---- | M] () -- C:\Users\Martin\Desktop\Adobe Dreamweaver CS3 - 32bit.lnk
[2013.05.26 13:25:09 | 000,000,810 | ---- | M] () -- C:\Users\Martin\Desktop\FileZilla.lnk
[2013.05.25 19:03:51 | 000,064,640 | ---- | M] () -- D:\Dokumente\Kontakte Stand 25.05.2013.CSV
[2013.05.25 19:03:49 | 000,038,431 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2013.05.22 20:13:16 | 000,025,387 | ---- | M] () -- D:\Dokumente\Penzberg, Deutschland nach Wirtschaftskammer Wien - Google Maps.pdf
[2013.05.22 16:26:02 | 000,001,550 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.15 21:46:33 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 21:46:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 18:19:05 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2013.05.11 17:44:57 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.11 17:44:57 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.11 17:44:57 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.11 17:44:57 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.10 21:33:06 | 000,001,237 | ---- | M] () -- C:\Users\Martin\Desktop\VisualSFM_win32.exe - Verknüpfung.lnk
[2013.05.08 22:06:14 | 000,017,698 | ---- | M] () -- D:\Dokumente\Bestellnummer_ 22368.pdf
[2013.05.08 22:05:30 | 000,067,429 | ---- | M] () -- D:\Dokumente\Ülis Segelflugbedarf - FLARM Competence Center.pdf
[2013.05.08 19:53:37 | 000,001,825 | ---- | M] () -- C:\Users\Martin\Desktop\Autodesk 123D Catch.lnk
[2013.05.07 22:43:55 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.07 20:27:50 | 000,001,094 | ---- | M] () -- C:\Users\Martin\Desktop\minecraft.bat - Verknüpfung.lnk
[2013.05.04 20:53:16 | 000,000,840 | ---- | M] () -- C:\Users\Martin\Desktop\SeeYou.lnk
[2013.05.02 22:56:55 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2013.05.02 22:56:55 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2013.05.02 22:56:10 | 000,000,835 | ---- | M] () -- C:\Users\Martin\Desktop\FlightGear 2.10.0.3.lnk
[2013.04.30 17:59:36 | 000,001,068 | ---- | M] () -- C:\Users\Martin\Desktop\Mission Planner Mav 1.0.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.26 16:21:05 | 000,000,000 | ---- | C] () -- C:\Windows\cs3marked64
[2013.05.26 13:25:09 | 000,000,810 | ---- | C] () -- C:\Users\Martin\Desktop\FileZilla.lnk
[2013.05.25 19:03:46 | 000,064,640 | ---- | C] () -- D:\Dokumente\Kontakte Stand 25.05.2013.CSV
[2013.05.22 20:13:16 | 000,025,387 | ---- | C] () -- D:\Dokumente\Penzberg, Deutschland nach Wirtschaftskammer Wien - Google Maps.pdf
[2013.05.22 16:26:02 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.12 18:19:12 | 002,888,384 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2013.05.12 18:19:12 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2013.05.12 18:19:08 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2013.05.12 18:19:05 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
[2013.05.10 21:33:06 | 000,001,237 | ---- | C] () -- C:\Users\Martin\Desktop\VisualSFM_win32.exe - Verknüpfung.lnk
[2013.05.08 22:06:14 | 000,017,698 | ---- | C] () -- D:\Dokumente\Bestellnummer_ 22368.pdf
[2013.05.08 22:05:30 | 000,067,429 | ---- | C] () -- D:\Dokumente\Ülis Segelflugbedarf - FLARM Competence Center.pdf
[2013.05.08 19:53:37 | 000,001,825 | ---- | C] () -- C:\Users\Martin\Desktop\Autodesk 123D Catch.lnk
[2013.05.02 22:56:10 | 000,000,835 | ---- | C] () -- C:\Users\Martin\Desktop\FlightGear 2.10.0.3.lnk
[2013.04.30 17:59:36 | 000,001,068 | ---- | C] () -- C:\Users\Martin\Desktop\Mission Planner Mav 1.0.lnk
[2013.04.04 18:26:06 | 000,038,431 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.07.09 23:28:25 | 000,000,335 | ---- | C] () -- C:\Users\Martin\AppData\Local\Perfmon.PerfmonCfg
[2012.06.26 00:45:25 | 000,199,312 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\csio.dll
[2012.03.18 23:18:53 | 000,038,434 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.03.18 23:17:42 | 000,038,435 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.02.28 21:10:33 | 000,001,434 | ---- | C] () -- C:\Users\Martin\AppData\Local\RecConfig.xml
[2012.02.23 14:41:57 | 000,000,765 | ---- | C] () -- C:\Windows\ONFORMAT.INI
[2012.02.23 14:41:33 | 000,000,341 | ---- | C] () -- C:\Windows\RECMGRUN.INI
[2012.02.23 14:40:52 | 000,003,455 | ---- | C] () -- C:\Windows\RECVCALL.INI
[2011.10.24 07:11:40 | 000,000,400 | ---- | C] () -- C:\Windows\g_nhqnsp300.ini
[2011.10.24 07:11:40 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bhtrugl705.dat
[2011.10.22 11:24:20 | 000,805,895 | ---- | C] () -- C:\Users\Martin\cdlabel.jpg
[2011.09.24 23:42:39 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.28 20:01:28 | 000,000,406 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\gnuplot_history
[2011.01.24 09:37:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Martin\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Martin\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Martin\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.30 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2012.03.03 21:48:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.Nitrous
[2012.11.30 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.techniclauncher
[2012.11.28 23:38:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Arduino
[2013.05.08 19:53:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Autodesk
[2012.07.06 23:54:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\benibela
[2011.04.08 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BOM
[2011.10.19 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon
[2011.03.13 10:40:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CompanionLink
[2012.02.10 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2011.03.28 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DassaultSystemes
[2011.05.03 20:14:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dev-Cpp
[2013.05.28 16:15:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2013.05.17 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ehma
[2013.05.27 19:29:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FileZilla
[2011.02.23 09:49:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Flight1
[2013.05.02 22:56:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\flightgear.org
[2013.01.09 16:59:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Freeplane
[2012.11.06 00:08:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fritzing
[2011.01.24 09:24:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GetRightToGo
[2013.01.07 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GoodSync
[2011.02.25 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HiFi
[2013.04.25 19:43:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IGCGeFlight
[2011.10.27 18:59:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ImgBurn
[2012.12.30 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\JabRef 2.9
[2011.02.08 20:24:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LegalSounds
[2011.01.24 09:36:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Local
[2011.02.27 10:48:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mathsoft
[2013.05.21 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MyPhoneExplorer
[2011.09.24 23:40:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenCandy
[2011.09.27 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Outlook
[2011.02.27 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PTC
[2011.10.29 21:19:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\pymclevel
[2013.05.30 15:10:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Quit
[2012.01.28 00:37:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SHAPE Services
[2011.05.19 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Soft Gold
[2013.05.29 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spotify
[2011.11.10 08:24:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2013.03.03 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\thriXXX
[2013.05.25 19:00:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
[2011.09.27 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ts3overlay
[2011.01.25 21:38:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2011.03.26 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2012.05.03 00:09:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unified Remote
[2012.11.24 00:58:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\xm1
[2013.05.17 16:15:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Yqzi
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:74603393

< End of report >
         
Vielen Dank schon mal im Vorraus!

Gruß,

Martin

Alt 30.05.2013, 15:03   #2
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2944825941-799094432-1867900547-1000..\Run: [Zaemectiot] C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe (Sysinternals - www.sysinternals.com)
[2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Yqzi
[2013.05.17 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Quit
:files
C:\Users\Martin\AppData\Roaming\Ehma
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 30.05.2013, 15:30   #3
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Danke fürs hochladen, du hast den Trojan.zbot

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für onlinebanking, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Ich würde, wenn es mein PC währe, ihn einmal neu aufsetzen und absichern, dazu bekommst du anleitungen von mir, Entscheidung liegt natürlich bei dir.
__________________
__________________

Alt 30.05.2013, 15:30   #4
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Das geht ja echt fix

Upload war erfolgreich.

