Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Sehr lange Bootzeit von Win 7 (https://www.trojaner-board.de/115500-sehr-lange-bootzeit-win-7-a.html)

HDA 21.05.2012 09:17
Sehr lange Bootzeit von Win 7
 
Hallo Forum,

nun hat es mich auch erwischt. Mein Laptop braucht immer länger zum Booten und das Win 7 braucht immer länger bis es fertig & bereit ist loszulegen.
Ich habe die Anleitung befolgt und folgende Log Files bekommen siehe Anhang.
Mit Defogger gabe es kein Log File (wenn ich alles richtig gemacht habe) nur bei dem Run mit dds.

Ich hoffs das ich soweit alles richig gemacht habe & mir noch geholfen werden kann.

ciao

cosinus 21.05.2012 19:12
Zitat:
Mein Laptop braucht immer länger zum Booten und das Win 7 braucht immer länger bis es fertig & bereit ist loszulegen.
Sei wann? Was hast du am System verändert?
Wie lange genau ist "immer länger" ?

HDA 22.05.2012 00:35
Boot Zeit (bis Win7 geladen ist und ich programme ausführen kann) ca. 7min. Seit meine Freundin ihr Skyp & Co instaliert hat ist es länger geworden. Da ich nicht oft an dem Laptop bin ist mir das erst Gestern auf gefallen.

gruß

cosinus 22.05.2012 10:52
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

HDA 22.05.2012 12:30
Hallo Cosinus / Arne,

erst einmal ein großes Dankeschön an Dich, da Du Dich meiner Sache angenommen hast.
Malwarebytes' Anti-Malware habe ich eben durchlaufen lassen, hatte nichts gefunden & hier das Log File.

[code] Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Agamemnnon :: HP15 [Administrator]

22.05.2012 12:56:18
mbam-log-2012-05-22 (12-56-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210774
Laufzeit: 5 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende) [code]



Einen Scan vom 14.05.2012



[code] Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Agamemnnon :: HP15 [Administrator]

14.05.2012 08:37:47
mbam-log-2012-05-14 (08-37-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210051
Laufzeit: 7 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Agamemnnon\Downloads\SoftonicDownloader_fuer_calibre-portable.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Agamemnnon\Downloads\SoftonicDownloader_fuer_crystalcpuid.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Agamemnnon\Downloads\SoftonicDownloader_fuer_vokabeltrainer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende) [code]


Desweitern habe ich gestern den ESET Online Scanner durchlaufen lassen. Ich habe die Anweisungen genau befolgt aber am Ende
hat der Befehl (Win Taste + R & danach die Zeile - "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt" - kein Log File
erzeugen können. Ich konnte jedoch die gefundenen Problem aus dem ESET Scanner Screen heraus kopieren. Diese sehen wie folgt aus

C:\Tools\Voic\SoftonicDownloader_fuer_voipcheap.exe Win32/SoftonicDownloader application
C:\Users\Agamemnnon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1974PBF3\iobitToolbar[1].msi a variant of Win32/Toolbar.Widgi application
C:\Windows\Installer\fb235db.msi a variant of Win32/Toolbar.Widgi application

Ich werde den ESET Online Scanner (Laufzeit ca. 5h) gerne nochmals heute Nacht durch laufen lassen fall das erwünscht ist.

Nachtrag
Ich hatte vor einiger Zeit die ATI Software für die Grafikkarte aktualisiert & danach habe ich das Gefühl das die Zeit die Win 7 braucht bis es fertig ist länger geworden ist.

Gruß

cosinus 22.05.2012 13:20
Warum Quickscan mit Malwarebytes, Vollscan wurde extra dick und fett rot markiert!

HDA 22.05.2012 15:04
Sorry,
Macht der Gewonheit, der voll Scann kommt.

Sorry der Scan dauert ca. 5h. Anbei das Log File

[code]Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Agamemnnon :: HP15 [Administrator]

22.05.2012 16:13:44
mbam-log-2012-05-22 (16-13-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 885239
Laufzeit: 5 Stunde(n), 26 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)[code]

Moin,

ich habe über die Nacht nochmal den ESET Scanner laufen lassen & nun hat das mit dem Log File auch funktioniert.

[code] ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 02:30:41
# local_time=2012-05-23 04:30:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 399915 89352862 0 0
# compatibility_mode=7937 16777214 28 75 570112 4814344 0 0
# compatibility_mode=8192 67108863 100 0 152 152 0 0
# scanned=686568
# found=2
# cleaned=0
# scan_time=17229
C:\Users\Agamemnnon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1974PBF3\iobitToolbar[1].msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\fb235db.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
[code]

Hoffe das es aussagekräftiger ist.

Gruß

HDA 24.05.2012 23:14
Zitat:
Zitat von HDA (Beitrag 832081)
Sorry,
Macht der Gewonheit, der voll Scann kommt.

Sorry der Scan dauert ca. 5h. Anbei das Log File

[code]Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Agamemnnon :: HP15 [Administrator]

22.05.2012 16:13:44
mbam-log-2012-05-22 (16-13-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 885239
Laufzeit: 5 Stunde(n), 26 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)[code]

Moin,

ich habe über die Nacht nochmal den ESET Scanner laufen lassen & nun hat das mit dem Log File auch funktioniert.

