Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win 7- BKA Trojaner/logs vorhanden bitte um hilfe (https://www.trojaner-board.de/116405-win-7-bka-trojaner-logs-vorhanden-bitte-um-hilfe.html)

TeiTei 03.06.2012 20:38
Win 7- BKA Trojaner/logs vorhanden bitte um hilfe
 
Hallo ihr lieben Helfer und Hilfe-suchenden
Meine Freundin und ich wollten gestern einen Film-Stream anschauen und plötzlich kam die Meldung des BKA Trojaner.
Nach dem Lesen der anderen Forenbeiträge haben wir die nötigen Textdateien hier und hoffen ihr könnt uns bei den weiteren Schritten helfen.

MALB-LOG:
Code:
  Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Natscho :: NATSCHOLAP [Administrator]

Schutz: Deaktiviert

03.06.2012 20:38:46
mbam-log-2012-06-03 (20-38-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197323
Laufzeit: 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
OTL-Text:
Code:
OTL logfile created on: 03.06.2012 20:58:18 - Run 1
OTL by OldTimer - Version 3.2.46.0    Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 81,60% Memory free
7,90 Gb Paging File | 7,21 Gb Available in Paging File | 91,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 343,06 Gb Free Space | 77,10% Space Free | Partition Type: NTFS
Drive D: | 20,51 Gb Total Space | 2,16 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive F: | 941,02 Mb Total Space | 935,71 Mb Free Space | 99,44% Space Free | Partition Type: FAT32
 
