Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU-Trojaner mit Webcam (https://www.trojaner-board.de/118542-gvu-trojaner-webcam.html)

TomK 04.07.2012 17:06
GVU-Trojaner mit Webcam
 
Hallo zusammen,
habe mir den allseits-bekannten GVU-Trojaner in einem Fußball-Video (!!!) eingefangen. Pc funktioniert wieder einwandfrei, Malewarebytes hat eine infizierte Datei gefunden, die ich sofort gelöscht hab (da in TEMP-Ordner). Betriebssystem ist Windows 7 64bit. Log-Datei von Malewarebytes ist angehängt.

Vielen Dank Schonmal!

:dankeschoen:

markusg 04.07.2012 19:10
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

TomK 04.07.2012 19:27
Hallo, danke für die schnelle Antwort!

Hier die Log-Dateien:

otl.txt
OTL Logfile:
Code:
OTL logfile created on: 04.07.2012 20:14:05 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Thomas\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free
15,96 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 24,32 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,74 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.04 20:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.30 22:48:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.30 04:18:51 | 003,537,920 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.05 14:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 08:28:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 08:19:15 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 08:19:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:18:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 08:33:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.11 08:30:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 08:30:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.11 08:30:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 08:30:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 08:30:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 08:30:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 08:30:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012.03.21 14:10:22 | 002,941,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2012.03.09 09:46:20 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_36_Win32.dll
MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2012.01.07 10:54:16 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_04.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.05.24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.17 10:26:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.30 22:48:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.04.04 21:08:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.05 14:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 14:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 13:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.02.08 13:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.07 14:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009.10.07 14:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009.07.14 16:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.10 12:58:52 | 000,014,720 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ValoFltr.sys -- (ValFltr)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.10.15 14:40:27 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.01.19 16:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/17 14:17:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD C4 8B 88 F7 89 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:51:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:51:34 | 000,000,000 | ---D | M]
 