[code] ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-23 02:30:41
# local_time=2012-05-23 04:30:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 399915 89352862 0 0
# compatibility_mode=7937 16777214 28 75 570112 4814344 0 0
# compatibility_mode=8192 67108863 100 0 152 152 0 0
# scanned=686568
# found=2
# cleaned=0
# scan_time=17229
C:\Users\Agamemnnon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1974PBF3\iobitToolbar[1].msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\fb235db.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
[code]

Hoffe das es aussagekräftiger ist.

Gruß
Gruß,

vielleicht hat noch einer eine Idee was ich machen kann.
Vollscan & Log File stehen oben.

Danke

cosinus 25.05.2012 10:53
Hast du die lange Bootzeit auch im abgesicherten Modus?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

HDA 25.05.2012 13:08
Hallo Arne,

habe den Scan soeben beendet

OTL Logfile:
Code:
OTL logfile created on: 25.05.2012 12:59:46 - Run 3
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Agamemnnon\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,74 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 75,36% Memory free
15,55 Gb Paging File | 13,52 Gb Available in Paging File | 86,93% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 295,98 Gb Total Space | 104,41 Gb Free Space | 35,28% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,61% Space Free | Partition Type: FAT32
 
Computer Name: HP15 | User Name: Agamemnnon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Agamemnnon\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Tools\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Tools\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Tools\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Tools\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (IMFservice) -- C:\Tools\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (qcusbser) -- C:\Windows\SysNative\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (UrlFilter) -- C:\Tools\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Tools\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Tools\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 74 D0 8E 2C 84 CC 01  [binary data]
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.7\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\..\SearchScopes,DefaultScope = {36CEA3DA-9FD5-4DAF-B808-FC4A240A8706}
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\..\SearchScopes\{36CEA3DA-9FD5-4DAF-B808-FC4A240A8706}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=380920&p={searchTerms}
IE - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Agamemnnon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Agamemnnon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Agamemnnon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Agamemnnon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 21:09:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.08 21:09:08 | 000,000,000 | ---D | M]
 
[2011.10.06 22:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agamemnnon\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2012.05.20 16:46:10 | 000,442,922 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 15216 more lines...
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.7\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.7\iobitToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Tools\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Tools\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000..\Run: [SpybotSD TeaTimer] C:\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2149925061-3886611101-1492713281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1F8749-796A-433D-A229-9B3C089330C3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B448C82F-AD2F-43CE-8EB2-3601E8FB80B6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E136C160-B2D5-42EE-BBE0-ECC79E6C2135}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1669235-527A-4E5D-89FA-4CBC79151D97}: DhcpNameServer = 168.95.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Agamemnnon\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: VoipCheapCom - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: IMFservice - C:\Tools\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework
ActiveX: {BFA2E378-31D9-4595-AFA9-CA19E610DC0F} - .NET Framework
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\4.0
[2012.05.23 11:26:55 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\.tfo4
[2012.05.22 23:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.22 12:51:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Agamemnnon\mbam-setup-1.61.0.1400.exe
[2012.05.22 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Local\Diagnostics
[2012.05.19 09:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.05.19 09:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar
[2012.05.19 09:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.05.18 22:31:26 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Local\ElevatedDiagnostics
[2012.05.16 09:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012.05.16 09:25:15 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\IObit
[2012.05.16 09:21:32 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.05.16 09:21:31 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\Spyware Terminator
[2012.05.16 09:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.05.16 09:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.05.16 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.05.16 09:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.16 09:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.16 08:56:48 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\f-secure
[2012.05.16 08:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.05.16 08:49:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.15 09:04:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.14 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\QuickScan
[2012.05.14 09:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.14 09:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.14 08:37:06 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\Malwarebytes
[2012.05.14 08:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.14 08:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.14 08:36:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.09 12:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.05.09 12:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.05.09 12:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.09 12:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.09 12:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.03 19:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.04.29 00:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dokan
[2012.04.28 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\ts3overlay
[2012.04.28 20:21:37 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\TS3Client
[2012.04.26 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\Agamemnnon\AppData\Roaming\wargaming.net
[2012.04.25 23:12:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.04.25 23:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.04.25 23:12:08 | 000,000,000 | ---D | C] -- C:\Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
 