Hier noch wie verlangt der Inhalt der Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2944825941-799094432-1867900547-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zaemectiot deleted successfully.
C:\Users\Martin\AppData\Roaming\Ehma\zayl.exe moved successfully.
C:\Users\Martin\AppData\Roaming\Yqzi folder moved successfully.
C:\Users\Martin\AppData\Roaming\Quit folder moved successfully.
========== FILES ==========
C:\Users\Martin\AppData\Roaming\Ehma folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 50520 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Martin
->Temp folder emptied: 2632946668 bytes
->Temporary Internet Files folder emptied: 255352092 bytes
->Java cache emptied: 5941760 bytes
->FireFox cache emptied: 474961797 bytes
->Flash cache emptied: 64272 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 382438778 bytes
RecycleBin emptied: 1642287313 bytes
 
Total Files Cleaned = 5.144,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05302013_161657

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 30.05.2013, 16:07   #5
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Schau mal, ich hatte über deinem Post schon was geschrieben :-)

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.05.2013, 16:09   #6
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Ah hab ich ganz übersehen.

Ich würde gerne versuchen den PC zu bereinigen.

Alt 30.05.2013, 16:11   #7
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Ok, dir muss aber bewusst sein, dass, wenn wir etwas übersehen, im schlimmsten Falle jemand dein Bankkonto plündern kann (onlinebanking)
Wollte nur noch mal auf das Risiko hinweisen.
Wenn du aber weiter machen willst:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.05.2013, 16:18   #8
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Das ist der Inhalt des Reports:

Code:
ATTFilter
17:17:02.0481 5260  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:17:02.0891 5260  ============================================================
17:17:02.0891 5260  Current date / time: 2013/05/30 17:17:02.0891
17:17:02.0891 5260  SystemInfo:
17:17:02.0891 5260  
17:17:02.0891 5260  OS Version: 6.1.7600 ServicePack: 0.0
17:17:02.0891 5260  Product type: Workstation
17:17:02.0891 5260  ComputerName: MARTIN-PC
17:17:02.0891 5260  UserName: Martin
17:17:02.0891 5260  Windows directory: C:\Windows
17:17:02.0891 5260  System windows directory: C:\Windows
17:17:02.0891 5260  Processor architecture: Intel x86
17:17:02.0891 5260  Number of processors: 4
17:17:02.0891 5260  Page size: 0x1000
17:17:02.0891 5260  Boot type: Normal boot
17:17:02.0891 5260  ============================================================
17:17:03.0711 5260  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:17:03.0721 5260  ============================================================
17:17:03.0721 5260  \Device\Harddisk0\DR0:
17:17:03.0721 5260  MBR partitions:
17:17:03.0721 5260  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xB507BE9
17:17:03.0741 5260  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB507C67, BlocksNum 0x24EBD0DF
17:17:03.0761 5260  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x303C4D85, BlocksNum 0x9FBFEBC
17:17:03.0761 5260  ============================================================
17:17:03.0771 5260  X: <-> \Device\Harddisk0\DR0\Partition3
17:17:03.0811 5260  D: <-> \Device\Harddisk0\DR0\Partition2
17:17:03.0851 5260  C: <-> \Device\Harddisk0\DR0\Partition1
17:17:03.0851 5260  ============================================================
17:17:03.0851 5260  Initialize success
17:17:03.0851 5260  ============================================================
17:17:11.0982 5384  ============================================================
17:17:11.0982 5384  Scan started
17:17:11.0982 5384  Mode: Manual; SigCheck; TDLFS; 
17:17:11.0982 5384  ============================================================
17:17:12.0542 5384  ================ Scan system memory ========================
17:17:12.0542 5384  System memory - ok
17:17:12.0542 5384  ================ Scan services =============================
17:17:12.0672 5384  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:17:12.0732 5384  1394ohci - ok
17:17:12.0742 5384  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
17:17:12.0762 5384  ACPI - ok
17:17:12.0772 5384  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
17:17:12.0792 5384  AcpiPmi - ok
17:17:12.0842 5384  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:12.0852 5384  AdobeFlashPlayerUpdateSvc - ok
17:17:12.0882 5384  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:12.0902 5384  adp94xx - ok
17:17:12.0912 5384  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:17:12.0922 5384  adpahci - ok
17:17:12.0942 5384  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:17:12.0952 5384  adpu320 - ok
17:17:12.0982 5384  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:17:13.0012 5384  AeLookupSvc - ok
17:17:13.0032 5384  [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD             C:\Windows\system32\drivers\afd.sys
17:17:13.0062 5384  AFD - ok
17:17:13.0082 5384  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
17:17:13.0092 5384  agp440 - ok
17:17:13.0102 5384  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:17:13.0112 5384  aic78xx - ok
17:17:13.0132 5384  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:17:13.0142 5384  ALG - ok
17:17:13.0172 5384  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
17:17:13.0182 5384  aliide - ok
17:17:13.0192 5384  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
17:17:13.0202 5384  amdagp - ok
17:17:13.0212 5384  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
17:17:13.0222 5384  amdide - ok
17:17:13.0232 5384  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:17:13.0252 5384  AmdK8 - ok
17:17:13.0252 5384  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:17:13.0262 5384  AmdPPM - ok
17:17:13.0292 5384  [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
17:17:13.0302 5384  amdsata - ok
17:17:13.0333 5384  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:13.0343 5384  amdsbs - ok
17:17:13.0363 5384  [ B81C2B5616F6420A9941EA093A92B150 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
17:17:13.0373 5384  amdxata - ok
17:17:13.0453 5384  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:17:13.0463 5384  AntiVirSchedulerService - ok
17:17:13.0493 5384  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:17:13.0503 5384  AntiVirService - ok
17:17:13.0533 5384  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
17:17:13.0543 5384  AppID - ok
17:17:13.0573 5384  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:17:13.0593 5384  AppIDSvc - ok
17:17:13.0613 5384  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
17:17:13.0643 5384  Appinfo - ok
17:17:13.0683 5384  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:17:13.0703 5384  Apple Mobile Device - ok
17:17:13.0723 5384  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:17:13.0733 5384  AppMgmt - ok
17:17:13.0763 5384  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:17:13.0773 5384  arc - ok
17:17:13.0783 5384  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:17:13.0793 5384  arcsas - ok
17:17:13.0873 5384  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:17:13.0883 5384  aspnet_state - ok
17:17:13.0913 5384  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:13.0933 5384  AsyncMac - ok
17:17:13.0953 5384  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
17:17:13.0963 5384  atapi - ok
17:17:13.0993 5384  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:17:14.0023 5384  AudioEndpointBuilder - ok
17:17:14.0033 5384  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:17:14.0063 5384  Audiosrv - ok
17:17:14.0123 5384  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:17:14.0153 5384  avgntflt - ok
17:17:14.0193 5384  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:17:14.0203 5384  avipbb - ok
17:17:14.0233 5384  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:17:14.0243 5384  avkmgr - ok
17:17:14.0263 5384  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:17:14.0283 5384  AxInstSV - ok
17:17:14.0313 5384  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:17:14.0334 5384  b06bdrv - ok
17:17:14.0364 5384  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:17:14.0384 5384  b57nd60x - ok
17:17:14.0584 5384  [ 584F96E8CA59F2EC987E8FD6712D666E ] BBDemon         D:\Program Files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe
17:17:14.0604 5384  BBDemon ( UnsignedFile.Multi.Generic ) - warning
17:17:14.0604 5384  BBDemon - detected UnsignedFile.Multi.Generic (1)
17:17:14.0644 5384  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:17:14.0664 5384  BDESVC - ok
17:17:14.0684 5384  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:17:14.0714 5384  Beep - ok
17:17:14.0744 5384  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
17:17:14.0774 5384  BFE - ok
17:17:14.0804 5384  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
17:17:14.0834 5384  BITS - ok
17:17:14.0844 5384  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:17:14.0854 5384  blbdrive - ok
17:17:14.0904 5384  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:17:14.0914 5384  Bonjour Service - ok
17:17:14.0924 5384  [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:17:14.0944 5384  bowser - ok
17:17:14.0964 5384  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:17:14.0974 5384  BrFiltLo - ok
17:17:14.0984 5384  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:17:14.0994 5384  BrFiltUp - ok
17:17:15.0024 5384  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser         C:\Windows\System32\browser.dll
17:17:15.0044 5384  Browser - ok
17:17:15.0064 5384  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:17:15.0074 5384  Brserid - ok
17:17:15.0084 5384  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:15.0104 5384  BrSerWdm - ok
17:17:15.0114 5384  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:15.0124 5384  BrUsbMdm - ok
17:17:15.0134 5384  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:15.0144 5384  BrUsbSer - ok
17:17:15.0194 5384  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
17:17:15.0214 5384  BthEnum - ok
17:17:15.0224 5384  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:17:15.0244 5384  BTHMODEM - ok
17:17:15.0264 5384  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:17:15.0284 5384  BthPan - ok
17:17:15.0294 5384  [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:17:15.0314 5384  BTHPORT - ok
17:17:15.0344 5384  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:17:15.0374 5384  bthserv - ok
17:17:15.0384 5384  [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:17:15.0404 5384  BTHUSB - ok
17:17:15.0434 5384  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:17:15.0454 5384  cdfs - ok
17:17:15.0484 5384  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:17:15.0504 5384  cdrom - ok
17:17:15.0524 5384  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:17:15.0544 5384  CertPropSvc - ok
17:17:15.0584 5384  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:17:15.0604 5384  circlass - ok
17:17:15.0624 5384  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:17:15.0634 5384  CLFS - ok
17:17:15.0684 5384  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:15.0684 5384  clr_optimization_v2.0.50727_32 - ok
17:17:15.0714 5384  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:15.0724 5384  clr_optimization_v4.0.30319_32 - ok
17:17:15.0744 5384  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:15.0764 5384  CmBatt - ok
17:17:15.0764 5384  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
17:17:15.0774 5384  cmdide - ok
17:17:15.0804 5384  [ 1B675691ED940766149C93E8F4488D68 ] CNG             C:\Windows\system32\Drivers\cng.sys
17:17:15.0824 5384  CNG - ok
17:17:15.0834 5384  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:17:15.0844 5384  Compbatt - ok
17:17:15.0864 5384  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:17:15.0874 5384  CompositeBus - ok
17:17:15.0884 5384  COMSysApp - ok
17:17:15.0904 5384  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:17:15.0914 5384  crcdisk - ok
17:17:15.0944 5384  [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:17:15.0974 5384  CryptSvc - ok
17:17:15.0994 5384  [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC             C:\Windows\system32\drivers\csc.sys
17:17:16.0014 5384  CSC - ok
17:17:16.0034 5384  [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService      C:\Windows\System32\cscsvc.dll
17:17:16.0044 5384  CscService - ok
17:17:16.0074 5384  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:17:16.0104 5384  DcomLaunch - ok
17:17:16.0124 5384  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:17:16.0154 5384  defragsvc - ok
17:17:16.0184 5384  [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:17:16.0204 5384  DfsC - ok
17:17:16.0224 5384  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:17:16.0244 5384  Dhcp - ok
17:17:16.0254 5384  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:17:16.0274 5384  discache - ok
17:17:16.0294 5384  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:17:16.0304 5384  Disk - ok
17:17:16.0314 5384  [ D0722E963D3C6145446874241401B209 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:17:16.0334 5384  Dnscache - ok
17:17:16.0354 5384  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:17:16.0374 5384  dot3svc - ok
17:17:16.0384 5384  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
17:17:16.0404 5384  DPS - ok
17:17:16.0444 5384  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:17:16.0454 5384  drmkaud - ok
17:17:16.0484 5384  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:17:16.0494 5384  dtsoftbus01 - ok
17:17:16.0514 5384  [ 39806CFEDDCC55E686A49BCCD2972F23 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:17:16.0554 5384  DXGKrnl - ok
17:17:16.0664 5384  [ 615FB699440981C0A72A337A8A8550B8 ] DxkgFilter      D:\Program Files\iDisplay\idisplay.sys
17:17:16.0674 5384  DxkgFilter - ok
17:17:16.0694 5384  [ 8EEF52AD831471E323EE7364A8656D35 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
17:17:16.0714 5384  e1yexpress - ok
17:17:16.0734 5384  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:17:16.0764 5384  EapHost - ok
17:17:16.0834 5384  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:17:16.0874 5384  ebdrv - ok
17:17:16.0904 5384  [ F42309C4191C506B71DB5D1126D26318 ] EFS             C:\Windows\System32\lsass.exe
17:17:16.0914 5384  EFS - ok
17:17:16.0974 5384  [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:17:16.0994 5384  ehRecvr - ok
17:17:17.0014 5384  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:17:17.0024 5384  ehSched - ok
17:17:17.0114 5384  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:17:17.0124 5384  elxstor - ok
17:17:17.0174 5384  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
17:17:17.0184 5384  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
17:17:17.0184 5384  epmntdrv - detected UnsignedFile.Multi.Generic (1)
17:17:17.0194 5384  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
17:17:17.0214 5384  ErrDev - ok
17:17:17.0254 5384  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