Computer Name: NATSCHOLAP | User Name: Natscho | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (AMService) -- C:\Windows\SysWow64\hnpjepoiox.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{4681C72A-45CA-481E-82D2-0276A6F1C9AA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{4681C72A-45CA-481E-82D2-0276A6F1C9AA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{3A57E546-FB36-4434-BD99-17D0696A9C67}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16205&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=QR&apn_dtid=YYYYYYYYCH&apn_uid=828202C0-192C-4298-9B19-72E202ED57CC&apn_sauid=5730FE22-C441-48BE-813A-29358C81C163
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{4681C72A-45CA-481E-82D2-0276A6F1C9AA}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [AMService] C:\Windows\SysWOW64\xotmksushimhgcdutwmuxt.exe ()
O4 - HKU\S-1-5-18..\Run: [AMService] C:\Windows\SysWOW64\xotmksushimhgcdutwmuxt.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001..\Run: [] C:\Users\Natscho\AppData\Local\Temp\ahlwuxuaqr.exe ()
O4 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B74E371-9185-40B5-8D1E-5E180337D8FD}: DhcpNameServer = 172.168.51.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3E35D88-2D8C-46CA-A394-D6F536883884}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Malwarebytes
[2012.06.03 20:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 20:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 20:38:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 18:53:55 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\vlc
[2012.05.30 18:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.30 18:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.05.28 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Local\LogMeIn Hamachi
[2012.05.28 19:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.05.28 19:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.05.28 13:47:22 | 000,000,000 | ---D | C] -- C:\Users\Natscho\Desktop\Death Note (2006) ANiME Complete DL x264 - FallenA
[2012.05.25 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.05.25 16:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012.05.12 23:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.12 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.12 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.10 20:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.05.10 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Origin
[2012.05.10 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\Natscho\Documents\Electronic Arts
[2012.05.10 19:59:58 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Local\Origin
[2012.05.10 19:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.05.10 19:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.05.10 19:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.05.10 19:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.05.10 19:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.05.10 19:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2012.05.10 19:38:32 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.05.10 19:38:32 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.05.10 19:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012.05.10 18:41:48 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 18:41:45 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 18:41:43 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 18:41:43 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 20:57:33 | 003,140,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.03 20:57:33 | 000,694,898 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.06.03 20:57:33 | 000,689,576 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.06.03 20:57:33 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.03 20:57:33 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.03 20:57:33 | 000,130,350 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.06.03 20:57:33 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.03 20:57:33 | 000,127,354 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.06.03 20:57:33 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.03 20:47:23 | 000,001,584 | ---- | M] () -- C:\Users\Natscho\Desktop\Dokument.rtf
[2012.06.03 20:38:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 20:33:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.03 20:33:53 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.02 22:17:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 22:17:26 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 22:06:13 | 000,047,616 | ---- | M] () -- C:\Windows\SysWow64\xotmksushimhgcdutwmuxt.exe
[2012.06.02 22:06:12 | 000,047,616 | ---- | M] () -- C:\Windows\SysWow64\hnpjepoiox.exe
[2012.05.30 18:53:48 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.30 18:53:22 | 022,259,528 | ---- | M] () -- C:\Users\Natscho\Desktop\vlc-2.0.1-win32.exe
[2012.05.28 13:47:55 | 000,000,206 | ---- | M] () -- C:\Users\Natscho\Documents\PWOOptions.ini
[2012.05.28 01:59:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNatscho.job
[2012.05.28 01:57:36 | 537,189,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.26 10:34:14 | 000,416,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.25 16:59:30 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.05.23 18:05:16 | 001,653,799 | ---- | M] () -- C:\Users\Natscho\Desktop\IMG_0942.JPG
[2012.05.23 18:04:23 | 001,511,942 | ---- | M] () -- C:\Users\Natscho\Desktop\IMG_0945.JPG
[2012.05.18 19:13:35 | 000,000,905 | ---- | M] () -- C:\Users\Natscho\Desktop\TestingCheatsEnabled true.contact
[2012.05.10 19:59:56 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.05.10 19:57:19 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
[2012.05.10 19:38:27 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2012.05.08 20:23:53 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 20:23:53 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.03 20:47:23 | 000,001,584 | ---- | C] () -- C:\Users\Natscho\Desktop\Dokument.rtf
[2012.06.03 20:38:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 22:06:14 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\xotmksushimhgcdutwmuxt.exe
[2012.06.02 22:06:14 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\hnpjepoiox.exe
[2012.05.30 18:53:48 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.30 18:53:10 | 022,259,528 | ---- | C] () -- C:\Users\Natscho\Desktop\vlc-2.0.1-win32.exe
[2012.05.25 16:59:30 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.05.23 18:04:52 | 001,653,799 | ---- | C] () -- C:\Users\Natscho\Desktop\IMG_0942.JPG
[2012.05.23 18:04:01 | 001,511,942 | ---- | C] () -- C:\Users\Natscho\Desktop\IMG_0945.JPG
[2012.05.18 19:13:35 | 000,000,905 | ---- | C] () -- C:\Users\Natscho\Desktop\TestingCheatsEnabled true.contact
[2012.05.10 19:59:56 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.05.10 19:57:19 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
[2012.05.10 19:38:27 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2012.04.16 19:47:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.04.16 19:47:07 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2012.04.15 13:18:15 | 003,182,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.26 14:28:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.20 16:43:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.20 16:32:56 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.20 16:31:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.20 16:31:44 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.20 16:31:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.20 16:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.20 16:31:42 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.20 16:31:42 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.20 16:28:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.09.03 21:31:15 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012.01.15 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\.minecraft
[2012.01.10 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\IDT
[2012.05.10 20:02:45 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Origin
[2012.01.19 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\PhotoScape
[2012.01.12 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\playmink
[2012.01.08 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Playrix Entertainment
[2012.04.16 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Playtinum
[2012.04.25 12:14:19 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\SoftGrid Client
[2012.01.07 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Synaptics
[2012.04.15 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\TP
[2012.04.07 21:35:04 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\UseNeXT
[2012.04.09 12:56:37 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:104B6B72E9AD5006

< End of report >
OTL-Extra:

Code:
OTL Extras logfile created on: 03.06.2012 20:58:18 - Run 1
OTL by OldTimer - Version 3.2.46.0    Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 3,22 Gb Available Physical Memory | 81,60% Memory free
7,90 Gb Paging File | 7,21 Gb Available in Paging File | 91,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 343,06 Gb Free Space | 77,10% Space Free | Partition Type: NTFS
Drive D: | 20,51 Gb Total Space | 2,16 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive F: | 941,02 Mb Total Space | 935,71 Mb Free Space | 99,44% Space Free | Partition Type: FAT32
 