[2012.05.25 12:33:02 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2149925061-3886611101-1492713281-1000UA.job
[2012.05.25 08:29:08 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2149925061-3886611101-1492713281-1000Core.job
[2012.05.25 08:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 17:47:18 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 17:47:18 | 000,019,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 17:39:23 | 1941,090,303 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.23 12:24:16 | 000,028,009 | ---- | M] () -- C:\Users\Agamemnnon\Desktop\aabbcc._aaa-aaa.odt
[2012.05.23 11:55:41 | 015,809,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 11:55:41 | 000,684,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.05.23 11:55:41 | 000,684,000 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012.05.23 11:55:41 | 000,681,356 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.05.23 11:55:41 | 000,680,010 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.05.23 11:55:41 | 000,679,642 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012.05.23 11:55:41 | 000,670,084 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012.05.23 11:55:41 | 000,666,732 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.05.23 11:55:41 | 000,654,470 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012.05.23 11:55:41 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.23 11:55:41 | 000,623,220 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012.05.23 11:55:41 | 000,614,512 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.05.23 11:55:41 | 000,609,266 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012.05.23 11:55:41 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 11:55:41 | 000,601,758 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012.05.23 11:55:41 | 000,541,152 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012.05.23 11:55:41 | 000,453,124 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012.05.23 11:55:41 | 000,440,052 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012.05.23 11:55:41 | 000,427,018 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012.05.23 11:55:41 | 000,424,900 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2012.05.23 11:55:41 | 000,394,978 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012.05.23 11:55:41 | 000,383,546 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012.05.23 11:55:41 | 000,371,298 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.05.23 11:55:41 | 000,355,328 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012.05.23 11:55:41 | 000,346,674 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012.05.23 11:55:41 | 000,144,282 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012.05.23 11:55:41 | 000,133,704 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012.05.23 11:55:41 | 000,131,232 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012.05.23 11:55:41 | 000,130,586 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012.05.23 11:55:41 | 000,129,608 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.05.23 11:55:41 | 000,128,892 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.05.23 11:55:41 | 000,127,070 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.05.23 11:55:41 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.23 11:55:41 | 000,124,922 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012.05.23 11:55:41 | 000,124,006 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.05.23 11:55:41 | 000,120,648 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012.05.23 11:55:41 | 000,118,684 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.05.23 11:55:41 | 000,118,200 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012.05.23 11:55:41 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012.05.23 11:55:41 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.23 11:55:41 | 000,101,856 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012.05.23 11:55:41 | 000,101,428 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012.05.23 11:55:41 | 000,096,514 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.05.23 11:55:41 | 000,085,920 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012.05.23 11:55:41 | 000,078,590 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2012.05.23 11:55:41 | 000,076,620 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012.05.23 11:55:41 | 000,076,164 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012.05.23 11:55:41 | 000,074,002 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012.05.23 11:55:41 | 000,066,274 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012.05.23 11:51:21 | 000,024,183 | ---- | M] () -- C:\Users\Agamemnnon\Desktop\aabbcc._aaa-aaa III.rtf
[2012.05.23 11:15:03 | 158,067,944 | ---- | M] () -- C:\Users\Agamemnnon\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2012.05.23 11:03:42 | 000,021,761 | ---- | M] () -- C:\Users\Agamemnnon\Desktop\aabbcc._aaa-aaa II.rtf
[2012.05.22 14:08:59 | 000,000,062 | ---- | M] () -- C:\Fedora tip
[2012.05.22 12:55:19 | 633,339,904 | ---- | M] () -- C:\Users\Agamemnnon\Fedora-16-x86_64-Live-Desktop.iso
[2012.05.22 12:52:02 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Agamemnnon\mbam-setup-1.61.0.1400.exe
[2012.05.22 10:57:55 | 000,001,004 | ---- | M] () -- C:\Users\Agamemnnon\Desktop\probleme mit dem rechner.rtf
[2012.05.22 01:23:00 | 000,293,355 | ---- | M] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win64-1334913258-2012-05-22 01_22_59.880471.dmp
[2012.05.21 09:57:01 | 000,050,477 | ---- | M] () -- C:\Users\Agamemnnon\Desktop\Defogger.exe
[2012.05.20 16:46:10 | 000,442,922 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.16 09:25:33 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012.05.16 09:21:32 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.05.16 09:04:41 | 000,000,308 | ---- | M] () -- C:\Users\Agamemnnon\Documents\cc_20120516_090438.reg
[2012.05.14 10:11:50 | 000,293,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.14 09:48:59 | 000,005,126 | ---- | M] () -- C:\Users\Agamemnnon\Documents\cc_20120514_094857.reg
[2012.05.14 09:48:47 | 000,014,612 | ---- | M] () -- C:\Users\Agamemnnon\Documents\cc_20120514_094844.reg
[2012.05.14 09:33:59 | 000,000,206 | ---- | M] () -- C:\Users\Agamemnnon\Documents\cc_20120514_093354.reg
[2012.05.14 09:33:46 | 000,000,206 | ---- | M] () -- C:\Users\Agamemnnon\Documents\cc_20120514_093341.reg
[2012.05.14 09:33:32 | 000,054,762 | ---- | M] () -- C:\Users\Agamemnnon\Documents\cc_20120514_093318.reg
[2012.05.13 22:49:16 | 000,295,655 | ---- | M] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win64-1334913258-2012-05-13 22_49_15.498484.dmp
[2012.05.09 19:38:16 | 000,299,318 | ---- | M] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win64-1334913258-2012-05-09 19_38_14.529612.dmp
[2012.05.09 01:02:58 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.09 01:02:58 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.03 19:52:39 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.04.30 22:59:36 | 000,170,252 | ---- | M] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win32-1334913258-2012-04-30 22_59_34.348346.dmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.23 11:38:13 | 000,028,009 | ---- | C] () -- C:\Users\Agamemnnon\Desktop\aabbcc._aaa-aaa.odt