17:17:17.0254 5384  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
17:17:17.0254 5384  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
17:17:17.0294 5384  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:17:17.0324 5384  EventSystem - ok
17:17:17.0344 5384  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:17:17.0374 5384  exfat - ok
17:17:17.0384 5384  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:17:17.0414 5384  fastfat - ok
17:17:17.0434 5384  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
17:17:17.0454 5384  Fax - ok
17:17:17.0474 5384  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:17:17.0484 5384  fdc - ok
17:17:17.0504 5384  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:17:17.0534 5384  fdPHost - ok
17:17:17.0544 5384  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:17:17.0574 5384  FDResPub - ok
17:17:17.0574 5384  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:17:17.0584 5384  FileInfo - ok
17:17:17.0594 5384  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:17:17.0614 5384  Filetrace - ok
17:17:17.0654 5384  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:17:17.0674 5384  FLEXnet Licensing Service - ok
17:17:17.0704 5384  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:17:17.0714 5384  flpydisk - ok
17:17:17.0744 5384  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:17:17.0754 5384  FltMgr - ok
17:17:17.0784 5384  [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache       C:\Windows\system32\FntCache.dll
17:17:17.0814 5384  FontCache - ok
17:17:17.0844 5384  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:17:17.0854 5384  FontCache3.0.0.0 - ok
17:17:17.0864 5384  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:17:17.0874 5384  FsDepends - ok
17:17:17.0884 5384  [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:17:17.0894 5384  Fs_Rec - ok
17:17:17.0914 5384  [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:17:17.0924 5384  fvevol - ok
17:17:17.0954 5384  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:17:17.0964 5384  gagp30kx - ok
17:17:17.0994 5384  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:17:18.0004 5384  GEARAspiWDM - ok
17:17:18.0034 5384  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
17:17:18.0054 5384  gpsvc - ok
17:17:18.0124 5384  GsServer - ok
17:17:18.0194 5384  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:17:18.0204 5384  gupdate - ok
17:17:18.0224 5384  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:17:18.0234 5384  gupdatem - ok
17:17:18.0254 5384  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
17:17:18.0264 5384  hamachi - ok
17:17:18.0294 5384  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:17:18.0304 5384  hcw85cir - ok
17:17:18.0344 5384  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:17:18.0354 5384  HdAudAddService - ok
17:17:18.0374 5384  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:18.0384 5384  HDAudBus - ok
17:17:18.0384 5384  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:17:18.0404 5384  HidBatt - ok
17:17:18.0404 5384  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:17:18.0424 5384  HidBth - ok
17:17:18.0444 5384  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:17:18.0454 5384  HidIr - ok
17:17:18.0484 5384  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:17:18.0504 5384  hidserv - ok
17:17:18.0524 5384  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:17:18.0534 5384  HidUsb - ok
17:17:18.0554 5384  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:17:18.0584 5384  hkmsvc - ok
17:17:18.0594 5384  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:17:18.0604 5384  HomeGroupListener - ok
17:17:18.0634 5384  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:17:18.0644 5384  HomeGroupProvider - ok
17:17:18.0654 5384  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
17:17:18.0664 5384  HpSAMD - ok
17:17:18.0704 5384  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:17:18.0714 5384  HTCAND32 - ok
17:17:18.0784 5384  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
17:17:18.0794 5384  htcnprot - ok
17:17:18.0824 5384  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:17:18.0854 5384  HTTP - ok
17:17:18.0914 5384  [ 988C0A49F09D75D3341CB419141793C1 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:17:18.0924 5384  hwdatacard - ok
17:17:18.0934 5384  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:17:18.0944 5384  hwpolicy - ok
17:17:18.0964 5384  [ AC6B4AABF92867584445D0C435B9248F ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
17:17:18.0974 5384  hwusbdev - ok
17:17:19.0024 5384  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:17:19.0034 5384  i8042prt - ok
17:17:19.0044 5384  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
17:17:19.0054 5384  iaStorV - ok
17:17:19.0114 5384  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:17:19.0114 5384  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:17:19.0114 5384  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:17:19.0164 5384  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:17:19.0184 5384  idsvc - ok
17:17:19.0194 5384  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:17:19.0204 5384  iirsp - ok
17:17:19.0254 5384  [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
17:17:19.0264 5384  IJPLMSVC - ok
17:17:19.0304 5384  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:17:19.0344 5384  IKEEXT - ok
17:17:19.0354 5384  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
17:17:19.0364 5384  intelide - ok
17:17:19.0394 5384  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:17:19.0404 5384  intelppm - ok
17:17:19.0424 5384  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:17:19.0454 5384  IPBusEnum - ok
17:17:19.0464 5384  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:19.0484 5384  IpFilterDriver - ok
17:17:19.0514 5384  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:17:19.0544 5384  iphlpsvc - ok
17:17:19.0554 5384  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:17:19.0574 5384  IPMIDRV - ok
17:17:19.0584 5384  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:17:19.0604 5384  IPNAT - ok
17:17:19.0644 5384  [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:17:19.0664 5384  iPod Service - ok
17:17:19.0714 5384  [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv         C:\Windows\system32\drivers\iPodDrv.sys
17:17:19.0714 5384  iPodDrv ( UnsignedFile.Multi.Generic ) - warning
17:17:19.0714 5384  iPodDrv - detected UnsignedFile.Multi.Generic (1)
17:17:19.0734 5384  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:17:19.0754 5384  IRENUM - ok
17:17:19.0774 5384  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
17:17:19.0784 5384  isapnp - ok
17:17:19.0794 5384  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:17:19.0804 5384  iScsiPrt - ok
17:17:19.0834 5384  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:17:19.0844 5384  kbdclass - ok
17:17:19.0864 5384  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:17:19.0874 5384  kbdhid - ok
17:17:19.0884 5384  [ F42309C4191C506B71DB5D1126D26318 ] KeyIso          C:\Windows\system32\lsass.exe
17:17:19.0894 5384  KeyIso - ok
17:17:19.0914 5384  [ E36A061EC11B373826905B21BE10948F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:17:19.0924 5384  KSecDD - ok
17:17:19.0924 5384  [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:17:19.0934 5384  KSecPkg - ok
17:17:19.0964 5384  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:17:19.0994 5384  KtmRm - ok
17:17:20.0024 5384  [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:17:20.0054 5384  LanmanServer - ok
17:17:20.0074 5384  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:17:20.0104 5384  LanmanWorkstation - ok
17:17:20.0144 5384  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:17:20.0174 5384  lltdio - ok
17:17:20.0194 5384  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:17:20.0214 5384  lltdsvc - ok
17:17:20.0224 5384  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:17:20.0254 5384  lmhosts - ok
17:17:20.0284 5384  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:17:20.0294 5384  LSI_FC - ok
17:17:20.0304 5384  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:17:20.0314 5384  LSI_SAS - ok
17:17:20.0324 5384  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:17:20.0335 5384  LSI_SAS2 - ok
17:17:20.0335 5384  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:17:20.0355 5384  LSI_SCSI - ok
17:17:20.0365 5384  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:17:20.0395 5384  luafv - ok
17:17:20.0435 5384  [ CA020DB361524D1182138EFEAA8CF8F3 ] LUMDriver       C:\Windows\system32\drivers\LUMDriver.sys
17:17:20.0435 5384  LUMDriver - ok
17:17:20.0445 5384  lxbu_device - ok
17:17:20.0495 5384  [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe
17:17:20.0505 5384  McComponentHostService - ok
17:17:20.0525 5384  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:17:20.0535 5384  Mcx2Svc - ok
17:17:20.0565 5384  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:17:20.0575 5384  megasas - ok
17:17:20.0605 5384  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:17:20.0615 5384  MegaSR - ok
17:17:20.0725 5384  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2010_32 D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
17:17:20.0725 5384  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - warning
17:17:20.0725 5384  mi-raysat_3dsmax2010_32 - detected UnsignedFile.Multi.Generic (1)
17:17:20.0745 5384  mi-raysat_3dsmax9_32 - ok
17:17:20.0795 5384  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:17:20.0805 5384  Microsoft Office Groove Audit Service - ok
17:17:20.0825 5384  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:17:20.0855 5384  MMCSS - ok
17:17:20.0875 5384  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:17:20.0895 5384  Modem - ok
17:17:20.0925 5384  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:17:20.0935 5384  monitor - ok
17:17:20.0945 5384  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:17:20.0955 5384  mouclass - ok
17:17:20.0965 5384  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:17:20.0975 5384  mouhid - ok
17:17:21.0005 5384  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:17:21.0015 5384  mountmgr - ok
17:17:21.0025 5384  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
17:17:21.0045 5384  mpio - ok
17:17:21.0055 5384  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:17:21.0085 5384  mpsdrv - ok
17:17:21.0115 5384  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:17:21.0145 5384  MpsSvc - ok
17:17:21.0165 5384  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:17:21.0175 5384  MRxDAV - ok
17:17:21.0185 5384  [ F4A054BE78AF7F410129C4B64B07DC9B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:21.0215 5384  mrxsmb - ok
17:17:21.0225 5384  [ DEFFA295BD1895C6ED8E3078412AC60B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:21.0255 5384  mrxsmb10 - ok
17:17:21.0265 5384  [ 24D76ABE5DCAD22F19D105F76FDF0CE1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:21.0285 5384  mrxsmb20 - ok
17:17:21.0295 5384  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:17:21.0305 5384  msahci - ok
17:17:21.0335 5384  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
17:17:21.0345 5384  msdsm - ok
17:17:21.0355 5384  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:17:21.0365 5384  MSDTC - ok
17:17:21.0385 5384  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:17:21.0405 5384  Msfs - ok
17:17:21.0415 5384  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:17:21.0445 5384  mshidkmdf - ok
17:17:21.0445 5384  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
17:17:21.0455 5384  msisadrv - ok
17:17:21.0485 5384  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:17:21.0505 5384  MSiSCSI - ok
17:17:21.0515 5384  msiserver - ok
17:17:21.0535 5384  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:17:21.0555 5384  MSKSSRV - ok
17:17:21.0585 5384  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:21.0605 5384  MSPCLOCK - ok
17:17:21.0615 5384  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:17:21.0645 5384  MSPQM - ok
17:17:21.0665 5384  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:17:21.0675 5384  MsRPC - ok
17:17:21.0685 5384  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:17:21.0695 5384  mssmbios - ok
17:17:21.0715 5384  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:17:21.0735 5384  MSTEE - ok
17:17:21.0755 5384  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:17:21.0765 5384  MTConfig - ok
17:17:21.0765 5384  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:17:21.0775 5384  Mup - ok
17:17:21.0805 5384  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
17:17:21.0835 5384  napagent - ok
17:17:21.0845 5384  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:17:21.0865 5384  NativeWifiP - ok
17:17:21.0885 5384  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:17:21.0905 5384  NDIS - ok
17:17:21.0925 5384  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:21.0945 5384  NdisCap - ok
17:17:21.0985 5384  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:22.0005 5384  NdisTapi - ok
17:17:22.0025 5384  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:22.0045 5384  Ndisuio - ok
17:17:22.0055 5384  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:22.0085 5384  NdisWan - ok