[2011.12.26 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2011.12.26 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.02 19:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\evgnoy8d.default\extensions
[2012.06.15 08:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 08:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.17 10:26:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.07 23:58:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.07 23:58:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.07 23:58:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.07 23:58:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.07 23:58:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.07 23:58:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{088E31CA-7CEA-497B-9BC2-A354B4EB49F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13B5FBCC-D6F6-4C0E-B291-C89DF70748B7}: NameServer = 192.168.111.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A565CC81-69B4-44AB-965B-D6DFE1DCDE06}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0dbf91d2-f8a7-11e0-a68f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0dbf91d2-f8a7-11e0-a68f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\BD-COMBO.exe
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: InstantBurn - hkey= - key= - C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LaCie EDBrowser Startup - hkey= - key= - C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe (LaCie SA)
MsConfig:64bit - StartUpReg: LaCie Ethernet Agent Startup - hkey= - key= - C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe (LaCie SA)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Name of App - hkey= - key= - C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RoccatValo - hkey= - key= - C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE (ROCCAT)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Spiele\Valve\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.04 20:12:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.07.04 17:20:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.07.04 17:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.04 17:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 17:20:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.04 17:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.04 17:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700048FE400244E3CB4EB2331
[2012.07.04 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Iczyb
[2012.07.04 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Doofwa
[2012.06.19 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.06.19 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Htc
[2012.06.19 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\HTC
[2012.06.19 13:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012.06.19 13:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.06.19 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.06.19 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.06.17 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Buch
[2012.06.17 10:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.17 10:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.06.15 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Macromedia
[2012.06.12 15:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.12 15:29:49 | 000,000,000 | ---D | C] -- C:\glassfish3
[2012.06.12 15:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eclipse
[2012.06.05 17:01:42 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Documents\Meine Shapes
[2011.10.17 14:08:19 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Thomas\AppData\Roaming\tsdnwin.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.04 20:15:19 | 001,628,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 20:15:19 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 20:15:19 | 000,657,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 20:15:19 | 000,150,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 20:15:19 | 000,122,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 20:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.07.04 20:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 20:10:31 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 17:58:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 17:58:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 17:50:58 | 000,000,020 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.07.04 17:22:38 | 000,001,344 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.07.04 17:09:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.06.17 11:49:23 | 000,052,396 | ---- | M] () -- C:\Users\Thomas\Desktop\TicketMachine - Quittung.pdf
[2012.06.17 11:48:40 | 000,204,651 | ---- | M] () -- C:\Users\Thomas\Desktop\Tickets-Kaltenberger-Ritterturnier.pdf
[2012.06.14 08:18:34 | 000,433,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.04 17:50:58 | 000,000,020 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2012.07.04 17:05:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.06.17 11:49:23 | 000,052,396 | ---- | C] () -- C:\Users\Thomas\Desktop\TicketMachine - Quittung.pdf
[2012.06.17 11:48:39 | 000,204,651 | ---- | C] () -- C:\Users\Thomas\Desktop\Tickets-Kaltenberger-Ritterturnier.pdf
[2012.04.20 13:30:09 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.01.19 22:20:16 | 000,007,605 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.15 20:21:54 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll
[2012.01.11 15:26:48 | 000,002,048 | -HS- | C] () -- C:\Users\Thomas\AppData\Local\{f823a6bb-9ce9-8270-7ddb-420c01e30a24}\@
[2011.11.17 14:01:24 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011.11.17 14:01:24 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011.11.17 14:01:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011.11.17 14:01:24 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011.11.17 14:01:24 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.10.26 17:02:49 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.26 17:02:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.17 16:17:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.10.17 14:06:15 | 000,000,447 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011.10.14 20:21:17 | 001,605,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.14 00:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.22 19:08:56 | 003,902,976 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.08.22 21:07:48 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.08.22 21:07:02 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.08.22 21:07:00 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.08.22 21:06:30 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.08.22 21:06:30 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.08.22 21:06:30 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.08.22 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.08.22 21:06:28 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.08.22 21:06:26 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.08.22 21:06:26 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2012.01.29 16:05:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.14 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
[2012.07.04 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Doofwa
[2012.07.04 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012.01.22 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreePDF
[2012.06.19 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\HTC
[2012.06.19 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.07.04 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Iczyb
[2011.10.16 21:16:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LaCie
[2011.12.26 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech
[2012.02.08 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mp3DirectCut
[2011.10.26 16:22:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Origin
[2012.04.18 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PunkBuster
[2011.10.17 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Red Alert 3
[2012.06.20 16:13:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SAP
[2012.04.20 12:53:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Sparx Systems
[2011.12.23 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\streamripper
[2012.01.15 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer
[2012.01.03 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TomTom
[2011.12.08 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client
[2012.02.16 21:55:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WDC
[2012.05.04 19:57:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.10.15 15:21:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.14 00:05:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.12 15:31:49 | 000,000,000 | ---D | M] -- C:\glassfish3
[2011.10.14 00:45:35 | 000,000,000 | ---D | M] -- C:\Intel
[2012.07.04 18:11:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.17 10:39:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.04 17:20:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.07.04 17:20:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.14 00:05:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.07.04 20:15:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.20 12:43:17 | 000,000,000 | ---D | M] -- C:\Taskleiste
[2011.10.15 15:21:50 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.04 18:11:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.07.04 17:50:58 | 000,000,020 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.07.04 20:17:01 | 004,456,448 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat
[2012.07.04 20:17:01 | 000,262,144 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat.LOG1
[2011.10.14 00:05:22 | 000,000,000 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat.LOG2
[2011.10.14 00:07:16 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.10.14 00:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.10.14 00:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.07.04 17:45:18 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TM.blf
[2012.07.04 17:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TMContainer00000000000000000001.regtrans-ms
[2012.07.04 17:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TMContainer00000000000000000002.regtrans-ms
[2011.10.14 00:05:22 | 000,000,020 | -HS- | M] () -- C:\Users\Thomas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 04.07.2012 20:14:05 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Thomas\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free
15,96 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 24,32 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,74 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBD55B4-3CD6-4E65-A262-67FA73BCB7B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{119EE193-F963-4704-BD6D-AA9A43D0ECB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{14CF6324-FB89-4656-AC72-ED83D78CCB50}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{202FFE1E-8FAF-4A7B-B2CD-14498CE56981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28BF0C22-91CE-42AC-BC7C-AE3A9954C0E9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FCEF182-E388-42A8-A5DA-E5096F5DF611}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{351074DC-EEEC-4C23-9460-B92EAABE8A42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{38DDB2F7-7562-4048-AB42-053FB409FC39}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D0B037E-A159-42F8-A9BD-EB3B7DC5DDF2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{402BF573-088D-458A-A34A-1890F54BC64B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{54724B11-D423-4BEB-95B0-020C063AD970}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{67BA9049-AB41-4C84-916E-AD641FECC082}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68796D20-8BA3-42AB-922B-98F97C1EA762}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{728FA9FD-3348-4531-BA13-05C0F9090971}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C6073C3-1A52-47AB-B03E-C96FE616F7BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96541E23-434F-4BB7-8C0F-03BBC78D31C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5D0E42D-F501-4246-AD87-3DB5D91823E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9B8AFBD-8C94-4BE6-82A7-8B5A97728A4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB1BD635-A0AC-4CDF-980A-653040286690}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDE9E253-22A6-4168-A7C0-1D559D932E9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{C7B14868-B220-46D0-8E60-B7780CA14FE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8A5BB41-4785-4472-9166-FF76490A7866}" = lport=138 | protocol=17 | dir=in | app=system |
"{CD13D333-6DE3-4D9C-9BD3-78DD600EB1F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD2F1C26-E156-41AA-96CF-8CB2318AB9B4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F2A1FECD-6C8F-4433-9238-01A04EC18447}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8EB1505-898C-4C63-84C1-89AE35F35053}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D36B7D-1BF4-4759-B65F-3836EEDBAA86}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{02EFD8F1-E251-464C-AD36-563E868DF3A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{080C124D-5640-40F6-81EE-31618A9D31C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{087473C5-A83D-45BA-B20A-174171A6CE9F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{08A6B61A-698F-49AC-B3C7-06E82EB0E244}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{08E4F32E-B9DB-443E-949A-F5CB5D175339}" = protocol=6 | dir=in | app=c:\program files (x86)\blizzard\diablo iii\diablo iii.exe |
"{0989812E-73F5-4E5C-A3BE-6B69E24DA8DA}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"{09B5BAEC-CCA3-4506-91B7-E9B0B28FA212}" = protocol=17 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"{0FBBDC99-DE98-4FDF-BC88-AFE2E2F0B190}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe |
"{1726497C-07AD-406A-8506-19B5D8ABE6D1}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{1BC5EC96-78ED-497E-8EAC-05CD539434B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A4B879F-CDDB-44B8-BD1B-D6142BDBB405}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B3504E5-8F64-44ED-B7BF-8050D98D0DA1}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\microsoft flight\flight.exe |