[2012.05.23 11:26:06 | 000,024,183 | ---- | C] () -- C:\Users\Agamemnnon\Desktop\aabbcc._aaa-aaa III.rtf
[2012.05.23 11:13:13 | 158,067,944 | ---- | C] () -- C:\Users\Agamemnnon\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2012.05.23 11:03:37 | 000,021,761 | ---- | C] () -- C:\Users\Agamemnnon\Desktop\aabbcc._aaa-aaa.rtf
[2012.05.22 14:08:47 | 000,000,062 | ---- | C] () -- C:\Fedora tip
[2012.05.22 12:47:20 | 633,339,904 | ---- | C] () -- C:\Users\Agamemnnon\Fedora-16-x86_64-Live-Desktop.iso
[2012.05.22 10:57:55 | 000,001,004 | ---- | C] () -- C:\Users\Agamemnnon\Desktop\probleme mit dem rechner.rtf
[2012.05.22 01:22:59 | 000,293,355 | ---- | C] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win64-1334913258-2012-05-22 01_22_59.880471.dmp
[2012.05.21 09:57:01 | 000,050,477 | ---- | C] () -- C:\Users\Agamemnnon\Desktop\Defogger.exe
[2012.05.16 09:25:33 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012.05.16 09:04:39 | 000,000,308 | ---- | C] () -- C:\Users\Agamemnnon\Documents\cc_20120516_090438.reg
[2012.05.14 10:09:58 | 000,293,592 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.14 09:48:58 | 000,005,126 | ---- | C] () -- C:\Users\Agamemnnon\Documents\cc_20120514_094857.reg
[2012.05.14 09:48:46 | 000,014,612 | ---- | C] () -- C:\Users\Agamemnnon\Documents\cc_20120514_094844.reg
[2012.05.14 09:33:56 | 000,000,206 | ---- | C] () -- C:\Users\Agamemnnon\Documents\cc_20120514_093354.reg
[2012.05.14 09:33:42 | 000,000,206 | ---- | C] () -- C:\Users\Agamemnnon\Documents\cc_20120514_093341.reg
[2012.05.14 09:33:28 | 000,054,762 | ---- | C] () -- C:\Users\Agamemnnon\Documents\cc_20120514_093318.reg
[2012.05.13 22:49:15 | 000,295,655 | ---- | C] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win64-1334913258-2012-05-13 22_49_15.498484.dmp
[2012.05.09 19:38:14 | 000,299,318 | ---- | C] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win64-1334913258-2012-05-09 19_38_14.529612.dmp
[2012.05.03 19:52:39 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.04.30 22:59:34 | 000,170,252 | ---- | C] () -- C:\Users\Agamemnnon\Documents\ts3_clientui-win32-1334913258-2012-04-30 22_59_34.348346.dmp
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.08 01:22:18 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.12.08 01:22:18 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.12.08 01:22:17 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.12.08 01:18:09 | 000,032,822 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.12.05 10:26:08 | 000,000,000 | ---- | C] () -- C:\Windows\Hunter.INI
[2011.11.10 15:55:49 | 000,003,584 | ---- | C] () -- C:\Users\Agamemnnon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 17:51:52 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011.10.08 20:53:55 | 000,266,646 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011.10.08 20:53:55 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011.10.06 19:32:09 | 000,007,630 | ---- | C] () -- C:\Users\Agamemnnon\AppData\Local\Resmon.ResmonCfg
[2011.10.06 17:43:23 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011.10.06 16:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2010.06.02 17:28:14 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2011.10.06 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
[2011.10.10 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\calibre
[2012.05.16 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\f-secure
[2012.05.03 08:58:08 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\GHISLER
[2012.05.16 09:25:15 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\IObit
[2012.04.03 13:38:34 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\MyPhoneExplorer
[2011.11.21 11:37:37 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\OpenOffice.org
[2011.12.22 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Opera
[2012.05.14 10:07:19 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\QuickScan
[2011.10.19 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Samsung
[2012.05.16 09:21:31 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Spyware Terminator
[2012.05.03 22:32:45 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\TS3Client
[2012.05.03 19:53:59 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\ts3overlay
[2011.12.21 12:31:24 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\VoipCheapCom
[2012.04.26 08:06:47 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\wargaming.net
[2011.12.05 20:44:16 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\XBMC
[2009.07.14 07:08:49 | 000,019,782 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.06 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Adobe
[2011.10.06 20:59:08 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
[2011.10.06 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\ATI
[2011.10.06 20:03:10 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Avira
[2011.10.10 13:56:21 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\calibre
[2012.05.16 08:56:48 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\f-secure
[2012.05.03 08:58:08 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\GHISLER
[2011.10.06 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Hewlett-Packard
[2011.10.09 20:08:22 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\HP
[2012.02.17 12:31:22 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\hpqLog
[2012.05.18 00:16:17 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\HpUpdate
[2011.10.06 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Identities
[2012.05.16 09:25:15 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\IObit
[2011.10.06 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Macromedia
[2012.05.14 08:37:06 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Malwarebytes
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Media Center Programs
[2012.05.14 09:28:06 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Media Player Classic
[2011.12.21 12:51:03 | 000,000,000 | --SD | M] -- C:\Users\Agamemnnon\AppData\Roaming\Microsoft
[2012.05.23 12:38:24 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Mozilla
[2012.04.03 13:38:34 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\MyPhoneExplorer
[2011.11.21 11:37:37 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\OpenOffice.org
[2011.12.22 13:12:11 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Opera
[2012.05.14 10:07:19 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\QuickScan
[2011.10.19 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Samsung
[2012.05.09 11:31:33 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Skype
[2012.05.16 09:21:31 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\Spyware Terminator
[2012.05.03 22:32:45 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\TS3Client
[2012.05.03 19:53:59 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\ts3overlay
[2011.11.19 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\vlc
[2011.12.21 12:31:24 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\VoipCheapCom
[2012.04.26 08:06:47 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\wargaming.net
[2012.03.29 20:23:39 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\WinRAR
[2011.12.05 20:44:16 | 000,000,000 | ---D | M] -- C:\Users\Agamemnnon\AppData\Roaming\XBMC
 