Computer Name: NATSCHOLAP | User Name: Natscho | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0473090D-933E-4E5E-86DF-79C9321E01FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D0D6356-8763-4CD0-8F06-A5C92C260E29}" = rport=139 | protocol=6 | dir=out | app=system |
"{158A0007-E552-4A5F-A12B-4CBAF85E11E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19D177FE-E8C8-4D74-98A2-DF1FA13867A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{24942181-448B-4F20-95BC-C5E9338BF00E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27BEFBAB-9174-4116-841C-8B884C19F27C}" = rport=138 | protocol=17 | dir=out | app=system |
"{2A90520D-F4A3-4937-9C97-CCE73EA7B947}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2BA0E0F3-F78D-4DFD-881C-245C988F5098}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E3B0629-B72C-4390-BEA5-3667F86E2D94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4044D5AE-1164-41AA-BCFD-8D7D4228A14F}" = lport=139 | protocol=6 | dir=in | app=system |
"{49712341-F9C1-4224-83B3-B851CCA80912}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{546DCC13-1AC7-4759-8BD1-F41259F8B9F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60AF5B51-2553-4312-86F7-87E2A7AADEE8}" = rport=445 | protocol=6 | dir=out | app=system |
"{68B2C8BA-BAD0-425A-AA8D-EFD13CE56CE1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{80FD0BE7-6652-4A26-93F3-71A34E8CD6C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{85EA7CCA-914B-4C1B-A68A-03546B1599C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B208C6F6-513F-421E-813C-B18887F0CA9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE5AD832-4756-4DBA-A6CE-F1371BD47EB2}" = lport=445 | protocol=6 | dir=in | app=system |
"{C878F135-676D-4F38-A2E6-22070FD3EB25}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9170439-F371-4A16-B529-6D97E3F9E63C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E2DAB6B0-80E8-4203-8AD9-A15E5BBC9927}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E87C2C95-C3DE-4E47-9535-1CCD00355482}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F1BCD9C8-5AE3-43C0-9E0F-D690F8718020}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F457B0C8-E949-4FA9-9952-E73826E57DF2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDF88DD4-02A2-4F77-A962-790921CE9EB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE3BED8A-F993-42E4-8E7A-B4C30635E2C7}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC18E13-BCA5-4A43-9754-31F947CE9125}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11F9B730-010D-4707-8B52-6FA91BC18AB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20236221-E1C7-4A53-BE32-C381C93086ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22376D44-C75C-4A98-B92E-DB7F536A55C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2598E953-C990-4079-8378-F761373AE76E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40298910-B0EB-4143-BC02-A5B05BCF3254}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{45E250A4-45C9-41EE-91DF-FD2AD2C866E6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5BA6CAFF-F988-4061-B18C-A877E5D51543}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5FE6C5C3-8A98-45A8-A872-DB3027EE759D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63564F63-431E-4E94-A6FD-BC7C74E69D3D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{66A417F0-FB86-44DA-8342-13EF11EFEE6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6EFD68AB-922B-432A-8385-FB69B32D3A99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73F6FCED-DDCA-4B0F-92E8-FB065D0E2131}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9624AFA8-0D8F-4058-8B83-B1B6FE98335D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{968