17:17:22.0095 5384  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:17:22.0115 5384  NDProxy - ok
17:17:22.0145 5384  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:17:22.0175 5384  NetBIOS - ok
17:17:22.0185 5384  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:17:22.0215 5384  NetBT - ok
17:17:22.0225 5384  [ F42309C4191C506B71DB5D1126D26318 ] Netlogon        C:\Windows\system32\lsass.exe
17:17:22.0235 5384  Netlogon - ok
17:17:22.0275 5384  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:17:22.0305 5384  Netman - ok
17:17:22.0335 5384  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:17:22.0345 5384  NetMsmqActivator - ok
17:17:22.0345 5384  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:17:22.0355 5384  NetPipeActivator - ok
17:17:22.0365 5384  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:17:22.0395 5384  netprofm - ok
17:17:22.0405 5384  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:17:22.0405 5384  NetTcpActivator - ok
17:17:22.0415 5384  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:17:22.0425 5384  NetTcpPortSharing - ok
17:17:22.0445 5384  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:17:22.0455 5384  nfrd960 - ok
17:17:22.0525 5384  [ 4EECD2DC44E844B3A912B2650CC6E41F ] nHancer         X:\Program Files\nHancer\nHancerService.exe
17:17:22.0525 5384  nHancer ( UnsignedFile.Multi.Generic ) - warning
17:17:22.0525 5384  nHancer - detected UnsignedFile.Multi.Generic (1)
17:17:22.0555 5384  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:17:22.0595 5384  NlaSvc - ok
17:17:22.0605 5384  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:17:22.0625 5384  Npfs - ok
17:17:22.0635 5384  npggsvc - ok
17:17:22.0645 5384  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:17:22.0675 5384  nsi - ok
17:17:22.0685 5384  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:17:22.0715 5384  nsiproxy - ok
17:17:22.0735 5384  [ 3795DCD21F740EE799FB7223234215AF ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:17:22.0765 5384  Ntfs - ok
17:17:22.0775 5384  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:17:22.0795 5384  Null - ok
17:17:22.0935 5384  [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:17:23.0065 5384  nvlddmkm - ok
17:17:23.0085 5384  [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
17:17:23.0095 5384  nvraid - ok
17:17:23.0105 5384  [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
17:17:23.0115 5384  nvstor - ok
17:17:23.0155 5384  [ B785320CBCF5021DE9945C803696C511 ] NVSvc           C:\Windows\system32\nvvsvc.exe
17:17:23.0175 5384  NVSvc - ok
17:17:23.0235 5384  [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:17:23.0255 5384  nvUpdatusService - ok
17:17:23.0275 5384  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
17:17:23.0285 5384  nv_agp - ok
17:17:23.0345 5384  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:17:23.0355 5384  odserv - ok
17:17:23.0375 5384  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:17:23.0385 5384  ohci1394 - ok
17:17:23.0425 5384  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:23.0435 5384  ose - ok
17:17:23.0455 5384  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:17:23.0465 5384  p2pimsvc - ok
17:17:23.0475 5384  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:17:23.0495 5384  p2psvc - ok
17:17:23.0515 5384  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:17:23.0535 5384  Parport - ok
17:17:23.0535 5384  [ FF4218952B51DE44FE910953A3E686B9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:17:23.0545 5384  partmgr - ok
17:17:23.0565 5384  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:17:23.0575 5384  Parvdm - ok
17:17:23.0635 5384  [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
17:17:23.0635 5384  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
17:17:23.0635 5384  PassThru Service - detected UnsignedFile.Multi.Generic (1)
17:17:23.0665 5384  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:17:23.0685 5384  PcaSvc - ok
17:17:23.0685 5384  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
17:17:23.0705 5384  pci - ok
17:17:23.0705 5384  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:17:23.0715 5384  pciide - ok
17:17:23.0725 5384  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:17:23.0745 5384  pcmcia - ok
17:17:23.0745 5384  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:17:23.0755 5384  pcw - ok
17:17:23.0775 5384  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:17:23.0805 5384  PEAUTH - ok
17:17:23.0845 5384  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:17:23.0865 5384  PeerDistSvc - ok
17:17:23.0905 5384  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
17:17:23.0945 5384  pla - ok
17:17:23.0965 5384  [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:17:23.0995 5384  PlugPlay - ok
17:17:24.0005 5384  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:17:24.0025 5384  PNRPAutoReg - ok
17:17:24.0035 5384  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:17:24.0045 5384  PNRPsvc - ok
17:17:24.0065 5384  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:17:24.0095 5384  PolicyAgent - ok
17:17:24.0105 5384  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
17:17:24.0135 5384  Power - ok
17:17:24.0165 5384  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:17:24.0195 5384  PptpMiniport - ok
17:17:24.0205 5384  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:17:24.0215 5384  Processor - ok
17:17:24.0255 5384  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc         C:\Windows\system32\profsvc.dll
17:17:24.0285 5384  ProfSvc - ok
17:17:24.0295 5384  [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:17:24.0315 5384  ProtectedStorage - ok
17:17:24.0325 5384  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:17:24.0355 5384  Psched - ok
17:17:24.0375 5384  [ 0B6DEA0A1662CAB8F2BF339DC0752EF4 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:17:24.0385 5384  PSI_SVC_2 - ok
17:17:24.0425 5384  [ 2F4FADDCDBC6DC301F3CB9FFFB4B4A09 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
17:17:24.0435 5384  pwdrvio - ok
17:17:24.0475 5384  [ B75CF7AAE69964EBBE5B875AC81231CD ] pwdspio         C:\Windows\system32\pwdspio.sys
17:17:24.0485 5384  pwdspio - ok
17:17:24.0525 5384  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:17:24.0555 5384  ql2300 - ok
17:17:24.0565 5384  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:17:24.0575 5384  ql40xx - ok
17:17:24.0605 5384  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:17:24.0625 5384  QWAVE - ok
17:17:24.0635 5384  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:17:24.0645 5384  QWAVEdrv - ok
17:17:24.0705 5384  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
17:17:24.0715 5384  RapiMgr - ok
17:17:24.0725 5384  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:17:24.0755 5384  RasAcd - ok
17:17:24.0785 5384  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:17:24.0815 5384  RasAgileVpn - ok
17:17:24.0835 5384  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:17:24.0865 5384  RasAuto - ok
17:17:24.0865 5384  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:17:24.0895 5384  Rasl2tp - ok
17:17:24.0915 5384  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
17:17:24.0945 5384  RasMan - ok
17:17:24.0955 5384  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:17:24.0975 5384  RasPppoe - ok
17:17:24.0985 5384  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:17:25.0015 5384  RasSstp - ok
17:17:25.0025 5384  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:17:25.0055 5384  rdbss - ok
17:17:25.0055 5384  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:17:25.0075 5384  rdpbus - ok
17:17:25.0075 5384  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:17:25.0105 5384  RDPCDD - ok
17:17:25.0165 5384  [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:17:25.0175 5384  RDPDR - ok
17:17:25.0195 5384  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:17:25.0215 5384  RDPENCDD - ok
17:17:25.0235 5384  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:17:25.0265 5384  RDPREFMP - ok
17:17:25.0285 5384  [ 801371BA9782282892D00AADB08EE367 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:17:25.0315 5384  RDPWD - ok
17:17:25.0335 5384  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:17:25.0355 5384  rdyboost - ok
17:17:25.0365 5384  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:17:25.0395 5384  RemoteAccess - ok
17:17:25.0425 5384  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:17:25.0455 5384  RemoteRegistry - ok
17:17:25.0495 5384  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:17:25.0505 5384  RFCOMM - ok
17:17:25.0535 5384  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:17:25.0555 5384  RpcEptMapper - ok
17:17:25.0575 5384  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:17:25.0585 5384  RpcLocator - ok
17:17:25.0605 5384  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
17:17:25.0635 5384  RpcSs - ok
17:17:25.0665 5384  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:17:25.0695 5384  rspndr - ok
17:17:25.0705 5384  [ 5423D8437051E89DD34749F242C98648 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
17:17:25.0715 5384  s3cap - ok
17:17:25.0725 5384  [ F42309C4191C506B71DB5D1126D26318 ] SamSs           C:\Windows\system32\lsass.exe
17:17:25.0735 5384  SamSs - ok
17:17:25.0765 5384  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
17:17:25.0775 5384  sbp2port - ok
17:17:25.0795 5384  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:17:25.0825 5384  SCardSvr - ok
17:17:25.0835 5384  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:17:25.0855 5384  scfilter - ok
17:17:25.0875 5384  [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule        C:\Windows\system32\schedsvc.dll
17:17:25.0915 5384  Schedule - ok
17:17:25.0925 5384  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:17:25.0955 5384  SCPolicySvc - ok
17:17:25.0965 5384  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:17:25.0975 5384  SDRSVC - ok
17:17:26.0005 5384  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:17:26.0035 5384  secdrv - ok
17:17:26.0045 5384  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:17:26.0075 5384  seclogon - ok
17:17:26.0085 5384  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:17:26.0115 5384  SENS - ok
17:17:26.0145 5384  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:17:26.0155 5384  SensrSvc - ok
17:17:26.0165 5384  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:17:26.0185 5384  Serenum - ok
17:17:26.0195 5384  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:17:26.0205 5384  Serial - ok
17:17:26.0215 5384  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:17:26.0235 5384  sermouse - ok
17:17:26.0245 5384  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
17:17:26.0275 5384  SessionEnv - ok
17:17:26.0285 5384  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:17:26.0295 5384  sffdisk - ok
17:17:26.0305 5384  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:17:26.0325 5384  sffp_mmc - ok
17:17:26.0335 5384  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:17:26.0346 5384  sffp_sd - ok
17:17:26.0356 5384  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:17:26.0366 5384  sfloppy - ok
17:17:26.0406 5384  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:17:26.0426 5384  SharedAccess - ok
17:17:26.0456 5384  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:17:26.0466 5384  ShellHWDetection - ok
17:17:26.0486 5384  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
17:17:26.0496 5384  sisagp - ok
17:17:26.0526 5384  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:17:26.0536 5384  SiSRaid2 - ok
17:17:26.0556 5384  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:17:26.0566 5384  SiSRaid4 - ok
17:17:26.0616 5384  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:17:26.0626 5384  SkypeUpdate - ok
17:17:26.0656 5384  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:17:26.0686 5384  Smb - ok
17:17:26.0726 5384  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:17:26.0746 5384  SNMPTRAP - ok
17:17:26.0766 5384  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:17:26.0776 5384  spldr - ok
17:17:26.0786 5384  [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler         C:\Windows\System32\spoolsv.exe
17:17:26.0806 5384  Spooler - ok
17:17:26.0856 5384  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:17:26.0906 5384  sppsvc - ok
17:17:26.0916 5384  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:17:26.0946 5384  sppuinotify - ok
17:17:26.0956 5384  [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:17:26.0986 5384  srv - ok
17:17:26.0986 5384  [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:17:27.0016 5384  srv2 - ok
17:17:27.0026 5384  [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:17:27.0046 5384  srvnet - ok
17:17:27.0066 5384  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:17:27.0096 5384  SSDPSRV - ok
17:17:27.0126 5384  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:17:27.0136 5384  ssmdrv - ok
17:17:27.0146 5384  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:17:27.0176 5384  SstpSvc - ok
17:17:27.0226 5384  [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:17:27.0236 5384  Stereo Service - ok
17:17:27.0256 5384  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:17:27.0266 5384  stexstor - ok
17:17:27.0286 5384  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:17:27.0306 5384  StiSvc - ok