< %APPDATA%\*.exe /s >
[2011.12.21 12:51:03 | 000,010,134 | R--- | M] () -- C:\Users\Agamemnnon\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Tools\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

Ich kann heute Abend testen ob der Rechner im Abgesicherten Modus auch sehr lange zum Booten braucht. Ich glaube fast das die neue Ati Treiber für die Grafikkarte etwas mit dem sehr langen Booten zu tun hat.
Danke

cosinus 25.05.2012 13:13
Die extras.txt wäre bei diesem Fall auch hilfreich

HDA 25.05.2012 16:07
Ok hier die Extra.txt, wuste garnicht von dieser Text Datei.

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 20.05.2012 16:58:04 - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Agamemnnon\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,74 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 74,02% Memory free
15,55 Gb Paging File | 13,42 Gb Available in Paging File | 86,28% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 295,98 Gb Total Space | 40,06 Gb Free Space | 13,53% Space Free | Partition Type: NTFS
Drive D: | 485,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,61% Space Free | Partition Type: FAT32
 
Computer Name: HP15 | User Name: Agamemnnon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096BA324-2AA7-4F5F-971F-708E20A56EF1}" = lport=139 | protocol=6 | dir=in | app=system |
"{0BBAB295-B24D-40FD-AD06-4C42316D03F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{0C3A13AF-D596-4727-971F-70E4D92B4F9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F233661-34C3-49DF-9867-C8FB72DEB2D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{209960B2-591B-405D-B1AB-81937873FC5F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3045F3AD-4F5D-41F0-A67B-47A5A2ADFBD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{3DD95E82-F958-4C3A-BDDC-BE4D8B54A413}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44BBC287-DFFD-49B5-B149-EDEBF44352A5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{488170C9-105F-4EB5-ADBF-D18E2FF5BF9D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53972718-002A-4FB9-8893-A1A2E93894B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5777F261-B425-4F5E-9885-0F5E2FFE6DF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{5EDF1CDE-3DFE-4FCC-BBA9-D58CB798B97D}" = lport=138 | protocol=17 | dir=in | app=system |
"{61F88F01-7701-4145-BEB8-70CC4EB25765}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{678C93DB-30AC-4BA8-B9C7-681EA031E5FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6822572E-B401-412A-918E-F7B55C867020}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{6AA2B867-E6AD-4140-9C0F-4DA7D78037B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C31BA63-1981-439B-99D1-3349562BA726}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C384BE9-4DDA-44E2-821E-B7FFE08F3C37}" = lport=10243 | protocol=6 | dir=in | app=system |
"{902FD88B-AE2B-4689-9592-F63E04DB5917}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A529F93-1DF6-4403-B60C-D3852C49D652}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5A3AB1B-C7AA-4C07-B72F-1251E8D8BB06}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3462A2F-000E-4CFC-A408-47BA0D50C8F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3A7BEA2-08D0-4247-B0DD-0A38826F27DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F40FFBAD-0845-4CB5-B0F6-2017F50F88A3}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0108384A-00DB-494C-A70E-C414BEB7B3FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{05CF4E04-7C57-46CF-AF91-A8880DA08571}" = protocol=6 | dir=out | app=system |
"{14CE0246-C0BA-4E45-B774-D7CBE72DA07F}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{17E63625-0937-48F1-8515-72C66A90E51D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{1B2484FA-1806-4EE4-B74D-619C91DFD422}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{1E6164EE-7B79-411C-BA66-307FEDE7979F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2436FCA4-5ACA-436E-9E49-8C55C0FFB7F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{280F94BB-DDB0-46B7-94B1-E0AF8C02379F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{3436CD83-BC49-4F44-9EE0-8B73C208A7C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3530B3E4-4BED-40AA-A011-31C5CAFBF3B9}" = dir=in | app=c:\tools\hp office jet pro 8500 wireless\01\ojp8500va909_full_14\setup\hpznui40.exe |
"{389F3540-3D21-4A58-8E09-50DEF05D541B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A1BA3C9-4B87-4500-A502-F94ACDFEA42D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{530C7256-C19C-41F2-B0EF-81A6FABB62E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{55ED2CDE-4368-4CEB-B723-2EB24EC10B39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69505D47-58FC-4D3D-ABC0-5F1AD07565CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B5F098E-A0C7-435C-8011-F7938438E74B}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{6CA7EA82-76F0-4670-88E1-A59AB5D28145}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72BC462E-1DD3-4103-B86C-F06EC39103FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72FB946B-42B9-459B-BF4C-165EFD664D55}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7AF913F2-C2BB-47BD-ABAE-602BB1D4A762}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C9EFC78-7A58-43C7-B63C-5E724D4A9FD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FFA8D06-A3BC-4F66-AC88-2FE546BF4B8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{85C01FDC-50F0-4F86-B5E1-6CFFABEFFB53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{883F5327-DBCE-4233-B0DC-D2ABDD751C91}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8D37242E-E6F2-4124-B180-1DFF0BBB0BD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8F25F1E1-0A0A-4A5F-8EE8-9ABA75FCBC8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9445F9F1-4737-461C-86B0-93A608441112}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{972233B8-A37C-4601-AAE2-49A2282116FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{9C82A8B2-E485-41B0-A180-D7C5E88E7628}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{9CE9568A-13F1-40DC-9918-6BC6F3728964}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A300F08D-332A-4BD5-98F5-57DB00EB4E2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{A4379AF8-5CE9-4EC4-B652-3D212A731A32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A55BFE2B-7F87-4639-8253-ED0DA813E541}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{A67D1738-63C0-468D-AA1B-D1C8AB291AB7}" = dir=in | app=c:\tools\skypeportable\app\skype\phone\skype.exe |