EC104-8762-4982-BED7-1C81261506E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{978E9EFA-351A-44B5-A588-069B666712CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A0F05CDD-D0D8-4BCA-AF15-44B519961AD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A89D7635-E3DC-49E2-8E16-2EF4A46BCA25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9E7AD75-0874-46FE-9DA4-4D4D540B97F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C6B22C6F-771F-4188-98FA-ED3048583928}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{C883EAD2-3DE9-40AF-AD37-63D33001A73E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8F66AA4-C90F-4B0B-BA7F-EC038E82E9D6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C97D18FD-B398-40F6-8A9F-DAE6299BC44E}" = protocol=6 | dir=out | app=system |
"{D1C66B35-9FDB-4E84-90FA-8BE59F1E9DBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6E8DB8C-F6A5-4615-B29D-9FCC2F6BA6DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D903DA0D-A50E-49AE-99EC-5DAFA987E4A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDE93FC4-A3AB-40D5-A460-9FAB720B0386}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F4541C67-BECA-409E-995F-0570BEF870C0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F660B8D2-4C32-4439-9171-DC37992B24CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{684C8B8B-2B34-44E4-B883-2CCC90E5DCE8}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{7CD63D5D-0D39-44C1-A3B0-16CFF43AA29D}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{5BF2AD5E-563C-4399-895D-167AE1FA00A7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{853E47D1-33EF-4636-811C-D8671A8FAC71}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{45DB21FA-B3F4-20D9-A21C-5CDEB23315AC}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}" = HP 3D DriveGuard
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A11B072-9CE7-ABB9-2F65-EC971A7B839D}" = ATI Catalyst Install Manager
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CDD00EB-1DC3-C181-DB3C-F954B2BDAB6D}" = CCC Help Chinese Standard
"{108069CB-B8B1-4858-82A4-E4BD5A749EFB}" = CCC Help Greek
"{118F296E-18AC-AAC1-78F9-B0FF8279D009}" = Catalyst Control Center Graphics Previews Common
"{166E80E3-7B0C-D22C-3EAE-A66860DF48E7}" = CCC Help Danish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B121E56-4949-83AE-B8A7-9D01EBB7CB29}" = CCC Help Italian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20F71B17-008C-43B4-8097-58FB62EA7AB8}" = Nero Kwik Media
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F5BCBDC-7C08-FBC2-31B0-1D83C3247CAD}" = CCC Help Dutch
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41C160D7-9255-A4EB-55FB-FC3D5FE6BED3}" = CCC Help Portuguese
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56709CD7-06E8-B205-56A6-110DC5090A9A}" = PX Profile Update
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A38BA9E-D1B3-E7C2-F3B9-623359AFEDAA}" = CCC Help Thai
"{602586CF-6ABD-1DBA-641A-959E5A999861}" = CCC Help Chinese Traditional
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7132DF7E-C237-0D66-77A0-F1F378520605}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{751A4ABF-A3BC-AA70-3252-C285F10A265B}" = Catalyst Control Center Localization All
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7A5B032B-CCF0-43BE-D0B9-28FFA0B0B034}" = CCC Help Norwegian
"{7F3203C1-25BD-E32E-F470-2332E1AD5EDF}" = Catalyst Control Center Profiles Mobile
"{807CE83D-F17E-5F76-035F-3525EAE8978F}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E719A1-1E6B-B44A-62AC-824E5DDD0415}" = CCC Help Turkish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{949D6B51-10E8-4CD4-A81E-064E38240415}" = Catalyst Control Center - Branding