17:17:27.0336 5384  [ 957E346CA948668F2496A6CCF6FF82CC ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
17:17:27.0346 5384  storflt - ok
17:17:27.0366 5384  [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
17:17:27.0376 5384  storvsc - ok
17:17:27.0386 5384  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:17:27.0396 5384  swenum - ok
17:17:27.0416 5384  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:17:27.0446 5384  swprv - ok
17:17:27.0486 5384  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
17:17:27.0516 5384  SysMain - ok
17:17:27.0536 5384  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:17:27.0556 5384  TabletInputService - ok
17:17:27.0576 5384  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:17:27.0606 5384  TapiSrv - ok
17:17:27.0626 5384  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:17:27.0656 5384  TBS - ok
17:17:27.0686 5384  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:17:27.0716 5384  Tcpip - ok
17:17:27.0756 5384  [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:17:27.0786 5384  TCPIP6 - ok
17:17:27.0796 5384  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:17:27.0826 5384  tcpipreg - ok
17:17:27.0846 5384  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:17:27.0866 5384  TDPIPE - ok
17:17:27.0886 5384  [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:17:27.0906 5384  TDTCP - ok
17:17:27.0916 5384  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:17:27.0946 5384  tdx - ok
17:17:27.0946 5384  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:17:27.0956 5384  TermDD - ok
17:17:27.0976 5384  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
17:17:28.0006 5384  TermService - ok
17:17:28.0026 5384  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:17:28.0036 5384  Themes - ok
17:17:28.0046 5384  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:17:28.0076 5384  THREADORDER - ok
17:17:28.0096 5384  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:17:28.0126 5384  TrkWks - ok
17:17:28.0166 5384  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:17:28.0176 5384  TrustedInstaller - ok
17:17:28.0196 5384  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:28.0216 5384  tssecsrv - ok
17:17:28.0236 5384  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:17:28.0256 5384  tunnel - ok
17:17:28.0286 5384  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:17:28.0296 5384  uagp35 - ok
17:17:28.0316 5384  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:17:28.0336 5384  udfs - ok
17:17:28.0366 5384  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:17:28.0386 5384  UI0Detect - ok
17:17:28.0396 5384  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
17:17:28.0406 5384  uliagpkx - ok
17:17:28.0416 5384  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:17:28.0426 5384  umbus - ok
17:17:28.0446 5384  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:17:28.0466 5384  UmPass - ok
17:17:28.0486 5384  [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:17:28.0506 5384  UmRdpService - ok
17:17:28.0526 5384  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:17:28.0556 5384  upnphost - ok
17:17:28.0616 5384  [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:17:28.0636 5384  usbaudio - ok
17:17:28.0656 5384  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:28.0676 5384  usbccgp - ok
17:17:28.0696 5384  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:17:28.0706 5384  usbcir - ok
17:17:28.0726 5384  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:17:28.0736 5384  usbehci - ok
17:17:28.0756 5384  [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:17:28.0766 5384  usbhub - ok
17:17:28.0786 5384  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:17:28.0796 5384  usbohci - ok
17:17:28.0826 5384  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:17:28.0846 5384  usbprint - ok
17:17:28.0866 5384  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:17:28.0876 5384  usbscan - ok
17:17:28.0896 5384  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:28.0906 5384  USBSTOR - ok
17:17:28.0906 5384  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:17:28.0916 5384  usbuhci - ok
17:17:28.0946 5384  [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:17:28.0956 5384  usbvideo - ok
17:17:28.0996 5384  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
17:17:29.0006 5384  usb_rndisx - ok
17:17:29.0026 5384  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:17:29.0046 5384  UxSms - ok
17:17:29.0056 5384  [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc        C:\Windows\system32\lsass.exe
17:17:29.0076 5384  VaultSvc - ok
17:17:29.0096 5384  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
17:17:29.0106 5384  vdrvroot - ok
17:17:29.0116 5384  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
17:17:29.0136 5384  vds - ok
17:17:29.0166 5384  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:29.0176 5384  vga - ok
17:17:29.0186 5384  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:17:29.0216 5384  VgaSave - ok
17:17:29.0236 5384  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
17:17:29.0246 5384  vhdmp - ok
17:17:29.0266 5384  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
17:17:29.0276 5384  viaagp - ok
17:17:29.0296 5384  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:17:29.0306 5384  ViaC7 - ok
17:17:29.0316 5384  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
17:17:29.0326 5384  viaide - ok
17:17:29.0357 5384  [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
17:17:29.0367 5384  vmbus - ok
17:17:29.0387 5384  [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
17:17:29.0397 5384  VMBusHID - ok
17:17:29.0407 5384  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
17:17:29.0417 5384  volmgr - ok
17:17:29.0427 5384  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:17:29.0437 5384  volmgrx - ok
17:17:29.0447 5384  [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
17:17:29.0457 5384  volsnap - ok
17:17:29.0507 5384  [ 4F4125C8E7FB75FED141316E0DFEBE4F ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:17:29.0517 5384  vpnagent - ok
17:17:29.0547 5384  [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
17:17:29.0557 5384  vpnva - ok
17:17:29.0577 5384  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:17:29.0587 5384  vsmraid - ok
17:17:29.0637 5384  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
17:17:29.0657 5384  VSS - ok
17:17:29.0677 5384  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:17:29.0687 5384  vwifibus - ok
17:17:29.0697 5384  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:17:29.0727 5384  W32Time - ok
17:17:29.0747 5384  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:17:29.0757 5384  WacomPen - ok
17:17:29.0777 5384  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:17:29.0807 5384  WANARP - ok
17:17:29.0807 5384  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:17:29.0837 5384  Wanarpv6 - ok
17:17:29.0867 5384  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
17:17:29.0887 5384  wbengine - ok
17:17:29.0907 5384  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:17:29.0917 5384  WbioSrvc - ok
17:17:29.0947 5384  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
17:17:29.0957 5384  WcesComm - ok
17:17:29.0977 5384  [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:17:29.0997 5384  wcncsvc - ok
17:17:30.0007 5384  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:17:30.0017 5384  WcsPlugInService - ok
17:17:30.0037 5384  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:17:30.0047 5384  Wd - ok
17:17:30.0057 5384  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:17:30.0077 5384  Wdf01000 - ok
17:17:30.0087 5384  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:17:30.0097 5384  WdiServiceHost - ok
17:17:30.0107 5384  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:17:30.0117 5384  WdiSystemHost - ok
17:17:30.0137 5384  [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient       C:\Windows\System32\webclnt.dll
17:17:30.0157 5384  WebClient - ok
17:17:30.0167 5384  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:17:30.0197 5384  Wecsvc - ok
17:17:30.0207 5384  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:17:30.0237 5384  wercplsupport - ok
17:17:30.0247 5384  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:17:30.0277 5384  WerSvc - ok
17:17:30.0297 5384  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:17:30.0327 5384  WfpLwf - ok
17:17:30.0337 5384  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:17:30.0347 5384  WIMMount - ok
17:17:30.0397 5384  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:17:30.0417 5384  WinDefend - ok
17:17:30.0427 5384  WinHttpAutoProxySvc - ok
17:17:30.0467 5384  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:17:30.0497 5384  Winmgmt - ok
17:17:30.0537 5384  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:17:30.0567 5384  WinRM - ok
17:17:30.0607 5384  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WINUSB          C:\Windows\system32\DRIVERS\WinUSB.SYS
17:17:30.0627 5384  WINUSB - ok
17:17:30.0647 5384  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:17:30.0667 5384  Wlansvc - ok
17:17:30.0687 5384  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:17:30.0697 5384  WmiAcpi - ok
17:17:30.0727 5384  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:17:30.0737 5384  wmiApSrv - ok
17:17:30.0797 5384  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:17:30.0827 5384  WMPNetworkSvc - ok
17:17:30.0847 5384  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:17:30.0857 5384  WPCSvc - ok
17:17:30.0867 5384  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:17:30.0887 5384  WPDBusEnum - ok
17:17:30.0897 5384  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:17:30.0927 5384  ws2ifsl - ok
17:17:30.0937 5384  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:17:30.0947 5384  wscsvc - ok
17:17:30.0987 5384  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
17:17:30.0997 5384  WSDPrintDevice - ok
17:17:31.0007 5384  [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
17:17:31.0027 5384  WSDScan - ok
17:17:31.0027 5384  WSearch - ok
17:17:31.0067 5384  [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:17:31.0117 5384  wuauserv - ok
17:17:31.0137 5384  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:17:31.0157 5384  WudfPf - ok
17:17:31.0177 5384  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:31.0197 5384  WUDFRd - ok
17:17:31.0217 5384  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:17:31.0247 5384  wudfsvc - ok
17:17:31.0257 5384  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:17:31.0267 5384  WwanSvc - ok
17:17:31.0297 5384  ================ Scan global ===============================
17:17:31.0317 5384  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
17:17:31.0327 5384  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
17:17:31.0337 5384  [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
17:17:31.0347 5384  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:17:31.0367 5384  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:17:31.0377 5384  [Global] - ok
17:17:31.0377 5384  ================ Scan MBR ==================================
17:17:31.0387 5384  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:17:31.0607 5384  \Device\Harddisk0\DR0 - ok
17:17:31.0607 5384  ================ Scan VBR ==================================
17:17:31.0617 5384  [ 7F1329E1311C585B900CFAD06CBFD964 ] \Device\Harddisk0\DR0\Partition1
17:17:31.0617 5384  \Device\Harddisk0\DR0\Partition1 - ok
17:17:31.0617 5384  [ 58E562ECE8680D26ADAA19835E11704E ] \Device\Harddisk0\DR0\Partition2
17:17:31.0617 5384  \Device\Harddisk0\DR0\Partition2 - ok
17:17:31.0647 5384  [ 9495710C5438121BDAB590A9F0A761D2 ] \Device\Harddisk0\DR0\Partition3
17:17:31.0647 5384  \Device\Harddisk0\DR0\Partition3 - ok
17:17:31.0647 5384  ============================================================
17:17:31.0647 5384  Scan finished
17:17:31.0647 5384  ============================================================
17:17:31.0657 1304  Detected object count: 8
17:17:31.0657 1304  Actual detected object count: 8
17:17:36.0317 1304  BBDemon ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0317 1304  BBDemon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0317 1304  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0317 1304  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0317 1304  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0317 1304  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0317 1304  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0317 1304  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0317 1304  iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0317 1304  iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0317 1304  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0317 1304  mi-raysat_3dsmax2010_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0327 1304  nHancer ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0327 1304  nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:17:36.0327 1304  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:36.0327 1304  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 30.05.2013, 16:19   #9
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.05.2013, 16:39   #10
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Hier der Combofix Log:

Code:
ATTFilter
ComboFix 13-05-30.02 - Martin 30.05.2013  17:25:08.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.3327.2016 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Local\lame_enc.dll
c:\users\Martin\AppData\Local\no23xwrapper.dll
c:\users\Martin\AppData\Local\ogg.dll
c:\users\Martin\AppData\Local\vorbis.dll
c:\users\Martin\AppData\Local\vorbisenc.dll
c:\users\Martin\AppData\Local\vorbisfile.dll
c:\users\Martin\AppData\Roaming\csio.dll
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ijl11.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-30  ))))))))))))))))))))))))))))))
.
.
2013-05-25 11:23 . 2013-05-27 17:29	--------	d-----w-	c:\users\Martin\AppData\Roaming\FileZilla
2013-05-22 14:25 . 2013-05-22 14:25	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-22 14:25 . 2013-05-22 14:25	--------	d-----w-	c:\program files\iPod
2013-05-12 16:19 . 2013-03-07 11:37	2888384	----a-w-	c:\windows\system32\pwNative.exe
2013-05-12 16:19 . 2013-03-07 11:37	15576	------w-	c:\windows\system32\pwdrvio.sys
2013-05-12 16:19 . 2013-03-07 11:36	10200	------w-	c:\windows\system32\pwdspio.sys
2013-05-12 16:19 . 2013-05-12 16:19	--------	d-----w-	c:\program files\MiniTool Partition Wizard Home Edition 7.8
2013-05-12 15:47 . 2013-05-12 15:47	--------	d-----w-	c:\program files\HD2 Toolkit
2013-05-08 19:11 . 2013-05-08 19:11	--------	d-----w-	c:\program files\Common Files\Java
2013-05-08 19:10 . 2013-04-04 03:35	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-05-08 18:05 . 2013-05-08 18:05	--------	d-----w-	c:\program files\insight3d
2013-05-08 17:53 . 2013-05-08 17:53	10669384	----a-r-	c:\users\Martin\AppData\Roaming\Microsoft\Installer\{A4003C3C-30EF-41F6-87DD-33DDC471651C}\PhotoSceneEditor.exe
2013-05-08 15:04 . 2013-05-08 15:04	--------	d-----w-	c:\users\Martin\AppData\Local\SmartFTP Client 4.1 Setup
2013-05-07 20:44 . 2013-05-07 20:43	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 20:56 . 2013-05-02 20:56	--------	d-----w-	c:\users\Martin\AppData\Roaming\flightgear.org
2013-05-02 20:56 . 2013-05-02 20:56	--------	d-----w-	c:\programdata\flightgear.org
2013-05-02 20:56 . 2013-05-02 20:56	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2013-05-02 20:56 . 2013-05-02 20:56	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2013-05-02 20:56 . 2013-05-02 20:56	--------	d-----w-	c:\program files\OpenAL
2013-04-30 15:59 . 2013-04-30 15:59	--------	d-----w-	c:\users\Martin\AppData\Local\GMap.NET
2013-04-30 15:58 . 2013-04-30 15:58	--------	d-----w-	c:\program files\DIFX
2013-04-30 15:57 . 2013-04-30 15:59	--------	d-----w-	c:\program files\APM Planner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 19:46 . 2012-04-26 21:19	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 19:46 . 2011-05-18 04:32	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-31 21:51 . 2013-03-03 19:13	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-31 21:51 . 2013-03-03 19:13	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-31 21:51 . 2013-03-03 19:13	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-10 15:00 . 2013-01-29 22:01	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-10 15:00 . 2011-01-25 23:27	782240	----a-w-	c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-03 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplyEsf-eDocPrintPro]
2010-11-25 11:30	315392	----a-w-	c:\program files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-24 17:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 08:18	1185112	----a-w-	c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CompanionLink]
2011-03-02 06:43	22230016	----a-w-	d:\program files\CompanionLink\CompanionLink.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-24 13:19	3478336	----a-w-	d:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	----a-w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoodSync]
2012-11-30 09:39	2194648	----a-w-	d:\program files\Siber Systems\GoodSync\GoodSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 12:59	152392	----a-w-	d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBUCATS]
2007-02-22 04:12	73728	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\lxbutime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50	18642024	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2009-07-14 01:14	51712	----a-w-	c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-05-03 20:25	4573184	----a-w-	c:\users\Martin\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-05-03 20:25	1105408	----a-w-	c:\users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2012-02-16 13:29	114992	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
2012-02-26 14:01	295728	----a-w-	c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
.
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;d:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 DxkgFilter;Filtering Dxkg;d:\program files\iDisplay\idisplay.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.313\McCHSvc.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBDemon;Backbone Service;d:\program files\Dassault Systemes\R20B20\intel_a\code\bin\CATSysDemon.exe [x]
S2 GsServer;GoodSync Server;d:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 19:46]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 22:24]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 22:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{2CA416F6-55F8-461A-B1D4-A0FB030B6945}: NameServer = 212.18.3.5 212.18.0.5
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2k1ibfdb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - ExtSQL: 2013-04-07 22:25; foxyproxy@eric.h.jung; c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\2k1ibfdb.default\extensions\foxyproxy@eric.h.jung
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKCU-Run-Zaemectiot - c:\users\Martin\AppData\Roaming\Ehma\zayl.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-LogMeIn Hamachi Ui - d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
AddRemove-GeoGebra WebStart - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-30  17:35:54
ComboFix-quarantined-files.txt  2013-05-30 15:35
.
Vor Suchlauf: 12 Verzeichnis(se), 39.287.275.520 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 39.186.554.880 Bytes frei
.
- - End Of File - - BAF694CC39EC2C30D85259D670333A27
         