"{338E1150-CC69-4AFF-88B4-51DA5401267A}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"{3851A715-FA3A-41CF-97D6-89D0D68A1F92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{39D90F96-0BEE-4A67-BA4B-94FE987884F3}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\microsoft flight\flight.exe |
"{3B602FC1-A393-4121-BE03-78CE3F63CCE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{3B8D494E-E418-4437-9B0F-C10C3DB0E74C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{424ED136-F22E-42D5-808C-8CB765E4531E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{43687748-4ADD-4179-9FF5-6461BC47483A}" = protocol=6 | dir=out | app=system |
"{43FC1E28-F100-4948-B24F-5D9B8BCF9CDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{465EA3D1-CBAB-4A90-9B91-231BF9F156D5}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{47DE87EF-58A5-4CE1-9913-A801D2DD71F2}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"{48D01060-DDE1-48C0-BBB6-C54FE75F2EF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EB43713-31ED-4F38-984D-DE4E045A35FD}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe |
"{4EFDADE4-4B78-4777-973E-B3CD04D2517E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4F850D70-00D2-426B-85B1-8923E84400DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50B3F43F-C40A-45DE-A578-DCF7A179398A}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{50D7E9E0-DEBE-4066-97EF-687C15B886DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5353B4BD-3850-4F73-A584-E3A3CE6F7CDB}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{569926A2-BBFF-4AF0-8AEF-6A3FF16C1074}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
"{6172DB2F-DC50-492F-8896-17EC2E18A3F3}" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"{64A45F73-7BE5-41D7-ABAC-DEA2D41469B9}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C342C16-E217-4AA0-8D0C-FE2626051503}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6C9C8E46-6429-422F-9AC2-A5E89477DF64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7499ED4F-8B17-4BE6-8C64-43103F4A8E44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74C749DD-3F1F-4EB2-B42F-0450C9E09AE1}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"{75A6E212-A3B6-4BDB-A246-4B0C67079B17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{76063AAA-41E2-48A5-9378-D368FA8E7E0C}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{7863E434-BBF3-43B0-A1B3-33D5A06BED04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7876C0DE-FEFE-4A0B-AA36-B1A9F17E395B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BC07AB6-893D-4FDA-8E8B-88367A1B4672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E2DC00D-8B5E-4AF4-A1BB-4CB30FF949FF}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"{7F38FFD8-E9A2-4C5A-8655-6365CE8F3918}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{81FA04F6-5340-4EA3-9408-9C26FA65B126}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{84A2DDEC-B8DD-4C33-93D7-633F66022DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{85086AE1-8C81-41CC-988E-304BE4B16A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\blizzard\diablo iii\diablo iii.exe |
"{85C5D113-8D24-43F8-A028-CD334CC857F1}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{89F5F954-43DF-4487-A6A5-51D7928B99AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D7765E3-15EA-4EEA-BF29-12540AD283BF}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
"{90DB19F8-45BE-4D27-B995-EA157DE98CC6}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{916B7F6C-5CAC-41F5-A5E3-A94175B27C4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9275BD58-A87B-4588-B5F6-EB05615FCA72}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{953365E1-C61B-4D5A-900E-BE4B17EC55EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{961F241F-C32B-4160-8368-74006110D21A}" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
"{96E3C169-E3A2-4E54-8E65-B83B4459A5AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{98FB4666-46EE-4E64-9727-BC099E48423F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A326176-68AB-49BC-80D2-69E282747346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FF1B43A-87E2-4E8E-9750-E13D5158709F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A02A0B31-8CB1-4936-9445-34DFEF7DF2BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A4C1477A-BF50-44F6-9C54-F35FF7FB91F4}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A6AD6970-C4EC-4EB5-B60B-66CD8C3CF2CC}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{AB87CC6D-3F0E-44F7-A8B0-2616F285758E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B552337E-0CB9-4CFC-809C-7E158076462A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B5FBD0E6-2D53-4047-B42C-A58512D76ECD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B77619C1-6910-496B-9067-9D63F06F50E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8EA2489-7A0B-491B-9C0B-D0D570D42214}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe |
"{C135EAB5-9C58-4CD4-A12E-EFCF9EAC1A35}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C2DF523A-1193-45B7-9CD7-AB472145745E}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe |
"{C4BCCF61-A452-4942-BFC5-440098AA76AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C91BCA0D-965A-46E3-AF53-8B1DB708B2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB4DBA3E-066E-4220-B5EE-58913B7B5671}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE594667-3F8D-4A61-964A-EA0FDEFCBD09}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{D0CEDE4F-7DEC-47A2-A773-EE5B1F47E168}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D2D0AC07-B0BC-4B05-AF11-9B20B33BEAF6}" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"{D55EB6EB-6766-4178-AA0A-A68C8A721E1A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{DD4FD456-D53F-4370-80AC-7EE317E3A0FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E54FE20C-B3BA-4479-956F-34A894EE72A5}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"{EAF80BE1-FB67-4B1A-B786-B83E79DD0781}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB0743EE-A71E-4AF0-A37F-6A74C08CAD8F}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"{F5C263DD-265D-4C27-B649-034B40328401}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F8B65FF6-7AC9-416E-BB57-74AA3F7AA1BE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{FADFBDCB-3AD4-4508-843B-F12157E1A641}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC44CEC5-9254-4A02-B321-BE189E7097A4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCEF061B-45CB-4828-BEB7-3C8BDCE4E6FB}" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
"{FD48C85D-ECDA-4670-B052-5ECCAAF04AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FD6BEE5C-0CF4-410C-B1F6-DA0C113734E3}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"{FE0C5B36-7C68-42CD-9E2A-D718CA47575F}" = protocol=6 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"TCP Query User{15BC0B7B-8D9A-4621-B6EC-AA56B9F6DA43}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"TCP Query User{2486ACAB-2407-451E-A406-396D3237FB5A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{29505BFC-9DC3-4211-9DD6-0D622812FA4D}D:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{36FA4706-A95C-473B-811B-4C07C37B2DE0}D:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"TCP Query User{4BCF0609-AC6A-4079-ABDD-2E6E1E361563}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{553296F8-7BCE-4FD4-A536-37A444A8AAE4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{6787D372-F589-4FBF-B04E-E4BC1C71CC38}C:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"TCP Query User{8FC09335-265B-4E53-8432-C8C95330CB32}C:\users\thomas\downloads\ipconfigurator.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\ipconfigurator.exe |
"TCP Query User{91583485-0808-4D75-A26B-0C813419B235}D:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"TCP Query User{936AC66A-486B-42C9-9916-B9CCADE34DB5}D:\spiele\codemasters\dirt2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
"TCP Query User{9F78EC71-DC80-483F-81D8-0CA79B34304B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{AFBA7E60-48A2-4632-869A-786B127FE92E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{B1D745AC-8ACE-467E-AD68-75CA2414B7AD}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{B8052110-9B65-447D-AAEE-DC443AF6A495}D:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{BECFC466-E9BD-41DD-A9BC-AD2D3B6F2A20}D:\spiele\valve\steam\steam.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"TCP Query User{E17A7581-E539-435B-9441-1E98858F2EBF}D:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"TCP Query User{F5F31851-A481-41B0-B371-8F80ACB65F60}C:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{2AF66DB7-82FE-4016-B338-AF7A99C762AF}D:\spiele\valve\steam\steam.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"UDP Query User{2E1AB371-D624-4040-899E-123507CF9546}C:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"UDP Query User{301C4A0B-1E52-44B4-AA94-7B0DB7AB389D}D:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"UDP Query User{4381048E-70D6-44E5-A8B6-FE19F6F2BF51}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{4F766595-A737-40A4-90DA-813682C3EEB8}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"UDP Query User{519ECB58-EC66-4D13-8221-4B059C52CF16}C:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{560F259F-4DB4-43D0-A4A1-15316028F60E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{811641F6-4B89-428B-8A8B-1C5E66E822D4}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{92BAA70F-5C88-4292-B26F-3A10D66D06E7}C:\users\thomas\downloads\ipconfigurator.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\ipconfigurator.exe |
"UDP Query User{B2BC91E5-BC39-4C39-AC88-C067DC796D21}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{C0ED859C-5156-449B-94A4-DB32E63BEDE5}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{C5F748E6-ADFF-4527-ADDA-2B38478317D2}D:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{D713B357-6524-4E68-8D46-C72C4CDE18FD}D:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"UDP Query User{DA1CCD1C-796E-47B9-A5B2-4F6EC06DBE28}D:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{EC3E49E8-2F9F-4A32-88A4-29285CE2DF89}D:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"UDP Query User{F0F66008-FB57-4703-9AE7-01026EF7360E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{F733F87C-8667-4D4E-A2A2-F4946E69451E}D:\spiele\codemasters\dirt2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.5.2.59
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.04" = GPL Ghostscript
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7F7645-F948-98D7-18F7-1C69D7B6ACDB}" = CCC Help Portuguese
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{168BEE42-1F65-1AFF-CD77-3DB5A9F91B5E}" = CCC Help Danish
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2278744E-73C3-38C4-6991-3E1601785913}" = CCC Help Greek
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3454886D-4AB3-BF96-D378-B7F6DCA0A281}" = CCC Help Finnish
"{364B2826-EEB6-A31B-F25B-5CBB78273414}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45A3B1FC-11B6-4292-B1E3-4A0B8DDE5394}" = Xtra Controller Ex
"{45D397FE-86B1-4234-16AC-9E7DD89A3207}" = CCC Help Norwegian
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4898D29E-A858-DB50-C7D4-8554066A8DAA}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}" = Enterprise Architect 9.3  - 30 Day Trial Edition
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{59AAB74E-9A5B-D39E-E65D-6CD48DA8055F}" = CCC Help Korean
"{5CED4E8D-4508-D84A-2945-285B13852E0B}" = CCC Help French
"{61B563AC-F31E-A727-CBEA-F9648B803948}" = CCC Help Italian
"{633E917B-F74E-56D6-B8CF-3A443C260615}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B8364EA-9B85-EF54-6DEC-FC3CE9C55123}" = CCC Help Spanish
"{6C51CF89-2452-B69F-94B3-6BF3FF3A03B1}" = CCC Help Hungarian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786EBD1C-CAC0-8900-D77B-5777C5F74395}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E4BB999-4B59-1009-429B-963B6252E6DD}" = CCC Help Turkish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8334930A-9405-467B-9498-1EBC1878A09D}" = Catalyst Control Center
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5BBDA1-F311-476B-1863-C0A3073CAC86}" = CCC Help Polish
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Ethernet Agent 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6F93FB-A2DE-6CE1-57FC-8139684C07E7}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{D1BA65A8-0F0E-4ACA-9B4D-2A080C561D35}" = ROCCAT Valo Keyboard Driver
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DC9856AC-2AB5-4551-AED2-9AF92D11A04E}" = Pandasoft Video Converter
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30EE048-574F-5FD3-DA01-1126946E21C1}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Xtra Controller Ex
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2F7E361-D336-1338-A453-AB03B4818927}" = CCC Help Czech
"{F4BF6E6A-5F71-B52B-D738-B0A5C3456FED}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FDF1D75A-1F72-6C4F-1103-DC6BF5218AE6}" = CCC Help Russian
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Direct MP3 Joiner_is1" = Direct MP3 Joiner version 3.0.2.9
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"FreePDF_XP" = FreePDF (Remove only)
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"Steam App 201680" = Dungeon Defenders Demo
"Steam App 203850" = Microsoft Flight
"Steam App 300" = Day of Defeat: Source
"Steam App 65800" = Dungeon Defenders
"Streamripper" = Streamripper (Remove only)
"TomTom HOME" = TomTom HOME 2.8.3.2458
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.4.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.07.2012 04:39:48 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
 
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997
 
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2996
 
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2996
 
[ System Events ]
Error - 03.07.2012 13:12:35 | Computer Name = Thomas-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 03.07.2012 14:57:31 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.07.2012 08:37:35 | Computer Name = Thomas-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 04.07.2012 11:08:00 | Computer Name = Thomas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 17:06:19 unerwartet heruntergefahren.
 