"{AB81A378-6B4D-4BF9-8EE2-648A0F36B63F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AE9900F7-6EF2-41B2-885E-B9F849B12383}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BCBD7F6E-C251-46AE-BC79-4ABE55A02518}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{CCA56801-91DA-4C50-AC69-D67720B1C354}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D829A0A4-1EDD-4D43-BB60-D58B8FB8A9EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D90FFFFC-1018-4038-9E51-55C1A668207C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{DD86C117-8A28-4202-9ECB-71403454679F}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{DD9A41CB-DB53-4E8F-B700-0842EA9725E7}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{F2FE3FCC-FF43-47A4-8C87-9DEEFF88D686}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4E41D61-6BBA-4AC2-9891-F4C93A7DDBFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FCA35BF7-B959-4ED9-9C1C-EBD451BD1442}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{0DC9E1F0-98A1-44C0-A8B5-B6ED4EE60A61}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{31A218A9-3068-465A-A866-B7AF1ADA897B}C:\tools\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\tools\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{60203256-E9C0-4F9C-9121-EF2BCF9AE948}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{7418819B-3FE0-4312-86E3-913E7E7BB7C9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{8E585C84-62B5-4F56-B7D7-15A189F56942}C:\game\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\game\freecivportable\app\freeciv\freeciv-server.exe |
"TCP Query User{9E8E73F4-D5D9-4820-9F5A-D129E53F0EC0}C:\game\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\game\freecivportable\app\freeciv\freeciv-server.exe |
"TCP Query User{EA9DD84F-F738-4D3E-98A0-C168C5BCB526}C:\tools\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\tools\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{02F60700-94AE-400F-98A5-3DE23E942426}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0578A8DD-975B-4C34-B579-B5822FE824C8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{192AD7DA-FA51-4601-9EA1-7E56F8F16327}C:\tools\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\tools\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{62F3DBC8-412B-47B0-BE7F-21C9834B895E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{6D2793ED-6FBC-4BE5-8275-C382C7D827BC}C:\tools\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\tools\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{9B470EDE-E449-45AD-9B84-1BF73460216F}C:\game\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\game\freecivportable\app\freeciv\freeciv-server.exe |
"UDP Query User{ADEC7770-3CE7-41A3-89AF-3B2BBA398114}C:\game\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\game\freecivportable\app\freeciv\freeciv-server.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{647509A0-817B-A1E2-80A3-ECCBFF6BFEE8}" = AMD AVIVO64 Codecs
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager
"{84FD80B9-AB11-406F-8719-09C51D18CC0C}" = HP Wireless Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FCB2935-2D33-166F-CCF3-0BFC02419983}" = ccc-utility64
"{9DFEC455-86B1-95C7-3189-B922131869E0}" = WMV9/VC-1 Video Playback
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"5D9817CE83DD092EB8923949297A94C53A0A27CF" = Windows Driver Package - ACER Incorporated (qcusbser) Ports  (08/16/2010 2.0.6.6)
"637F4A11ADE9B1B3D8F4A37C0C4CA8EA924B739E" = Windows Driver Package - Linux Developer Community Net  (08/16/2010 5.1.2600.2781)
"83E7AE861B9BCCB05F7AA822F9EE26C0672E6888" = Windows Driver Package - Acer, Inc (androidusb) USB  (08/16/2010 1.0.0010.00000)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"D149DB73BE02E748657C63CBB404510E56E08F63" = Windows Driver Package - ACER Incorporated (qcusbser) Modem  (08/16/2010 2.0.6.6)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00789D75-DD2A-CC46-AC78-06A845E785AF}" = CCC Help Finnish
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E9A5816-8E92-577D-9BC8-2CCBD1D1C46D}" = CCC Help Polish
"{0EA30CC1-C0FA-036E-9F2E-50CDDDF47ED0}" = CCC Help Spanish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BE5A8D-9390-3019-653B-840757E69F9B}" = Catalyst Control Center Localization All
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31B86234-2E65-A855-8A14-47C253C38FD9}" = CCC Help Dutch
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3C87C43B-0693-6941-8AFE-CD6011C73D5A}" = CCC Help Thai
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{40B8FAC4-BB82-5F03-D15B-BD2D355D8F8A}" = CCC Help Swedish
"{41DEF013-805A-8D82-B72E-6D1496ED3150}" = CCC Help Chinese Standard
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{700E89B8-C157-34B5-E68C-6017823E6424}" = CCC Help Korean
"{712B481B-96DD-0065-6B14-57497730995D}" = CCC Help French
"{71CDBB06-7EB2-576E-F8EF-46A58F151E4E}" = CCC Help English
"{74443BC6-ED97-9A1B-52C4-B23D400D8255}" = CCC Help Italian
"{7CAC2022-01CD-4FFD-4A29-089A676261CD}" = CCC Help Portuguese
"{7F292B05-7C7E-F016-6A7A-6FF74838B149}" = CCC Help Russian
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9135F223-3ED1-C424-93F9-3F4FB3F80C2F}" = CCC Help Danish
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9596B7FA-9226-02D9-E417-C4CF064E5BEF}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{ACE3B3C3-2063-BBAD-BD77-DFEE4E5034B9}" = CCC Help Turkish
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B2D3F27F-1602-195B-A546-13A288D24F32}" = CCC Help German
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C34B71C9-08A9-C73D-026B-D0D9AED1E0A2}" = CCC Help Norwegian
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF01D4F2-D8B0-2CD5-11F4-778A074255E7}" = CCC Help Hungarian
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D5E3F9E2-FB26-F760-41BC-A9D6244C128E}" = CCC Help Chinese Traditional
"{D66EFAAD-383E-46B3-9567-86B3BB80511E}" = IObit Toolbar v5.7
"{DA9660B6-F1DD-41D3-BA3C-E7F7BF9921B2}" = Catalyst Control Center - Branding
"{E1ACFF16-2555-48B0-8EFB-008818A42613}" = calibre
"{E220706D-CBD0-EA07-4175-081A1C10E161}" = CCC Help Greek
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E72EC29C-9853-4CC2-1F18-3A288C9A1FA8}" = CCC Help Czech
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5A538B0-42B0-6F7E-3BC9-B8F5B032FA09}" = CCC Help Japanese
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo II" = Diablo II
"DokanLibrary" = Dokan Library 0.6.0
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MPE" = MyPhoneExplorer
"Totalcmd" = Total Commander (Remove or Repair)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2012 16:52:08 | Computer Name = HP15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: worldoftanks.exe, Version: 0.7.2.0,
 Zeitstempel: 0x4f992546  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xffffffff  ID des fehlerhaften
 Prozesses: 0x112c  Startzeit der fehlerhaften Anwendung: 0x01cd31f93a339fbc  Pfad der
 fehlerhaften Anwendung: C:\Games\World_of_Tanks\worldoftanks.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: ab277702-9e06-11e1-bf08-e02a8202536b
 