Alt 30.05.2013, 16:42   #11
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.05.2013, 19:38   #12
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Malwarebytes läuft bereits seit 3 Stunden und hat 6 infizierte Objekte gefunden.

Nun ist ein weiteres Problem aufgetreten. Eine Webseite die ich aktuell halte zeigt nun beim Aufruf an, dass sie schädliche Dateien verbreiten kann. Wir haben diesbezüglich schon eine email vom Anbieter bekommen.

Jetzt überlege ich ob ich nicht doch meinen PC neu aufsetzten sollte.. Mir stellt sich dabei nur die Frage was passiert wenn ich meine Dokumente auf eine externe Festplatte speichere. Besteht da kein Risiko, dass die Schadsoftware mit gespeichert wird und sich dann wieder auf dem neuen System ausbreitet? Wie kann ich also sicher gehen dass meine Dokumente, Bilder usw. frei sind wenn ich sie sichere?

Alt 30.05.2013, 20:15   #13
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Hi,
die Seite dann aber noch nicht mit dem frisch aufgesetztem PC besuchen, wir müssen ihn dann erst absichern.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.05.2013, 20:50   #14
DT_Martin
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



Okay. Dann danke schonmal für die heutige Hilfe, war echt super!

Ich werde das Neuaufsetzen morgen, bzw. übers Wochenende angehen wenn ich eine geeignete externe Festplatte zum sichern habe.

Gruß,

Martin

Alt 30.05.2013, 21:13   #15
markusg
/// Malware-holic
 
Online Banking gesperrt - Schadsoftware - Standard

Online Banking gesperrt - Schadsoftware



genau, meld dich dann einfach
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Online Banking gesperrt - Schadsoftware
7-zip, avira, banking, bho, bonjour, desktop, error, excel, failed, fehler, flash player, google, helper, home, hängen, install.exe, logfile, monitor.exe, mozilla, msiexec.exe, myphoneexplorer, object, online, problem, registry, scan, schadsoftware, security, senden, server, sketchup, spotify web helper, svchost.exe, taskhost.exe, teamspeak, visual studio, windows



Ähnliche Themen: Online Banking gesperrt - Schadsoftware


  1. Online Banking gesperrt wg. Phishing
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (9)
  2. Windows 7: Schadsoftware bei Online-Banking, nach Entfernung läuft MSE nur sporadisch
    Log-Analyse und Auswertung - 13.11.2013 (16)
  3. Sparkassen-Trojaner - Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (33)
  4. Trojaner-Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  5. Online-Banking gesperrt : Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (27)
  6. Ebay und Online Banking Account gesperrt
    Log-Analyse und Auswertung - 28.07.2011 (1)
  7. trojaner an bord! online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.07.2011 (25)
  8. Gozi online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (24)
  9. online banking gesperrt wegen gozi
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (26)
  10. online banking dank gozi gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (24)
  11. Online-Banking u. mehr gesperrt - wo ist der Übeltäter?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (15)
  12. Online-Banking gesperrt wegen Schadsoftware
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (13)
  13. Online-Banking gesperrt - Trojaner Gozi?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2010 (18)
  14. Online Banking gesperrt und Rechnerabsturz
    Log-Analyse und Auswertung - 15.11.2010 (3)
  15. Online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (1)
  16. Online Banking gesperrt...
    Log-Analyse und Auswertung - 07.07.2010 (1)
  17. online-banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 07.03.2010 (28)

Zum Thema Online Banking gesperrt - Schadsoftware - Hallo liebe Trojanerbekämpfer! Da mein Online Banking bei der Sparkasse aufgrund einer Schadsoftware gesperrt wurde, habe ich gleich einmal danach gegoogelt und bin hier aufs Forum gestoßen. Hier habe ich - Online Banking gesperrt - Schadsoftware...
Archiv
Du betrachtest: Online Banking gesperrt - Schadsoftware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.