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9957DA6E-DE8D-0DED-2897-B1F4FBEF300E}" = CCC Help English
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD5C619-D41C-2D47-C2A0-AB02D6C4A7D4}" = CCC Help German
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF405820-19DE-03BA-1B41-0797EA62F213}" = CCC Help Finnish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3CAF031-3289-5C18-149A-C350C0B43D6D}" = Catalyst Control Center InstallProxy
"{B4E7C6D9-8824-147E-721F-004F52D6418E}" = CCC Help Russian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB51D3AF-1115-1676-0D33-CE5BBCCD8B00}" = CCC Help Polish
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E62FA27C-3F19-FC14-424D-F1CEE432604F}" = CCC Help Czech
"{E7F752BB-8B7B-2906-9CD2-8B25CAD7B303}" = CCC Help Spanish
"{E815530E-14D8-E337-3D21-6A1AB5F9DDD9}" = Catalyst Control Center
"{EAFA49E7-56AC-67B2-17E9-75F466884000}" = CCC Help French
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5307A59-A5A2-C48F-BDD3-6C88E83203A6}" = CCC Help Korean
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFCCF57-5102-C54C-778C-C613EC82F647}" = CCC Help Swedish
"7-Zip" = 7-Zip 9.20
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"EasyBits Magic Desktop" = Magic Desktop
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PhotoScape" = PhotoScape
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089497" = Big Rig Europe
"WT089498" = Bejeweled 3
"WT089504" = Final Drive Nitro
"WTA-013a1aa3-9d01-409f-af69-292819f2d8cb" = Etch A Sketch
"WTA-05c7f089-f096-418c-b31a-82b92ff06b5e" = Plant Tycoon
"WTA-06947757-14f6-4d65-9c10-5b8744f37905" = Jane's Zoo
"WTA-07831010-c1df-41e4-a21d-8cc3c678ba20" = Alice and the Magic Gardens
"WTA-1cde722a-8681-4684-a59e-35a3718f7b21" = Animal Genius
"WTA-2c8c4f7c-48fa-43ed-875d-8ca6b01e24f7" = Fish Tycoon
"WTA-3402c332-32d2-4744-b1b5-08c0de4eac51" = Aquapolis
"WTA-52b953c5-9ce9-47a2-a434-b80fcc149c96" = Feeding Frenzy 2
"WTA-58d1e043-b83f-47b7-bad3-2e9b4697f2ab" = The Wonderful End of the World
"WTA-5a651c7e-3f61-4242-9a52-59bdee743b92" = Mushroom Age
"WTA-5aca96d4-2964-4a8f-9fdd-56bfd3c12faf" = World Mosaics
"WTA-5ad24434-ab05-4124-824e-6b40cbbaf8ab" = Farm Frenzy: Gone Fishing
"WTA-5f050021-1960-417a-890a-c7760b6c1074" = ZIMO
"WTA-6e9365a7-e18d-46b6-950e-f90208cdb77d" = World Riddles 3
"WTA-78d265b6-2c23-45c7-b8eb-54a90dd58c3d" = Feeding Frenzy
"WTA-7a1b29e5-2fd9-482f-a425-9b07d80674a0" = World Mosaics 3 - Fairy Tales
"WTA-7dd7eab0-3728-496d-a53a-63dd732fcb51" = Zooloretto
"WTA-7de34c64-aab4-4da3-b441-fca830ce605e" = Super Collapse Puzzle Gallery 2
"WTA-86356223-1030-4d21-8ba5-fbfea7509d10" = Island Tribe 3
"WTA-870c3317-e4a4-47d0-b20c-02c91cebf13c" = Fluttabyes
"WTA-8edde34b-06ce-403f-b55c-a19b6709380d" = World Riddles 2: Seven Wonders
"WTA-905d6b8b-fb0a-495a-9fac-4f6d6989b08a" = World Mosaics 2
"WTA-ac6b3683-ecde-4d6d-9d44-10f1a7121a73" = Plan N Plant
"WTA-b889a14e-15b3-42cd-8d0b-4279fe8afd87" = World Mosaics 5
"WTA-cd9f7fec-f5db-48be-a1f8-3b6023181fe5" = Jigsaw World
"WTA-d94c4b22-32ec-445f-92a1-17b8a508899a" = Tropical Fish Shop 2
"WTA-dd5753cb-e89f-4171-98a8-b321598dfd6c" = Wandering Willows
"WTA-dd60b523-65bc-410f-8025-d488b95d5775" = Hobby Farm
"WTA-e742bd28-d0c2-4590-a559-12dfac00b7d8" = Snowy - Fish Frenzy
"WTA-ee89064f-7a16-4549-8027-50a067835190" = World Mosaics 4
"WTA-ff7337be-50b9-4532-a456-fcb09e0963de" = Shop it Up!
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = CrowdStar Gamebar Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2012 15:58:30 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.05.2012 10:58:06 | Computer Name = NatschoLap | Source = WinMgmt | ID = 10
Description =
 