Error - 16.05.2012 02:17:35 | Computer Name = HP15 | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 70c    Startzeit:
01cd332b12ec390d    Endzeit: 0    Anwendungspfad: C:\Tools\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 c686b547-9f1e-11e1-a288-e02a8202536b 
 
Error - 16.05.2012 03:25:31 | Computer Name = HP15 | Source = Application Hang | ID = 1002
Description = Programm SPYBOTSD.EXE, Version 1.6.2.46 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ab0    Startzeit:
01cd33337ddf1d18    Endzeit: 73    Anwendungspfad: C:\TOOLS\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE

Berichts-ID:
 
 
Error - 16.05.2012 07:31:39 | Computer Name = HP15 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Tools\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Tools\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 18.05.2012 02:33:50 | Computer Name = HP15 | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1580    Startzeit: 01cd3412aa5cd54a    Endzeit: 102    Anwendungspfad:
 C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE    Berichts-ID: 
 
Error - 19.05.2012 04:03:54 | Computer Name = HP15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: worldoftanks.exe, Version: 0.7.2.0,
 Zeitstempel: 0x4f992546  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xe80574c9  ID des fehlerhaften
 Prozesses: 0x2328  Startzeit der fehlerhaften Anwendung: 0x01cd35884f946f7b  Pfad der
 fehlerhaften Anwendung: C:\Games\World_of_Tanks\worldoftanks.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 2cb9315a-a189-11e1-bfba-e02a8202536b
 
Error - 19.05.2012 08:42:59 | Computer Name = HP15 | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1d18    Startzeit: 01cd35bc7e718523    Endzeit: 47    Anwendungspfad:
 C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE    Berichts-ID: 
 
Error - 19.05.2012 17:04:33 | Computer Name = HP15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: worldoftanks.exe, Version: 0.7.2.0,
 Zeitstempel: 0x4f992546  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xffffffff  ID des fehlerhaften
 Prozesses: 0x14f0  Startzeit der fehlerhaften Anwendung: 0x01cd35d81dcb17a9  Pfad der
 fehlerhaften Anwendung: C:\Games\World_of_Tanks\worldoftanks.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 3b5c87ca-a1f6-11e1-bfba-e02a8202536b
 
Error - 20.05.2012 06:23:54 | Computer Name = HP15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: worldoftanks.exe, Version: 0.7.2.0,
 Zeitstempel: 0x4f992546  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xe80574c9  ID des fehlerhaften
 Prozesses: 0x1ce0  Startzeit der fehlerhaften Anwendung: 0x01cd366cb358ce8a  Pfad der
 fehlerhaften Anwendung: C:\Games\World_of_Tanks\worldoftanks.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e5ea89c0-a265-11e1-bfba-e02a8202536b
 