Error - 04.07.2012 11:08:16 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.07.2012 11:09:31 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.07.2012 11:11:42 | Computer Name = Thomas-PC | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.    Versuchte
 Signaturen: %%824    Fehlercode: 0x80070002    Fehlerbeschreibung: Das System kann die
angegebene Datei nicht finden.      Signaturversion: 1.129.759.0;1.129.759.0    Modulversion:
 1.1.8502.0
 
Error - 04.07.2012 11:45:17 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.07.2012 11:51:15 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.07.2012 12:24:12 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---


Weitere Schritte? :)

:dankeschoen: !!!

TomK 06.07.2012 10:42
.................. push

markusg 06.07.2012 17:27
das pushen kannst du dir schenken, dadurch werden es hier auch nicht weniger hilfesuchene und mehr helfer und du kommst trotzdem nkicht schneller drann.
wer sofortige hilfe will, muss in ein pc gescheft gehen und dafür zahlen.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

TomK 06.07.2012 18:07
Zunächst einmal danke für die Antwort.
Mit dem Push wollte ich lediglich ein "in-Vergessen"-geraten verhindern, da ich die erste Antwort realtiv schnell erhalten habe..

Anbei das Log von ComboFix:

[Code]
Combofix Logfile:
Code:
ComboFix 12-07-06.01 - Thomas 06.07.2012  18:57:11.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8175.6828 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpAAA0.tmp
c:\windows\SysWow64\tmpAAA1.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-06 bis 2012-07-06  ))))))))))))))))))))))))))))))
.
.
2012-07-06 09:41 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2012-07-06 07:23 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54A68D53-11D5-471D-B3E0-22E5EC43830C}\mpengine.dll
2012-07-04 15:20 . 2012-07-04 15:20        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-04 15:20 . 2012-07-04 15:20        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-04 15:20 . 2012-07-04 15:20        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 15:20 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-04 15:15 . 2012-02-10 23:44        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1661CF2B-20EB-4650-9083-5F6C25EE4A97}\gapaengine.dll
2012-07-04 15:15 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 15:05 . 2012-07-04 16:11        --------        d-----w-        c:\programdata\B7E858A700048FE400244E3CB4EB2331
2012-07-04 15:05 . 2012-07-04 15:06        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Doofwa
2012-07-04 15:05 . 2012-07-04 15:05        --------        d-----w-        c:\users\Thomas\AppData\Roaming\Iczyb
2012-06-23 10:27 . 2012-06-23 10:27        --------        d-----w-        c:\users\Melanie\AppData\Local\Macromedia
2012-06-23 10:27 . 2012-07-06 04:50        --------        d-----w-        c:\users\Melanie\AppData\Local\Htc
2012-06-23 10:27 . 2012-06-23 10:27        --------        d-----w-        c:\users\Melanie\AppData\Roaming\HTC
2012-06-22 16:36 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-22 16:36 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-22 16:36 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-22 16:36 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-22 16:36 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-22 16:36 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-22 16:36 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-22 16:36 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-22 16:36 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 11:20 . 2012-07-06 07:15        --------        d-----w-        c:\users\Thomas\AppData\Local\Htc
2012-06-19 11:20 . 2012-06-19 11:20        --------        d-----w-        c:\users\Thomas\AppData\Roaming\HTC
2012-06-19 11:20 . 2012-06-19 11:20        --------        d-----w-        c:\program files (x86)\Spirent Communications
2012-06-19 11:20 . 2012-06-19 11:20        --------        d-----w-        c:\program files (x86)\HTC
2012-06-17 08:39 . 2012-06-17 08:39        --------        d-----w-        c:\program files\iPod
2012-06-17 08:39 . 2012-06-17 08:39        --------        d-----w-        c:\program files\iTunes
2012-06-17 08:39 . 2012-06-17 08:39        --------        d-----w-        c:\program files (x86)\iTunes
2012-06-15 06:20 . 2012-06-15 06:20        --------        d-----w-        c:\users\Thomas\AppData\Local\Macromedia
2012-06-13 11:04 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 11:04 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 11:04 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-13 11:04 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-12 13:33 . 2012-06-12 13:33        955848        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-06-12 13:33 . 2012-06-12 13:33        839112        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-12 13:33 . 2012-06-12 13:33        --------        d-----w-        c:\program files\Java
2012-06-12 13:29 . 2012-06-12 13:31        --------        d-----w-        C:\glassfish3
2012-06-12 13:25 . 2012-06-18 19:28        --------        d-----w-        c:\program files (x86)\eclipse
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 15:29 . 2012-04-02 07:50        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 15:29 . 2011-10-14 19:39        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 18:53 . 2011-10-27 10:31        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 18:53 . 2011-10-26 15:02        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-05-12 14:47 . 2011-10-26 15:02        283304        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 20:48 . 2011-10-26 15:02        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-04-20 10:34 . 2012-04-20 10:34        8192        ----a-r-        c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}\Icon3DF154B95.exe
2012-04-20 10:34 . 2012-04-20 10:34        55296        ----a-r-        c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}\IconCC98E8B3.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-10-14 303456]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2012-5-20 3537920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 ALSysIO;ALSysIO;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 ValFltr;ROCCAT Valo Keyboard;c:\windows\system32\drivers\ValoFltr.sys [2009-04-10 14720]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/10/17 14:17];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 14:10 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-10-15 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254 192.168.0.1
TCP: Interfaces\{13B5FBCC-D6F6-4C0E-B291-C89DF70748B7}: NameServer = 192.168.111.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\evgnoy8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3171237338-2043165809-2479679844-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F593F8FF-B05C-BC5E-3CD3-B3AD82C32923}*]
@Allowed: (Read) (RestrictedCode)
"oahfgedffejoinekceaapihflhenln"=hex:64,61,6b,64,6a,68,69,6c,00,fc
"oadelgipdohjcfllfbhchlbdbohpef"=hex:69,61,62,64,6f,6f,64,68,63,6a,69,6d,63,68,
  65,6e,6d,67,00,00
"nandjbbhhdogfhnjkcnhpionbggk"=hex:6a,61,6b,64,6d,68,6b,64,70,6a,64,66,6b,64,
  70,69,6f,68,61,68,00,ff
.
[HKEY_USERS\S-1-5-21-3171237338-2043165809-2479679844-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,fd,a0,65,e8,73,f8,8b,99,2b,bf,d2,04,43,2e,d3,b8,d4,8b,c9,59,
  7d,d6,e3,71,af,56,80,1c,90,84,d3,b9,0b,53,ee,aa,05,d1,02,e3,f4,18,f2,ed,62,\
"rkeysecu"=hex:07,0a,af,60,5b,75,7c,15,2d,72,68,e1,56,86,bb,7f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-06  19:02:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-06 17:02
.
Vor Suchlauf: 9 Verzeichnis(se), 25.994.108.928 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 26.624.720.896 Bytes frei
.
- - End Of File - - C0299CDEAD9FA7C9D165C423B0463F57
--- --- ---


Vielen Dank!

markusg 09.07.2012 19:36
poste bitte alle bisher erstellten malwarebytes logs, mit funden.

TomK 09.07.2012 19:40
Danke für die Antwort,

ich hatte nur einen Fund, das war zu Beginn. Den habe ich dann auch gelöscht. Wie kann ich die Funde sehen?

anbei die erste Logdatei:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-PC [Administrator]

Schutz: Aktiviert

04.07.2012 17:22:01
mbam-log-2012-07-04 (17-22-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 490953
Laufzeit: 22 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Thomas\AppData\Local\Temp\~!#F83E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Vielen Dank!

markusg 09.07.2012 19:42
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

TomK 09.07.2012 19:47
Hallo,

anbei der Log:

Code:
20:45:55.0521 5456        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
20:45:55.0586 5456        ============================================================
20:45:55.0586 5456        Current date / time: 2012/07/09 20:45:55.0586
20:45:55.0586 5456        SystemInfo:
20:45:55.0586 5456       
20:45:55.0586 5456        OS Version: 6.1.7601 ServicePack: 1.0
20:45:55.0586 5456        Product type: Workstation
20:45:55.0586 5456        ComputerName: THOMAS-PC
20:45:55.0587 5456        UserName: Thomas
20:45:55.0587 5456        Windows directory: C:\Windows
20:45:55.0587 5456        System windows directory: C:\Windows
20:45:55.0587 5456        Running under WOW64
20:45:55.0587 5456        Processor architecture: Intel x64
20:45:55.0587 5456        Number of processors: 4
20:45:55.0587 5456        Page size: 0x1000
20:45:55.0587 5456        Boot type: Normal boot
20:45:55.0587 5456        ============================================================
20:46:01.0215 5456        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0215 5456        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0215 5456        Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0325 5456        ============================================================
20:46:01.0325 5456        \Device\Harddisk0\DR0:
20:46:01.0326 5456        MBR partitions:
20:46:01.0326 5456        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:46:01.0326 5456        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:46:01.0326 5456        \Device\Harddisk1\DR1:
20:46:01.0326 5456        MBR partitions:
20:46:01.0326 5456        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:46:01.0326 5456        \Device\Harddisk2\DR2:
20:46:01.0327 5456        MBR partitions:
20:46:01.0327 5456        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:46:01.0327 5456        ============================================================
20:46:01.0328 5456        C: <-> \Device\Harddisk0\DR0\Partition1
20:46:01.0346 5456        D: <-> \Device\Harddisk1\DR1\Partition0
20:46:01.0371 5456        E: <-> \Device\Harddisk2\DR2\Partition0
20:46:01.0371 5456        ============================================================
20:46:01.0371 5456        Initialize success
20:46:01.0371 5456        ============================================================
20:46:30.0510 6672        ============================================================
20:46:30.0510 6672        Scan started
20:46:30.0510 6672        Mode: Manual; SigCheck; TDLFS;
20:46:30.0510 6672        ============================================================
20:46:30.0610 6672        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:46:30.0643 6672        1394ohci - ok
20:46:30.0654 6672        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:46:30.0665 6672        ACPI - ok
20:46:30.0667 6672        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:46:30.0687 6672        AcpiPmi - ok
20:46:30.0697 6672        AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
20:46:30.0705 6672        AdobeActiveFileMonitor10.0 - ok
20:46:30.0711 6672        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:30.0716 6672        AdobeARMservice - ok
20:46:30.0729 6672        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:30.0741 6672        adp94xx - ok
20:46:30.0752 6672        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:46:30.0763 6672        adpahci - ok
20:46:30.0770 6672        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:46:30.0778 6672        adpu320 - ok
20:46:30.0783 6672        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:46:30.0835 6672        AeLookupSvc - ok
20:46:30.0849 6672        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:46:30.0861 6672        AFD - ok
20:46:30.0865 6672        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:46:30.0871 6672        agp440 - ok
20:46:30.0876 6672        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:46:30.0886 6672        ALG - ok
20:46:30.0889 6672        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:46:30.0895 6672        aliide - ok
20:46:30.0900 6672        ALSysIO - ok
20:46:30.0909 6672        AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
20:46:30.0924 6672        AMD External Events Utility - ok
20:46:30.0927 6672        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:46:30.0933 6672        amdide - ok
20:46:30.0936 6672        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:46:30.0945 6672        AmdK8 - ok
20:46:31.0191 6672        amdkmdag        (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
20:46:31.0297 6672        amdkmdag - ok
20:46:31.0331 6672        amdkmdap        (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
20:46:31.0341 6672        amdkmdap - ok
20:46:31.0345 6672        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:46:31.0353 6672        AmdPPM - ok
20:46:31.0358 6672        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:46:31.0366 6672        amdsata - ok
20:46:31.0373 6672        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:31.0381 6672        amdsbs - ok
20:46:31.0384 6672        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:46:31.0390 6672        amdxata - ok
20:46:31.0394 6672        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:46:31.0453 6672        AppID - ok
20:46:31.0457 6672        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:46:31.0478 6672        AppIDSvc - ok
20:46:31.0483 6672        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:46:31.0503 6672        Appinfo - ok
20:46:31.0511 6672        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:31.0517 6672        Apple Mobile Device - ok
20:46:31.0524 6672        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:46:31.0533 6672        AppMgmt - ok
20:46:31.0537 6672        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:46:31.0544 6672        arc - ok
20:46:31.0549 6672        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:46:31.0557 6672        arcsas - ok
20:46:31.0568 6672        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:46:31.0574 6672        aspnet_state - ok
20:46:31.0577 6672        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:31.0599 6672        AsyncMac - ok
20:46:31.0602 6672        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:46:31.0608 6672        atapi - ok
20:46:31.0613 6672        AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
20:46:31.0622 6672        AtiHDAudioService - ok
20:46:31.0643 6672        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:46:31.0669 6672        AudioEndpointBuilder - ok
20:46:31.0674 6672        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:46:31.0698 6672        AudioSrv - ok
20:46:31.0704 6672        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:46:31.0724 6672        AxInstSV - ok
20:46:31.0739 6672        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:31.0751 6672        b06bdrv - ok
20:46:31.0762 6672        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:31.0772 6672        b57nd60a - ok
20:46:31.0778 6672        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:46:31.0786 6672        BDESVC - ok
20:46:31.0788 6672        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:46:31.0809 6672        Beep - ok
20:46:31.0831 6672        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:46:31.0859 6672        BFE - ok
20:46:31.0883 6672        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:46:31.0913 6672        BITS - ok
20:46:31.0920 6672        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:31.0927 6672        blbdrive - ok
20:46:31.0942 6672        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:46:31.0951 6672        Bonjour Service - ok
20:46:31.0957 6672        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:46:31.0965 6672        bowser - ok
20:46:31.0968 6672        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:31.0983 6672        BrFiltLo - ok
20:46:31.0986 6672        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:31.0995 6672        BrFiltUp - ok
20:46:31.0999 6672        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:46:32.0022 6672        BridgeMP - ok
20:46:32.0029 6672        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:46:32.0051 6672        Browser - ok
20:46:32.0060 6672        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:46:32.0073 6672        Brserid - ok
20:46:32.0076 6672        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:32.0084 6672        BrSerWdm - ok
20:46:32.0087 6672        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:32.0095 6672        BrUsbMdm - ok
20:46:32.0097 6672        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:32.0104 6672        BrUsbSer - ok
20:46:32.0108 6672        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:32.0117 6672        BTHMODEM - ok
20:46:32.0122 6672        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:46:32.0143 6672        bthserv - ok
20:46:32.0145 6672        catchme - ok
20:46:32.0150 6672        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:46:32.0172 6672        cdfs - ok
20:46:32.0178 6672        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:46:32.0186 6672        cdrom - ok
20:46:32.0191 6672        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:46:32.0214 6672        CertPropSvc - ok
20:46:32.0218 6672        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:46:32.0227 6672        circlass - ok
20:46:32.0231 6672        CLBStor        (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
20:46:32.0236 6672        CLBStor - ok
20:46:32.0245 6672        CLBUDF          (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
20:46:32.0253 6672        CLBUDF - ok
20:46:32.0264 6672        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:46:32.0274 6672        CLFS - ok
20:46:32.0281 6672        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:32.0287 6672        clr_optimization_v2.0.50727_32 - ok
20:46:32.0293 6672        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:32.0299 6672        clr_optimization_v2.0.50727_64 - ok
20:46:32.0308 6672        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:32.0314 6672        clr_optimization_v4.0.30319_32 - ok
20:46:32.0324 6672        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:32.0330 6672        clr_optimization_v4.0.30319_64 - ok
20:46:32.0336 6672        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:32.0342 6672        CmBatt - ok
20:46:32.0345 6672        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:46:32.0351 6672        cmdide - ok
20:46:32.0363 6672        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:46:32.0378 6672        CNG - ok
20:46:32.0380 6672        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:46:32.0386 6672        Compbatt - ok
20:46:32.0389 6672        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:46:32.0398 6672        CompositeBus - ok
20:46:32.0400 6672        COMSysApp - ok
20:46:32.0403 6672        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:32.0409 6672        crcdisk - ok
20:46:32.0416 6672        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:46:32.0425 6672        CryptSvc - ok
20:46:32.0440 6672        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:46:32.0453 6672        CSC - ok
20:46:32.0472 6672        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:46:32.0485 6672        CscService - ok
20:46:32.0488 6672        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:46:32.0493 6672        CVirtA - ok
20:46:32.0530 6672        CVPND          (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:46:32.0631 6672        CVPND - ok
20:46:32.0662 6672        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:46:32.0680 6672        CVPNDRVA - ok
20:46:32.0684 6672        dc3d            (a5d3d53178394cc7a8a26bb532575b59) C:\Windows\system32\DRIVERS\dc3d.sys
20:46:32.0689 6672        dc3d - ok
20:46:32.0706 6672        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:46:32.0732 6672        DcomLaunch - ok
20:46:32.0742 6672        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:46:32.0767 6672        defragsvc - ok
20:46:32.0772 6672        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:46:32.0794 6672        DfsC - ok
20:46:32.0805 6672        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:46:32.0829 6672        Dhcp - ok
20:46:32.0833 6672        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:46:32.0854 6672        discache - ok
20:46:32.0858 6672        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:46:32.0864 6672        Disk - ok
20:46:32.0870 6672        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:46:32.0875 6672        DNE - ok
20:46:32.0883 6672        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:46:32.0892 6672        Dnscache - ok
20:46:32.0901 6672        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:46:32.0925 6672        dot3svc - ok
20:46:32.0931 6672        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:46:32.0953 6672        DPS - ok
20:46:32.0956 6672        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:46:32.0964 6672        drmkaud - ok
20:46:32.0991 6672        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:46:33.0006 6672        DXGKrnl - ok
20:46:33.0011 6672        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:46:33.0033 6672        EapHost - ok
20:46:33.0100 6672        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:46:33.0134 6672        ebdrv - ok
20:46:33.0157 6672        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:46:33.0165 6672        EFS - ok
20:46:33.0182 6672        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:46:33.0199 6672        ehRecvr - ok
20:46:33.0204 6672        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:46:33.0214 6672        ehSched - ok
20:46:33.0232 6672        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:46:33.0245 6672        elxstor - ok
20:46:33.0247 6672        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:46:33.0255 6672        ErrDev - ok
20:46:33.0259 6672        EtronHub3      (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
20:46:33.0265 6672        EtronHub3 - ok
20:46:33.0268 6672        EtronXHCI      (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
20:46:33.0274 6672        EtronXHCI - ok
20:46:33.0289 6672        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:46:33.0315 6672        EventSystem - ok
20:46:33.0322 6672        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:46:33.0345 6672        exfat - ok
20:46:33.0351 6672        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:46:33.0375 6672        fastfat - ok
20:46:33.0395 6672        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:46:33.0410 6672        Fax - ok
20:46:33.0413 6672        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:46:33.0420 6672        fdc - ok
20:46:33.0423 6672        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:46:33.0445 6672        fdPHost - ok
20:46:33.0448 6672        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:46:33.0470 6672        FDResPub - ok
20:46:33.0474 6672        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:46:33.0481 6672        FileInfo - ok
20:46:33.0483 6672        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:46:33.0505 6672        Filetrace - ok
20:46:33.0508 6672        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:33.0515 6672        flpydisk - ok
20:46:33.0524 6672        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:46:33.0533 6672        FltMgr - ok
20:46:33.0564 6672        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:46:33.0583 6672        FontCache - ok
20:46:33.0587 6672        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:33.0592 6672        FontCache3.0.0.0 - ok
20:46:33.0598 6672        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:46:33.0605 6672        FsDepends - ok
20:46:33.0607 6672        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:46:33.0613 6672        Fs_Rec - ok
20:46:33.0622 6672        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:46:33.0632 6672        fvevol - ok
20:46:33.0636 6672        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:33.0643 6672        gagp30kx - ok
20:46:33.0647 6672        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:33.0651 6672        GEARAspiWDM - ok
20:46:33.0674 6672        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:46:33.0704 6672        gpsvc - ok
20:46:33.0707 6672        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:46:33.0714 6672        hcw85cir - ok
20:46:33.0726 6672        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:46:33.0739 6672        HdAudAddService - ok
20:46:33.0745 6672        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:46:33.0755 6672        HDAudBus - ok
20:46:33.0758 6672        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:33.0765 6672        HidBatt - ok
20:46:33.0769 6672        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:46:33.0779 6672        HidBth - ok
20:46:33.0783 6672        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:46:33.0792 6672        HidIr - ok
20:46:33.0795 6672        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:46:33.0817 6672        hidserv - ok
20:46:33.0820 6672        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:46:33.0826 6672        HidUsb - ok
20:46:33.0831 6672        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:46:33.0854 6672        hkmsvc - ok
20:46:33.0863 6672        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:46:33.0872 6672        HomeGroupListener - ok
20:46:33.0881 6672        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:46:33.0890 6672        HomeGroupProvider - ok
20:46:33.0894 6672        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:46:33.0900 6672        HpSAMD - ok
20:46:33.0904 6672        HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:46:33.0911 6672        HTCAND64 - ok
20:46:33.0915 6672        htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
20:46:33.0921 6672        htcnprot - ok
20:46:33.0941 6672        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:46:33.0969 6672        HTTP - ok
20:46:33.0971 6672        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:46:33.0977 6672        hwpolicy - ok
20:46:33.0983 6672        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:46:33.0991 6672        i8042prt - ok
20:46:34.0003 6672        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
20:46:34.0012 6672        iaStor - ok