Error - 17.05.2012 13:39:01 | Computer Name = NatschoLap | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_Microsoft Setup Bootstrapper,
 Version: 14.0.6010.1000, Zeitstempel: 0x4cc9a3bd  Name des fehlerhaften Moduls: ole32.dll,
 Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0003bc21  ID des fehlerhaften Prozesses: 0x26e4  Startzeit der fehlerhaften Anwendung:
 0x01cd3453ef5a069a  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common
 Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 2fe100a3-a047-11e1-b06b-402cf424ef88
 
Error - 17.05.2012 14:34:27 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.05.2012 14:34:27 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.05.2012 14:34:27 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.05.2012 14:34:27 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.05.2012 14:34:27 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 17.05.2012 14:34:27 | Computer Name = NatschoLap | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
 
Error - 18.05.2012 10:28:55 | Computer Name = NatschoLap | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 19.02.2012 13:08:38 | Computer Name = NatschoLap | Source = HPSF.exe | ID = 4000
Description =
 
Error - 04.03.2012 02:48:19 | Computer Name = NatschoLap | Source = HPSF.exe | ID = 4000
Description =
 
Error - 04.03.2012 02:48:39 | Computer Name = NatschoLap | Source = HPSF.exe | ID = 4000
Description =
 
Error - 04.03.2012 02:48:39 | Computer Name = NatschoLap | Source = HPSF.exe | ID = 4000
Description =
 
[ HP Connection Manager Events ]
Error - 29.05.2012 17:11:55 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/29 23:11:55.328|00000A6C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 29.05.2012 17:11:57 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/29 23:11:57.075|00000A6C|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 30.05.2012 16:50:40 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/30 22:50:40.569|00001374|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 30.05.2012 16:50:41 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/30 22:50:41.049|00001374|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 30.05.2012 16:50:45 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/30 22:50:45.729|00001374|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 31.05.2012 17:14:00 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/31 23:14:00.247|00001588|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 31.05.2012 17:14:06 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/05/31 23:14:06.203|00001588|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 01.06.2012 19:38:52 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/06/02 01:38:52.142|00000AE4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 01.06.2012 19:38:53 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/06/02 01:38:53.188|00000AE4|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 02.06.2012 16:24:51 | Computer Name = NatschoLap | Source = hpCMSrv | ID = 5
Description = 2012/06/02 22:24:51.404|00000118|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
[ HP Software Framework Events ]
Error - 08.05.2012 12:15:45 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.08 18:15:45.773|0000104C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 09.05.2012 13:53:03 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.09 19:53:03.620|000014DC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.05.2012 12:36:44 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.10 18:36:44.242|000012B4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10.05.2012 14:08:54 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.10 20:08:54.488|00001348|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11.05.2012 09:15:07 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.11 15:15:07.782|00001AA4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 12.05.2012 09:43:32 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.12 15:43:32.129|00001054|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 12.05.2012 18:42:22 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.13 00:42:22.761|00001594|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 13.05.2012 04:17:13 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.13 10:17:13.003|00001810|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 13.05.2012 04:25:55 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.13 10:25:55.638|00001BEC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 13.05.2012 04:28:13 | Computer Name = NatschoLap | Source = CaslWmi | ID = 5
Description = 2012.05.13 10:28:13.322|00000830|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 15.05.2012 12:19:23 | Computer Name = NatschoLap | Source = bowser | ID = 8003
Description =
 
Error - 15.05.2012 12:31:22 | Computer Name = NatschoLap | Source = bowser | ID = 8003
Description =
 
Error - 15.05.2012 15:14:39 | Computer Name = NatschoLap | Source = bowser | ID = 8003
Description =
 
Error - 15.05.2012 15:36:55 | Computer Name = NatschoLap | Source = bowser | ID = 8003
Description =
 
Error - 16.05.2012 15:58:24 | Computer Name = NatschoLap | Source = DCOM | ID = 10010
Description =
 
Error - 17.05.2012 14:34:47 | Computer Name = NatschoLap | Source = DCOM | ID = 10010
Description =
 
Error - 17.05.2012 14:34:50 | Computer Name = NatschoLap | Source = DCOM | ID = 10010
Description =
 
Error - 17.05.2012 14:35:20 | Computer Name = NatschoLap | Source = DCOM | ID = 10010
Description =
 
Error - 20.05.2012 14:52:56 | Computer Name = NatschoLap | Source = bowser | ID = 8003
Description =
 
Error - 22.05.2012 15:29:17 | Computer Name = NatschoLap | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

Hoffe es ist alles richtig so :D kennen uns nicht aus leider
Hoffnungsvolle Grüße JJ

cosinus 05.06.2012 20:46
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

TeiTei 06.06.2012 12:04
Hi danke für deine Antwort
Neues hat sich leider nicht daraus ergeben.


Der Lappi ist nur im Abgesicherten modus startbar den normal kommt ja immer der BKA Trojaner, Firewall avira und co. sind dabei automatisch schon aus und eine verbindung zum internet ist dabei nicht möglich.

Ich habe allerdings bei meinen schon oben Geposteten Logs nicht als Admin. ausgeführt.
Dies habe ich nachgeholt und es kam leider das selbe ergebniss heraus 0 befunde :(

cosinus 06.06.2012 14:35
Du musst ja auch den abgesicherten Modus mit Netzwerktreibern nehmen, damit sich Malwarebytes aktualisieren lässt! Dann machst du einen neuen Vollscan

TeiTei 06.06.2012 16:26
Ohhh Sry vielmals wie gesagt icch kenne mich nicht gut aus :)
habe es gemacht und hier der Log.