Error - 20.05.2012 10:36:03 | Computer Name = HP15 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SpywareTerminatorShield.exe, Version:
 3.0.0.38, Zeitstempel: 0x4f3aa588  Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7601.17651, Zeitstempel: 0x4e211319  Ausnahmecode: 0x0eedfade  Fehleroffset:
 0x0000b9bc  ID des fehlerhaften Prozesses: 0xe58  Startzeit der fehlerhaften Anwendung:
 0x01cd3695c0f77ea7  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Spyware
 Terminator\SpywareTerminatorShield.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung:
 1fed6cbb-a289-11e1-bc6a-e02a8202536b
 
[ Hewlett-Packard Events ]
Error - 14.10.2011 17:02:17 | Computer Name = HP15 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 28.12.2011 13:34:25 | Computer Name = HP15 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 28.12.2011 13:34:25 | Computer Name = HP15 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 28.12.2011 13:34:30 | Computer Name = HP15 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 29.12.2011 13:36:57 | Computer Name = HP15 | Source = HPSF.exe | ID = 4000
Description =
 
[ HP Software Framework Events ]
Error - 20.04.2012 04:36:00 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.04.20 10:36:00.923|00000608|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20.04.2012 04:36:04 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.04.20 10:36:04.668|00000B4C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 20.04.2012 04:36:08 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.04.20 10:36:08.611|00000AE8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 26.04.2012 19:37:22 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.04.27 01:37:22.377|00001728|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 27.04.2012 04:35:51 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.04.27 10:35:51.368|000007C8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04.05.2012 04:30:37 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.05.04 10:30:37.475|00001670|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04.05.2012 04:34:28 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.05.04 10:34:28.535|000015FC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04.05.2012 04:34:36 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.05.04 10:34:36.635|00000BAC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 04.05.2012 04:34:44 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.05.04 10:34:44.303|00000B0C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.05.2012 05:00:43 | Computer Name = HP15 | Source = CaslWmi | ID = 5
Description = 2012.05.11 11:00:43.526|000017A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 29.12.2011 13:43:38 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 12.01.2012 10:33:52 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 12.01.2012 10:33:56 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 02.05.2012 17:08:01 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 02.05.2012 17:08:24 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 14.05.2012 04:30:01 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 14.05.2012 04:30:28 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 16.05.2012 02:34:24 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 16.05.2012 02:34:28 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 20.05.2012 10:43:16 | Computer Name = HP15 | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)    bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
[ System Events ]
Error - 16.05.2012 02:10:53 | Computer Name = HP15 | Source = Service Control Manager | ID = 7034
Description = Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.05.2012 02:10:56 | Computer Name = HP15 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "HP Support Assistant Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 16.05.2012 02:10:59 | Computer Name = HP15 | Source = Service Control Manager | ID = 7034
Description = Dienst "HP Wireless Assistant Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.05.2012 02:11:08 | Computer Name = HP15 | Source = Service Control Manager | ID = 7034
Description = Dienst "DokanMounter" wurde unerwartet beendet. Dies ist bereits 1
 Mal passiert.
 
Error - 16.05.2012 02:12:15 | Computer Name = HP15 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "HP Support Assistant Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 16.05.2012 02:28:30 | Computer Name = HP15 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 HP Wireless Assistant Service erreicht.
 
Error - 16.05.2012 02:28:30 | Computer Name = HP15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Wireless Assistant Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 16.05.2012 02:57:01 | Computer Name = HP15 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\AGAMEM~1\AppData\Local\Temp\OnlineScanner\Anti-Vir
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 20.05.2012 10:37:24 | Computer Name = HP15 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 HP Wireless Assistant Service erreicht.
 
Error - 20.05.2012 10:37:24 | Computer Name = HP15 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Wireless Assistant Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---
In diesem Textfile sind einige Programme/Tools drin die ich überhaupt nicht kenne wie zB. Cisco LEAP Module / Cisco EAP-FAST Module / CCC Help English / BPDSoftware / Google Talk Plugin
Mir ist nicht bewust diese Programme instaliert zu haben.

Gruß

Hallo Arne,

Win 7 im Abgesicherten Modus ca. 1 min bis PW Eingabe, ca. 1 min bis Desktop sichtbar, ca. 1 min bis Start von Malewarebyts (ich Starte das per Hand)
Win 7 normal gestartet ca. 1 min bis PW Eingabe, ca. 2 min bis Desktop sichbar, ca. 2 min bis Start von Malewarebyts (ich Starte das per Hand), weiter ca. 2 min bis alles geladen ist (Wlan usw)
gruß

cosinus 25.05.2012 23:02
Die OTL.txt ist recht unauffällig und richtige Schädlinge wurden ja nicht gefunden nur ein paar Toolbars was eher in die Adwareschiene fällt

Schau dir mal ganz unten die Extras.txt an. Da ist ein Auszug aus dem Windows-Ereignisprotokoll. Auffällig viele Programmabstürze

Hast du schonmal die Platte mittels chkdsk und den Arbeitsspeicher mit Memtest86 geprüft?

HDA 26.05.2012 09:57
Hallo Arne,

nein das habe ich noch nicht gemacht. Das WOT stürzt seit dem letzten Update hin und wieder ab. Ich werde heute im laufe des Tages beides Memtest86 & chkdsk laufen lassen.

Gruß


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131