20:46:34.0018 6672        IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:46:34.0023 6672        IAStorDataMgrSvc - ok
20:46:34.0033 6672        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:46:34.0043 6672        iaStorV - ok
20:46:34.0047 6672        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:46:34.0050 6672        IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:46:34.0051 6672        IDriverT - detected UnsignedFile.Multi.Generic (1)
20:46:34.0078 6672        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:34.0096 6672        idsvc - ok
20:46:34.0122 6672        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:46:34.0128 6672        iirsp - ok
20:46:34.0147 6672        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:46:34.0176 6672        IKEEXT - ok
20:46:34.0244 6672        IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
20:46:34.0273 6672        IntcAzAudAddService - ok
20:46:34.0299 6672        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:46:34.0306 6672        intelide - ok
20:46:34.0309 6672        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:46:34.0317 6672        intelppm - ok
20:46:34.0321 6672        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:46:34.0343 6672        IPBusEnum - ok
20:46:34.0348 6672        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:34.0369 6672        IpFilterDriver - ok
20:46:34.0384 6672        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:46:34.0410 6672        iphlpsvc - ok
20:46:34.0414 6672        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:46:34.0423 6672        IPMIDRV - ok
20:46:34.0428 6672        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:46:34.0452 6672        IPNAT - ok
20:46:34.0476 6672        iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:46:34.0491 6672        iPod Service - ok
20:46:34.0494 6672        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:46:34.0511 6672        IRENUM - ok
20:46:34.0515 6672        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:46:34.0521 6672        isapnp - ok
20:46:34.0529 6672        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:46:34.0539 6672        iScsiPrt - ok
20:46:34.0543 6672        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:34.0549 6672        kbdclass - ok
20:46:34.0552 6672        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:34.0560 6672        kbdhid - ok
20:46:34.0563 6672        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:34.0569 6672        KeyIso - ok
20:46:34.0573 6672        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:46:34.0580 6672        KSecDD - ok
20:46:34.0586 6672        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:46:34.0593 6672        KSecPkg - ok
20:46:34.0596 6672        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:46:34.0617 6672        ksthunk - ok
20:46:34.0629 6672        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:46:34.0655 6672        KtmRm - ok
20:46:34.0664 6672        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:46:34.0687 6672        LanmanServer - ok
20:46:34.0693 6672        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:46:34.0716 6672        LanmanWorkstation - ok
20:46:34.0720 6672        LGBusEnum      (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
20:46:34.0725 6672        LGBusEnum - ok
20:46:34.0729 6672        LGSHidFilt      (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
20:46:34.0735 6672        LGSHidFilt - ok
20:46:34.0738 6672        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
20:46:34.0742 6672        LGVirHid - ok
20:46:34.0748 6672        LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:46:34.0751 6672        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:46:34.0751 6672        LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:46:34.0755 6672        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:46:34.0777 6672        lltdio - ok
20:46:34.0787 6672        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:46:34.0811 6672        lltdsvc - ok
20:46:34.0814 6672        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:46:34.0836 6672        lmhosts - ok
20:46:34.0842 6672        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:34.0850 6672        LSI_FC - ok
20:46:34.0855 6672        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:34.0862 6672        LSI_SAS - ok
20:46:34.0866 6672        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:34.0873 6672        LSI_SAS2 - ok
20:46:34.0878 6672        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:34.0885 6672        LSI_SCSI - ok
20:46:34.0891 6672        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:46:34.0913 6672        luafv - ok
20:46:34.0923 6672        LVRS64          (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
20:46:34.0933 6672        LVRS64 - ok
20:46:35.0033 6672        LVUVC64        (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:46:35.0084 6672        LVUVC64 - ok
20:46:35.0112 6672        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:46:35.0118 6672        MBAMProtector - ok
20:46:35.0136 6672        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:35.0148 6672        MBAMService - ok
20:46:35.0153 6672        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:46:35.0162 6672        Mcx2Svc - ok
20:46:35.0165 6672        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:46:35.0171 6672        megasas - ok
20:46:35.0181 6672        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:35.0191 6672        MegaSR - ok
20:46:35.0195 6672        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:46:35.0200 6672        MEIx64 - ok
20:46:35.0205 6672        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:46:35.0228 6672        MMCSS - ok
20:46:35.0231 6672        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:46:35.0253 6672        Modem - ok
20:46:35.0256 6672        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:46:35.0265 6672        monitor - ok
20:46:35.0268 6672        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:46:35.0274 6672        mouclass - ok
20:46:35.0277 6672        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:46:35.0285 6672        mouhid - ok
20:46:35.0290 6672        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:46:35.0296 6672        mountmgr - ok
20:46:35.0303 6672        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:35.0309 6672        MozillaMaintenance - ok
20:46:35.0316 6672        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:46:35.0324 6672        MpFilter - ok
20:46:35.0330 6672        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:46:35.0338 6672        mpio - ok
20:46:35.0342 6672        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:46:35.0364 6672        mpsdrv - ok
20:46:35.0390 6672        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:46:35.0419 6672        MpsSvc - ok
20:46:35.0425 6672        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:46:35.0436 6672        MRxDAV - ok
20:46:35.0442 6672        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:35.0451 6672        mrxsmb - ok
20:46:35.0460 6672        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:35.0469 6672        mrxsmb10 - ok
20:46:35.0473 6672        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:35.0480 6672        mrxsmb20 - ok
20:46:35.0483 6672        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:46:35.0489 6672        msahci - ok
20:46:35.0494 6672        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:46:35.0502 6672        msdsm - ok
20:46:35.0508 6672        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:46:35.0517 6672        MSDTC - ok
20:46:35.0522 6672        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:46:35.0543 6672        Msfs - ok
20:46:35.0546 6672        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:46:35.0567 6672        mshidkmdf - ok
20:46:35.0569 6672        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:46:35.0575 6672        msisadrv - ok
20:46:35.0581 6672        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:46:35.0604 6672        MSiSCSI - ok
20:46:35.0606 6672        msiserver - ok
20:46:35.0609 6672        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:46:35.0630 6672        MSKSSRV - ok
20:46:35.0635 6672        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:46:35.0641 6672        MsMpSvc - ok
20:46:35.0643 6672        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:35.0664 6672        MSPCLOCK - ok
20:46:35.0666 6672        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:46:35.0688 6672        MSPQM - ok
20:46:35.0701 6672        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:46:35.0711 6672        MsRPC - ok
20:46:35.0716 6672        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:46:35.0721 6672        mssmbios - ok
20:46:35.0724 6672        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:46:35.0745 6672        MSTEE - ok
20:46:35.0747 6672        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:35.0754 6672        MTConfig - ok
20:46:35.0757 6672        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:46:35.0763 6672        Mup - ok
20:46:35.0777 6672        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:46:35.0803 6672        napagent - ok
20:46:35.0814 6672        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:46:35.0826 6672        NativeWifiP - ok
20:46:35.0854 6672        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:46:35.0871 6672        NDIS - ok
20:46:35.0875 6672        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:35.0896 6672        NdisCap - ok
20:46:35.0899 6672        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:35.0920 6672        NdisTapi - ok
20:46:35.0924 6672        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:35.0945 6672        Ndisuio - ok
20:46:35.0952 6672        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:35.0974 6672        NdisWan - ok
20:46:35.0978 6672        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:46:35.0999 6672        NDProxy - ok
20:46:36.0002 6672        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:46:36.0023 6672        NetBIOS - ok
20:46:36.0032 6672        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:46:36.0055 6672        NetBT - ok
20:46:36.0059 6672        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:36.0066 6672        Netlogon - ok
20:46:36.0077 6672        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:46:36.0102 6672        Netman - ok
20:46:36.0112 6672        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0118 6672        NetMsmqActivator - ok
20:46:36.0120 6672        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0125 6672        NetPipeActivator - ok
20:46:36.0141 6672        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:46:36.0167 6672        netprofm - ok
20:46:36.0195 6672        netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
20:46:36.0211 6672        netr28ux - ok
20:46:36.0221 6672        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0227 6672        NetTcpActivator - ok
20:46:36.0229 6672        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0234 6672        NetTcpPortSharing - ok
20:46:36.0239 6672        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:36.0246 6672        nfrd960 - ok
20:46:36.0250 6672        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:46:36.0256 6672        NisDrv - ok
20:46:36.0266 6672        NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:46:36.0275 6672        NisSrv - ok
20:46:36.0287 6672        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:46:36.0311 6672        NlaSvc - ok
20:46:36.0314 6672        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:46:36.0336 6672        Npfs - ok
20:46:36.0339 6672        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:46:36.0360 6672        nsi - ok
20:46:36.0363 6672        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:46:36.0384 6672        nsiproxy - ok
20:46:36.0434 6672        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:46:36.0461 6672        Ntfs - ok
20:46:36.0487 6672        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:46:36.0507 6672        Null - ok
20:46:36.0514 6672        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:46:36.0521 6672        nvraid - ok
20:46:36.0527 6672        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:46:36.0535 6672        nvstor - ok
20:46:36.0541 6672        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:46:36.0548 6672        nv_agp - ok
20:46:36.0564 6672        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:46:36.0574 6672        odserv - ok
20:46:36.0578 6672        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:46:36.0586 6672        ohci1394 - ok
20:46:36.0592 6672        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:36.0598 6672        ose - ok
20:46:36.0707 6672        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:36.0767 6672        osppsvc - ok
20:46:36.0799 6672        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:46:36.0810 6672        p2pimsvc - ok
20:46:36.0825 6672        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:46:36.0837 6672        p2psvc - ok
20:46:36.0845 6672        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:46:36.0853 6672        Parport - ok
20:46:36.0857 6672        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:46:36.0863 6672        partmgr - ok
20:46:36.0870 6672        PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
20:46:36.0908 6672        PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:46:36.0908 6672        PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:46:36.0916 6672        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:46:36.0929 6672        PcaSvc - ok
20:46:36.0937 6672        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:46:36.0946 6672        pci - ok
20:46:36.0948 6672        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:46:36.0955 6672        pciide - ok
20:46:36.0961 6672        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:36.0970 6672        pcmcia - ok
20:46:36.0973 6672        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:46:36.0979 6672        pcw - ok
20:46:36.0998 6672        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:46:37.0026 6672        PEAUTH - ok
20:46:37.0057 6672        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:46:37.0077 6672        PeerDistSvc - ok
20:46:37.0098 6672        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:46:37.0106 6672        PerfHost - ok
20:46:37.0162 6672        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:46:37.0196 6672        pla - ok
20:46:37.0211 6672        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:46:37.0223 6672        PlugPlay - ok
20:46:37.0225 6672        PnkBstrA - ok
20:46:37.0229 6672        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:46:37.0237 6672        PNRPAutoReg - ok
20:46:37.0248 6672        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:46:37.0257 6672        PNRPsvc - ok
20:46:37.0264 6672        Point64        (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:46:37.0269 6672        Point64 - ok
20:46:37.0285 6672        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:46:37.0312 6672        PolicyAgent - ok
20:46:37.0320 6672        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:46:37.0343 6672        Power - ok
20:46:37.0349 6672        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:46:37.0370 6672        PptpMiniport - ok
20:46:37.0375 6672        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:46:37.0382 6672        Processor - ok
20:46:37.0389 6672        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:46:37.0398 6672        ProfSvc - ok
20:46:37.0401 6672        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:37.0407 6672        ProtectedStorage - ok
20:46:37.0413 6672        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:46:37.0436 6672        Psched - ok
20:46:37.0440 6672        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:46:37.0445 6672        PxHlpa64 - ok
20:46:37.0483 6672        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:46:37.0509 6672        ql2300 - ok
20:46:37.0537 6672        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:37.0545 6672        ql40xx - ok
20:46:37.0553 6672        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:46:37.0566 6672        QWAVE - ok
20:46:37.0570 6672        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:46:37.0580 6672        QWAVEdrv - ok
20:46:37.0582 6672        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:46:37.0604 6672        RasAcd - ok
20:46:37.0608 6672        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:37.0629 6672        RasAgileVpn - ok
20:46:37.0634 6672        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:46:37.0657 6672        RasAuto - ok
20:46:37.0663 6672        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:37.0685 6672        Rasl2tp - ok
20:46:37.0695 6672        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:46:37.0719 6672        RasMan - ok
20:46:37.0724 6672        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:37.0747 6672        RasPppoe - ok
20:46:37.0751 6672        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:46:37.0773 6672        RasSstp - ok
20:46:37.0784 6672        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:46:37.0808 6672        rdbss - ok
20:46:37.0810 6672        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:37.0819 6672        rdpbus - ok
20:46:37.0822 6672        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:37.0843 6672        RDPCDD - ok
20:46:37.0850 6672        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:46:37.0858 6672        RDPDR - ok
20:46:37.0861 6672        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:46:37.0883 6672        RDPENCDD - ok
20:46:37.0886 6672        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:46:37.0907 6672        RDPREFMP - ok
20:46:37.0913 6672        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:46:37.0922 6672        RDPWD - ok
20:46:37.0930 6672        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:46:37.0939 6672        rdyboost - ok
20:46:37.0943 6672        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:46:37.0966 6672        RemoteAccess - ok
20:46:37.0973 6672        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:46:37.0995 6672        RemoteRegistry - ok