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Natscho :: NATSCHOLAP [Administrator]

Schutz: Deaktiviert

06.06.2012 17:06:40
mbam-log-2012-06-06 (17-06-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207733
Laufzeit: 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\AMService (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Ransom) -> Daten: C:\Users\Natscho\AppData\Local\Temp\ahlwuxuaqr.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AMService (Trojan.Ransom) -> Daten: C:\Windows\system32\xotmksushimhgcdutwmuxt.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\Natscho\AppData\Local\Temp\ahlwuxuaqr.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\xotmksushimhgcdutwmuxt.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\hnpjepoiox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Natscho\AppData\Local\Temp\hnpjepoiox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Natscho\AppData\Local\Temp\ndbdwjmetgdbnqkluk.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Natscho\AppData\Local\Temp\wugxypvyhionuaypvnrtr.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Natscho\AppData\Local\Temp\xotmksushimhgcdutwmuxt.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Natscho\AppData\Local\Temp\ydzpndobqaeeyjr.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Eset ist am laufen ich werde es wenn es in 1-2 stunden fertig ist als edit hinzufügen.

habe leider keine Edit möglichkeit hier der Log :kloppen:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be3d58d7454c004f9fcf5f4db4370128
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-06 03:37:09
# local_time=2012-06-06 05:37:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 7843956 7843956 0 0
# compatibility_mode=5893 16776574 100 94 12802010 90625903 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# scanned=4139
# found=0
# cleaned=0
# scan_time=989
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be3d58d7454c004f9fcf5f4db4370128
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-06 05:25:02
# local_time=2012-06-06 07:25:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 7844971 7844971 0 0
# compatibility_mode=5893 16776574 100 94 12803025 90626918 0 0
# compatibility_mode=8192 67108863 100 0 1134 1134 0 0
# scanned=294639
# found=4
# cleaned=0
# scan_time=6446
C:\Documents and Settings\Natscho\AppData\Local\Temp\jar_cache2053993580204280175.tmp        a variant of Java/Exploit.CVE-2012-0507.AN trojan (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\WildGames\World Riddles 3\TimeTravel.exe        a variant of Win32/Kryptik.BCY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\WildTangent Games\Games\WorldRiddles2SevenWonders\Wonders.exe        a variant of Win32/Kryptik.BCY trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Natscho\AppData\Local\Temp\jar_cache2053993580204280175.tmp        a variant of Java/Exploit.CVE-2012-0507.AN trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 07.06.2012 10:32
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

TeiTei 07.06.2012 14:42
Oki habe ich gemacht hier nochmal der neue aktualisierte vollscann

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Natscho :: NATSCHOLAP [Administrator]

Schutz: Aktiviert

07.06.2012 14:13:37
mbam-log-2012-06-07 (14-13-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455390
Laufzeit: 1 Stunde(n), 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 07.06.2012 15:35
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

TeiTei 07.06.2012 20:55
Ja es Funktioniert alles wieder normal
und wie es aussieht fehlt dem ganzen auch nichts :D

cosinus 07.06.2012 21:38
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

TeiTei 08.06.2012 07:26
Und hier der nächste streich also da hab ich erstrecht 0 überblick :D

cosinus 08.06.2012 10:13
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{4681C72A-45CA-481E-82D2-0276A6F1C9AA}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/12
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{4681C72A-45CA-481E-82D2-0276A6F1C9AA}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{3A57E546-FB36-4434-BD99-17D0696A9C67}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS&o=16205&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=QR&apn_dtid=YYYYYYYYCH&apn_uid=828202C0-192C-4298-9B19-72E202ED57CC&apn_sauid=5730FE22-C441-48BE-813A-29358C81C163
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{4681C72A-45CA-481E-82D2-0276A6F1C9AA}: "URL" = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
@Alternate Data Stream - 24 bytes -> C:\Windows:104B6B72E9AD5006
:Files
C:\Program Files (x86)\Ask.com
C:\ProgramData\Application Data\Application Data
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

TeiTei 08.06.2012 16:16
Ich weiß nicht ob wir nun ein Problem haben oder alles ok is :(

Also ich habe alles wie gesagt wurde gemacht doch das programm zeigte länger keine reaktion und keine rückmeldung also habe ich es per Taskmanager geschlossen und probiert OTL neu zu öffnen da es nicht reagierte habe ich einen neustart ausgeführt.