20:46:37.0999 6672        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:46:38.0021 6672        RpcEptMapper - ok
20:46:38.0024 6672        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:46:38.0031 6672        RpcLocator - ok
20:46:38.0049 6672        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:46:38.0073 6672        RpcSs - ok
20:46:38.0078 6672        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:46:38.0101 6672        rspndr - ok
20:46:38.0112 6672        RTL8167        (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:46:38.0120 6672        RTL8167 - ok
20:46:38.0122 6672        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:46:38.0129 6672        s3cap - ok
20:46:38.0132 6672        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:38.0138 6672        SamSs - ok
20:46:38.0143 6672        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:46:38.0150 6672        sbp2port - ok
20:46:38.0156 6672        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:46:38.0179 6672        SCardSvr - ok
20:46:38.0182 6672        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:46:38.0203 6672        scfilter - ok
20:46:38.0235 6672        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:46:38.0267 6672        Schedule - ok
20:46:38.0272 6672        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:46:38.0293 6672        SCPolicySvc - ok
20:46:38.0300 6672        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:46:38.0310 6672        SDRSVC - ok
20:46:38.0317 6672        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:46:38.0338 6672        secdrv - ok
20:46:38.0342 6672        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:46:38.0363 6672        seclogon - ok
20:46:38.0368 6672        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:46:38.0391 6672        SENS - ok
20:46:38.0394 6672        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:46:38.0402 6672        SensrSvc - ok
20:46:38.0405 6672        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:46:38.0413 6672        Serenum - ok
20:46:38.0417 6672        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:46:38.0424 6672        Serial - ok
20:46:38.0427 6672        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:46:38.0434 6672        sermouse - ok
20:46:38.0442 6672        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:46:38.0464 6672        SessionEnv - ok
20:46:38.0467 6672        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:46:38.0476 6672        sffdisk - ok
20:46:38.0478 6672        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:46:38.0487 6672        sffp_mmc - ok
20:46:38.0489 6672        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:46:38.0498 6672        sffp_sd - ok
20:46:38.0501 6672        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:38.0508 6672        sfloppy - ok
20:46:38.0519 6672        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:46:38.0544 6672        SharedAccess - ok
20:46:38.0557 6672        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:46:38.0582 6672        ShellHWDetection - ok
20:46:38.0586 6672        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:38.0593 6672        SiSRaid2 - ok
20:46:38.0596 6672        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:38.0603 6672        SiSRaid4 - ok
20:46:38.0672 6672        Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:46:38.0711 6672        Skype C2C Service - ok
20:46:38.0720 6672        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:46:38.0726 6672        SkypeUpdate - ok
20:46:38.0754 6672        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:46:38.0777 6672        Smb - ok
20:46:38.0782 6672        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:46:38.0790 6672        SNMPTRAP - ok
20:46:38.0793 6672        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:46:38.0799 6672        spldr - ok
20:46:38.0817 6672        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:46:38.0844 6672        Spooler - ok
20:46:38.0946 6672        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:46:39.0002 6672        sppsvc - ok
20:46:39.0027 6672        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:46:39.0049 6672        sppuinotify - ok
20:46:39.0052 6672        sptd - ok
20:46:39.0071 6672        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:46:39.0083 6672        srv - ok
20:46:39.0094 6672        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:46:39.0105 6672        srv2 - ok
20:46:39.0112 6672        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:46:39.0121 6672        srvnet - ok
20:46:39.0129 6672        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:46:39.0153 6672        SSDPSRV - ok
20:46:39.0157 6672        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:46:39.0180 6672        SstpSvc - ok
20:46:39.0184 6672        Steam Client Service - ok
20:46:39.0188 6672        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:46:39.0194 6672        stexstor - ok
20:46:39.0209 6672        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:46:39.0225 6672        stisvc - ok
20:46:39.0229 6672        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:46:39.0235 6672        storflt - ok
20:46:39.0238 6672        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:46:39.0245 6672        StorSvc - ok
20:46:39.0248 6672        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:46:39.0254 6672        storvsc - ok
20:46:39.0256 6672        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:46:39.0262 6672        swenum - ok
20:46:39.0278 6672        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:46:39.0306 6672        swprv - ok
20:46:39.0350 6672        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:46:39.0377 6672        SysMain - ok
20:46:39.0400 6672        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:46:39.0411 6672        TabletInputService - ok
20:46:39.0423 6672        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:46:39.0449 6672        TapiSrv - ok
20:46:39.0453 6672        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:46:39.0476 6672        TBS - ok
20:46:39.0521 6672        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:46:39.0548 6672        Tcpip - ok
20:46:39.0610 6672        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:46:39.0633 6672        TCPIP6 - ok
20:46:39.0657 6672        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:46:39.0678 6672        tcpipreg - ok
20:46:39.0682 6672        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:46:39.0689 6672        TDPIPE - ok
20:46:39.0691 6672        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:46:39.0698 6672        TDTCP - ok
20:46:39.0704 6672        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:46:39.0725 6672        tdx - ok
20:46:39.0730 6672        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:46:39.0736 6672        TermDD - ok
20:46:39.0753 6672        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:46:39.0779 6672        TermService - ok
20:46:39.0783 6672        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:46:39.0794 6672        Themes - ok
20:46:39.0799 6672        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:46:39.0820 6672        THREADORDER - ok
20:46:39.0827 6672        TomTomHOMEService (f3d82327f5f57973e177438a22501c77) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:46:39.0832 6672        TomTomHOMEService - ok
20:46:39.0838 6672        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:46:39.0860 6672        TrkWks - ok
20:46:39.0869 6672        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:46:39.0890 6672        TrustedInstaller - ok
20:46:39.0897 6672        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:39.0917 6672        tssecsrv - ok
20:46:39.0921 6672        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:46:39.0928 6672        TsUsbFlt - ok
20:46:39.0934 6672        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:46:39.0957 6672        tunnel - ok
20:46:39.0960 6672        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:46:39.0967 6672        uagp35 - ok
20:46:39.0979 6672        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:46:40.0003 6672        udfs - ok
20:46:40.0009 6672        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:46:40.0017 6672        UI0Detect - ok
20:46:40.0021 6672        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:46:40.0027 6672        uliagpkx - ok
20:46:40.0031 6672        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:46:40.0039 6672        umbus - ok
20:46:40.0041 6672        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:46:40.0048 6672        UmPass - ok
20:46:40.0056 6672        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:46:40.0064 6672        UmRdpService - ok
20:46:40.0078 6672        UMVPFSrv        (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:46:40.0088 6672        UMVPFSrv - ok
20:46:40.0101 6672        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:46:40.0127 6672        upnphost - ok
20:46:40.0131 6672        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:46:40.0137 6672        USBAAPL64 - ok
20:46:40.0141 6672        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:46:40.0150 6672        usbaudio - ok
20:46:40.0155 6672        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:40.0162 6672        usbccgp - ok
20:46:40.0167 6672        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:46:40.0176 6672        usbcir - ok
20:46:40.0179 6672        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:46:40.0186 6672        usbehci - ok
20:46:40.0196 6672        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:46:40.0206 6672        usbhub - ok
20:46:40.0209 6672        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:46:40.0215 6672        usbohci - ok
20:46:40.0218 6672        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:46:40.0227 6672        usbprint - ok
20:46:40.0232 6672        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:40.0239 6672        USBSTOR - ok
20:46:40.0242 6672        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:46:40.0249 6672        usbuhci - ok
20:46:40.0252 6672        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:46:40.0274 6672        UxSms - ok
20:46:40.0277 6672        ValFltr        (a85b07af8b98e8c5c7711bf37910a88d) C:\Windows\system32\drivers\ValoFltr.sys
20:46:40.0283 6672        ValFltr - ok
20:46:40.0286 6672        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:40.0292 6672        VaultSvc - ok
20:46:40.0295 6672        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:46:40.0301 6672        vdrvroot - ok
20:46:40.0316 6672        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:46:40.0341 6672        vds - ok
20:46:40.0345 6672        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:40.0353 6672        vga - ok
20:46:40.0356 6672        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:46:40.0377 6672        VgaSave - ok
20:46:40.0385 6672        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:46:40.0393 6672        vhdmp - ok
20:46:40.0396 6672        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:46:40.0402 6672        viaide - ok
20:46:40.0409 6672        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:46:40.0417 6672        vmbus - ok
20:46:40.0420 6672        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:46:40.0427 6672        VMBusHID - ok
20:46:40.0431 6672        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:46:40.0437 6672        volmgr - ok
20:46:40.0450 6672        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:46:40.0460 6672        volmgrx - ok
20:46:40.0471 6672        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:46:40.0481 6672        volsnap - ok
20:46:40.0487 6672        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:40.0495 6672        vsmraid - ok
20:46:40.0536 6672        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:46:40.0572 6672        VSS - ok
20:46:40.0597 6672        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:46:40.0605 6672        vwifibus - ok
20:46:40.0609 6672        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:46:40.0619 6672        vwififlt - ok
20:46:40.0633 6672        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:46:40.0658 6672        W32Time - ok
20:46:40.0663 6672        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:46:40.0671 6672        WacomPen - ok
20:46:40.0677 6672        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:40.0698 6672        WANARP - ok
20:46:40.0700 6672        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:40.0721 6672        Wanarpv6 - ok
20:46:40.0762 6672        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:46:40.0785 6672        wbengine - ok
20:46:40.0811 6672        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:46:40.0823 6672        WbioSrvc - ok
20:46:40.0834 6672        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:46:40.0848 6672        wcncsvc - ok
20:46:40.0852 6672        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:46:40.0860 6672        WcsPlugInService - ok
20:46:40.0866 6672        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:46:40.0873 6672        Wd - ok
20:46:40.0892 6672        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:46:40.0929 6672        Wdf01000 - ok
20:46:40.0935 6672        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:46:40.0960 6672        WdiServiceHost - ok
20:46:40.0962 6672        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:46:40.0973 6672        WdiSystemHost - ok
20:46:40.0982 6672        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:46:40.0995 6672        WebClient - ok
20:46:41.0005 6672        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:46:41.0030 6672        Wecsvc - ok
20:46:41.0035 6672        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:46:41.0057 6672        wercplsupport - ok
20:46:41.0062 6672        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:46:41.0084 6672        WerSvc - ok
20:46:41.0091 6672        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:41.0112 6672        WfpLwf - ok
20:46:41.0114 6672        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:46:41.0121 6672        WIMMount - ok
20:46:41.0124 6672        WinDefend - ok
20:46:41.0128 6672        WinHttpAutoProxySvc - ok
20:46:41.0141 6672        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:46:41.0164 6672        Winmgmt - ok
20:46:41.0170 6672        WinRing0_1_2_0  (0c0195c48b6b8582fa6f6373032118da) C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys
20:46:41.0182 6672        WinRing0_1_2_0 - ok
20:46:41.0227 6672        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:46:41.0265 6672        WinRM - ok
20:46:41.0294 6672        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:41.0303 6672        WinUsb - ok
20:46:41.0329 6672        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:46:41.0349 6672        Wlansvc - ok
20:46:41.0354 6672        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:46:41.0359 6672        wlcrasvc - ok
20:46:41.0418 6672        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:41.0451 6672        wlidsvc - ok
20:46:41.0476 6672        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:46:41.0483 6672        WmiAcpi - ok
20:46:41.0496 6672        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:46:41.0506 6672        wmiApSrv - ok
20:46:41.0510 6672        WMPNetworkSvc - ok
20:46:41.0513 6672        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:46:41.0522 6672        WPCSvc - ok
20:46:41.0528 6672        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:46:41.0538 6672        WPDBusEnum - ok
20:46:41.0542 6672        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:46:41.0562 6672        ws2ifsl - ok
20:46:41.0567 6672        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:46:41.0578 6672        wscsvc - ok
20:46:41.0580 6672        WSearch - ok
20:46:41.0636 6672        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:46:41.0669 6672        wuauserv - ok
20:46:41.0697 6672        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:46:41.0718 6672        WudfPf - ok
20:46:41.0725 6672        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:41.0746 6672        WUDFRd - ok
20:46:41.0751 6672        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:46:41.0772 6672        wudfsvc - ok
20:46:41.0780 6672        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:46:41.0792 6672        WwanSvc - ok
20:46:41.0807 6672        {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
20:46:41.0813 6672        {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
20:46:41.0815 6672        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:46:41.0891 6672        \Device\Harddisk0\DR0 - ok
20:46:41.0892 6672        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:46:41.0959 6672        \Device\Harddisk1\DR1 - ok
20:46:41.0961 6672        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
20:46:42.0031 6672        \Device\Harddisk2\DR2 - ok
20:46:42.0034 6672        Boot (0x1200)  (b18bb20dd7b41fd020027a9a4c89bfe3) \Device\Harddisk0\DR0\Partition0
20:46:42.0034 6672        \Device\Harddisk0\DR0\Partition0 - ok
20:46:42.0036 6672        Boot (0x1200)  (a64ce589bb42da13bb8a8c34e085c717) \Device\Harddisk0\DR0\Partition1
20:46:42.0037 6672        \Device\Harddisk0\DR0\Partition1 - ok
20:46:42.0038 6672        Boot (0x1200)  (9915706bad589fa1cff7e4f2b69b6e22) \Device\Harddisk1\DR1\Partition0
20:46:42.0039 6672        \Device\Harddisk1\DR1\Partition0 - ok
20:46:42.0041 6672        Boot (0x1200)  (0d18c41e63b88724a5383c947fad98f1) \Device\Harddisk2\DR2\Partition0
20:46:42.0042 6672        \Device\Harddisk2\DR2\Partition0 - ok
20:46:42.0042 6672        ============================================================
20:46:42.0042 6672        Scan finished
20:46:42.0042 6672        ============================================================
20:46:42.0047 7100        Detected object count: 3
20:46:42.0047 7100        Actual detected object count: 3
20:46:48.0794 7100        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0795 7100        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:48.0795 7100        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0795 7100        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:48.0796 7100        PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0796 7100        PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Danke!

markusg 11.07.2012 12:23
hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

TomK 11.07.2012 12:39
Hallo,

anbei die Liste:

Code:
Adobe AIR        Adobe Systems Incorporated        19.06.2012                3.2.0.2070        ---> Notwendig
Adobe Community Help        Adobe Systems Incorporated.        28.11.2011                45049        ---> Notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        30.06.2012        6,00MB        11.3.300.262        ---> Notwendig
Adobe Flash Player ActiveX        Adobe Systems Incorporated        15.10.2011                9.0.124.0        ---> Notwendig
Adobe Photoshop Elements 10        Adobe Systems Incorporated        28.11.2011        2,60GB        10.0        ---> Notwendig
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        12.04.2012        149MB        37631        ---> Notwendig
Apple Application Support        Apple Inc.        17.06.2012        61,0MB        39815        ---> Notwendig
Apple Mobile Device Support        Apple Inc.        17.06.2012        24,9MB        5.2.0.6        ---> Unbekannt
Apple Software Update        Apple Inc.        19.03.2012        2,38MB        2.1.3.127        ---> Notwendig
Assassin's Creed Revelations 1.03        Ubisoft        19.04.2012                40969        ---> Notwendig
ATI Catalyst Install Manager        ATI Technologies, Inc.        20.04.2012        22,4MB        3.0.829.0        ---> Notwendig
Battlefield 3™        Electronic Arts        26.10.2011                1.0.0.0        ---> Notwendig
Battlelog Web Plugins        EA Digital Illusions CE AB        27.03.2012                1.118.0        ---> Notwendig
Bonjour        Apple Inc.        19.03.2012        2,00MB        3.0.0.10        ---> Notwendig
CCleaner        Piriform        22.06.2012                43891        ---> Notwendig
Cisco Systems VPN Client 5.0.07.0290                10.11.2011        10,6MB                ---> Notwendig
Command & Conquer™ Alarmstufe Rot 3        Electronic Arts        15.10.2011        8,22GB        1.0.1.0        ---> Notwendig
Core Temp 1.0 RC2        Alcpu        15.10.2011        2,30MB        1.0        ---> Notwendig
CyberLink BD Advisor 2.0                17.10.2011                        ---> Notwendig
CyberLink Blu-ray Disc Suite        CyberLink Corp.        17.10.2011        38,4MB        7.0.2407        ---> Notwendig
CyberLink InstantBurn        CyberLink Corp.        17.10.2011                5.0.6210        ---> Notwendig
CyberLink LabelPrint        CyberLink Corp.        17.10.2011        127MB        264193        ---> Notwendig
CyberLink MediaShow        CyberLink Corp.        17.10.2011        250MB        5.0.1423        ---> Notwendig
CyberLink Power2Go        CyberLink Corp.        17.10.2011        121MB        694698        ---> Notwendig
CyberLink PowerBackup        CyberLink Corp.        17.10.2011                1506018        ---> Notwendig
CyberLink PowerDVD 9        CyberLink Corp.        17.10.2011        182MB        9.0.2519.50        ---> Notwendig
CyberLink PowerProducer        CyberLink Corp.        17.10.2011        175MB        5.0.2.2429        ---> Notwendig
DAEMON Tools Lite        DT Soft Ltd        14.10.2011                4.41.3.0173        ---> Notwendig
Day of Defeat: Source        Valve        15.10.2011                        ---> Notwendig
Diablo III        Blizzard Entertainment        11.07.2012                1.0.3.10485        ---> Notwendig
Die Sims™ 3        Electronic Arts        20.05.2012                1.33.2        ---> Notwendig
Die Sims™ 3 Design-Garten-Accessoires        Electronic Arts        15.10.2011                7.0.55        ---> Notwendig
Die Sims™ 3 Einfach tierisch        Electronic Arts        26.10.2011                10.0.96        ---> Notwendig
Die Sims™ 3 Gib Gas-Accessoires        Electronic Arts        15.10.2011                5.0.44        ---> Notwendig
Die Sims™ 3 Late Night        Electronic Arts        15.10.2011                6.0.81        ---> Notwendig
Die Sims™ 3 Lebensfreude        Electronic Arts        15.10.2011                8.0.152        ---> Notwendig
Die Sims™ 3 Luxus-Accessoires        Electronic Arts        15.10.2011                3.0.38        ---> Notwendig
Die Sims™ 3 Reiseabenteuer        Electronic Arts        15.10.2011                2.0.86        ---> Notwendig
Die Sims™ 3 Stadt-Accessoires        Electronic Arts        15.10.2011                9.0.73        ---> Notwendig
Die Sims™ 3 Traumkarrieren        Electronic Arts        20.05.2012                4.0.87        ---> Notwendig
Direct MP3 Joiner version 3.0.2.9        Piston Software        08.02.2012        4,25MB        3.0.2.9        ---> Notwendig
DiRT2        Codemasters        15.10.2011                1.00.0000        ---> Notwendig
Dropbox        Dropbox, Inc.        02.06.2012                39173        ---> Notwendig
Dungeon Defenders                16.04.2012                        ---> Notwendig
Dungeon Defenders Demo                09.04.2012                        ---> Notwendig
Enterprise Architect 9.3  - 30 Day Trial Edition        Sparx Systems        20.04.2012        174MB        9.3.931.22        ---> Notwendig
ESN Sonar        ESN Social Software AB        14.03.2012                0.70.4        ---> Notwendig
Etron USB3.0 Host Controller        Etron Technology        14.10.2011        5,12MB        0.96        ---> Notwendig
Free M4a to MP3 Converter 7.0        ManiacTools.com        10.02.2012        3,95MB                ---> Notwendig
FreePDF (Remove only)                11.05.2012                        ---> Notwendig
FW LiveUpdate        SAMSUNG        17.10.2011                2.0.6.2        ---> Notwendig
GPL Ghostscript        Artifex Software Inc.        17.10.2011                41008        ---> Notwendig
Grand Theft Auto IV        Rockstar Games        15.10.2011                1.00.0000        ---> Notwendig
Half-Life(R) 2        Valve        15.10.2011        6,17GB        1.0.0.0        ---> Notwendig
Hardcopy (C:\Program Files (x86)\Hardcopy)        www.hardcopy.de        20.05.2012                40999        ---> Notwendig
HTC BMP USB Driver        HTC        19.06.2012        284KB        1.0.5375        ---> Notwendig
HTC Driver Installer        HTC Corporation        19.06.2012        2,09MB        3.0.0.021        ---> Notwendig
HTC Sync        HTC Corporation        19.06.2012        47,0MB        43864        ---> Notwendig
Intel(R) Management Engine Components        Intel Corporation        14.10.2011                7.0.0.1144        ---> Notwendig
Intel(R) Rapid Storage Technology        Intel Corporation        14.10.2011                10.1.0.1008        ---> Notwendig
iTunes        Apple Inc.        17.06.2012        182MB        10.6.3.25        ---> Notwendig
Java(TM) 6 Update 26        Oracle        16.10.2011        94,9MB        6.0.260        ---> Notwendig
Java(TM) 7        Oracle        16.10.2011        98,9MB        7.0.0        ---> Notwendig
Java(TM) 7 Update 4 (64-bit)        Oracle        12.06.2012        95,0MB        7.0.40        ---> Notwendig
LaCie Ethernet Agent 1.0        LaCie SA        14.10.2011                1.0        ---> Notwendig
LaCie Network Assistant 1.5.2.59        LaCie        16.10.2011                1.5.2.59        ---> Notwendig
LightScribe System Software        LightScribe        17.10.2011        24,0MB        1.18.11.1        ---> Notwendig
Logitech GamePanel Software 3.03.133        Logitech Inc.        10.03.2012        53,8MB        3.03.133        ---> Notwendig
Logitech Gaming Software 8.20        Logitech Inc.        26.12.2011        76,6MB        8.20.74        ---> Notwendig
Logitech Webcam-Software        Logitech Inc.        10.03.2012                11355        ---> Notwendig
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        04.07.2012        18,0MB        1.61.0.1400        ---> Notwendig
Mass Effect™ 3 Demo        Electronic Arts        18.02.2012                1.0.0.0        ---> Notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        14.10.2011        38,8MB        4.0.30319        ---> Notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        14.10.2011        2,93MB        4.0.30319        ---> Notwendig
Microsoft .NET Framework 4 Extended        Microsoft Corporation        06.05.2012        51,9MB        4.0.30319        ---> Notwendig
Microsoft Flight                07.04.2012                        ---> Notwendig
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        15.10.2011        31,3MB        3.5.88.0        ---> Notwendig
Microsoft Games for Windows Marketplace        Microsoft Corporation        15.10.2011        6,03MB        3.5.50.0        ---> Notwendig
Microsoft IntelliPoint 8.2        Microsoft Corporation        14.10.2011                8.20.468.0        ---> Notwendig
Microsoft Office Outlook Connector        Microsoft Corporation        14.10.2011        3,38MB        14.0.6106.5001        ---> Notwendig
Microsoft Office Professional 2010        Microsoft Corporation        26.04.2012                14.0.6029.1000        ---> Notwendig
Microsoft Office Project Professional 2007        Microsoft Corporation        21.04.2012                12.0.6612.1000        ---> Notwendig
Microsoft redistributable runtime DLLs VS2005 SP1(x86)        SAP        17.11.2011        308KB        8.0.50727.4053        ---> Notwendig
Microsoft redistributable runtime DLLs VS2008 SP1(x86)        SAP AG        17.11.2011        4,62MB        9.0        ---> Notwendig
Microsoft Security Essentials        Microsoft Corporation        24.04.2012                4.0.1526.0        ---> Notwendig
Microsoft Silverlight        Microsoft Corporation        14.05.2012        50,6MB        5.1.10411.0        ---> Notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        14.10.2011        1,69MB        3.1.0000        ---> Notwendig
Microsoft Visio Professional 2010        Microsoft Corporation        15.10.2011                14.0.6029.1000        ---> Notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        24.01.2012        260KB        8.0.50727.4053        ---> Notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.01.2012        250KB        8.0.50727.4053        ---> Notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.10.2011        300KB        8.0.56336        ---> Notwendig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        15.01.2012        572KB        8.0.61000        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        29.10.2011        788KB        9.0.30729        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        30.10.2011        788KB        9.0.30729.6161        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        16.10.2011        2,06MB        9.0.21022        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        20.10.2011        234KB        9.0.30729        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        17.10.2011        238KB        9.0.30729        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        09.04.2012        222KB        9.0.30729.4148        ---> Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.10.2011        600KB        9.0.30729.6161        ---> Notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        14.10.2011        13,7MB        10.0.30319        ---> Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.10.2011        15,0MB        10.0.40219        ---> Notwendig
Mozilla Firefox 13.0.1 (x86 de)        Mozilla        17.06.2012        40,8MB        13.0.1        ---> Notwendig
Mozilla Maintenance Service        Mozilla        17.06.2012        309KB        13.0.1        ---> Notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        17.11.2011        1,28MB        4.20.9870.0        ---> Unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        18.11.2011        1,34MB        4.20.9876.0        ---> Unbekannt
MSXML 4.0 SP3 Parser        Microsoft Corporation        19.06.2012        1,47MB        4.30.2100.0        ---> Unbekannt
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        20.06.2012        1,53MB        4.30.2107.0        ---> Unbekannt
NVIDIA PhysX        NVIDIA Corporation        18.02.2012        78,9MB        9.10.0513        ---> Notwendig
OpenAL                12.05.2012                        ---> Notwendig
Origin        Electronic Arts, Inc.        22.03.2012                8.5.0.4554        ---> Notwendig
Pandasoft Video Converter        Pandasoft        06.05.2012        68,5MB        0.95.122.0        ---> Notwendig
PDF-XChange Viewer        Tracker Software Products Ltd.        29.11.2011        44,5MB        2.5.199.0        ---> Notwendig
PunkBuster Services        Even Balance, Inc.        18.04.2012                0.991        ---> Notwendig
Rapture3D 2.3.22 Game        Blue Ripple Sound        15.10.2011                        ---> Unbekannt
Realtek Ethernet Controller Driver For Windows 7        Realtek        14.10.2011                7.23.623.2010        ---> Notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        14.10.2011                6.0.1.6167        ---> Notwendig
RedMon - Redirection Port Monitor                17.10.2011                        ---> Unbekannt
ROCCAT Valo Keyboard Driver                14.10.2011                        ---> Notwendig
SAP Business Explorer        SAP AG        17.11.2011                44013        ---> Notwendig
SAP GUI for Windows 7.20        SAP        17.11.2011                7.20 Compilation 3        ---> Notwendig
Skype Click to Call        Skype Technologies S.A.        15.06.2012        15,9MB        6.0.10201        ---> Notwendig
Skype™ 5.9        Skype Technologies S.A.        15.06.2012        19,4MB        5.9.123        ---> Notwendig
Steam(TM)        Valve        15.10.2011        16,4MB        1.0.0.0        ---> Notwendig
Streamripper (Remove only)                23.12.2011                        ---> Notwendig
TeamSpeak 3 Client        TeamSpeak Systems GmbH        29.10.2011                        ---> Notwendig
TomTom HOME 2.8.3.2458        TomTom        03.01.2012                2.8.3.2458        ---> Notwendig
TomTom HOME Visual Studio Merge Modules        TomTom International B.V.        03.01.2012        1,88MB        1.0.2        ---> Notwendig
Ubisoft Game Launcher        UBISOFT        18.04.2012                1.0.0.0        ---> Notwendig
VLC media player 1.1.11        VideoLAN        20.10.2011                40544        ---> Notwendig
Winamp        Nullsoft, Inc        23.12.2011                5623        ---> Notwendig
Winamp Erkennungs-Plug-in        Nullsoft, Inc        23.12.2011        75,0KB        1.0.0.1        ---> Notwendig
Windows 7 Codec Pack 3.4.0        Windows 7 Codec Pack        17.10.2011                36619        ---> Notwendig
Windows Live Essentials        Microsoft Corporation        14.10.2011                15.4.3538.0513        ---> Notwendig
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        14.10.2011        5,57MB        15.4.5722.2        ---> Notwendig
WinRAR 4.01 (64-Bit)        win.rar GmbH        14.10.2011                36529        ---> Notwendig
Xtra Controller Ex        Hercules        15.01.2012                4.0.2.1        ---> Unbekannt
Xtra Controller Ex        Hercules        15.01.2012                4.0.2.1        ---> Unbekannt
Vielen Dank!

markusg 11.07.2012 12:42
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:

öffne ccleaner, analysieren ccleaner starten.
öffne otl, cleanup, pc neustarten


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131