Wenn ich jetzt OTL starte meldet sich die Benutzerkonteneinstellung
ich wollte die meldung screenen und dort bemerkte ich das doch programme fehlen die meine freundin nicht in betracht gezogen hat bei dem nachsehen zB.
Paint und der Rechner fehlen.
In der Meldung steht:

"Möchten sie zulassen, dass durch das folgende Programm von einem unbekannten Herausgeber Änderungen vorgenommen werden?"

Programme:OTL.exe
Herausgeber: Unbekannt
Dateiursprung: Festplatte auf diesem Computer

Ich habe auf ja geklickt und währen ich hier schreibe hab ich gerade gesehen das OTL ein neues log hier aufgeploppt hat (Anhang)

hoffe es ist so trozdem alles ok ...

LG JJ

cosinus 08.06.2012 17:37
Wir brauchen ein neues OTL-Log. Irgendwie war bei dir ein einer Stelle ein ziemlich inkonsistentes Chaos :eek:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

TeiTei 13.06.2012 08:48
Sry ich konnte lange nichs machen.
Also das Problem ist diese meldung kommt immer wenn ich OTL öffnen möchte es kommt also erst garnicht zu der möglichkeit ein OTL Scan zu machen -.-
EDIT: nun geht es wieder

OTL Logfile:
Code:
OTL logfile created on: 13.06.2012 09:48:58 - Run 3
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Natscho\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 58,61% Memory free
7,90 Gb Paging File | 5,89 Gb Available in Paging File | 74,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 342,56 Gb Free Space | 76,99% Space Free | Partition Type: NTFS
Drive D: | 20,51 Gb Total Space | 2,16 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
 
Computer Name: NATSCHOLAP | User Name: Natscho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Natscho\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9781fa053a605fae45d9ef57126760f6\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B74E371-9185-40B5-8D1E-5E180337D8FD}: DhcpNameServer = 172.168.51.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3E35D88-2D8C-46CA-A394-D6F536883884}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 09:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.08 17:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.06.08 17:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.06.08 16:39:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.08 07:44:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Natscho\Desktop\OTL.exe
[2012.06.06 17:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Malwarebytes
[2012.06.03 20:38:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 18:53:55 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\vlc
[2012.05.30 18:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.05.28 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Local\LogMeIn Hamachi
[2012.05.28 19:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.05.28 13:47:22 | 000,000,000 | ---D | C] -- C:\Users\Natscho\Desktop\Death Note (2006) ANiME Complete DL x264 - FallenA
[2012.05.25 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.13 09:52:24 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 09:52:24 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 09:51:44 | 003,140,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 09:51:44 | 000,695,108 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.06.13 09:51:44 | 000,689,786 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.06.13 09:51:44 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 09:51:44 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 09:51:44 | 000,130,560 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.06.13 09:51:44 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 09:51:44 | 000,127,564 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.06.13 09:51:44 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 09:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 09:44:29 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 08:23:40 | 000,028,487 | ---- | M] () -- C:\Users\Natscho\Desktop\OTL.zip
[2012.06.06 17:05:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 20:48:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Natscho\Desktop\OTL.exe
[2012.06.03 20:47:23 | 000,001,584 | ---- | M] () -- C:\Users\Natscho\Desktop\Dokument.rtf
[2012.05.30 18:53:48 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.30 18:53:22 | 022,259,528 | ---- | M] () -- C:\Users\Natscho\Desktop\vlc-2.0.1-win32.exe
[2012.05.28 13:47:55 | 000,000,206 | ---- | M] () -- C:\Users\Natscho\Documents\PWOOptions.ini
[2012.05.28 01:59:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNatscho.job
[2012.05.28 01:57:36 | 537,189,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.26 10:34:14 | 000,416,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.25 16:59:30 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.05.23 18:05:16 | 001,653,799 | ---- | M] () -- C:\Users\Natscho\Desktop\IMG_0942.JPG
[2012.05.23 18:04:23 | 001,511,942 | ---- | M] () -- C:\Users\Natscho\Desktop\IMG_0945.JPG
[2012.05.18 19:13:35 | 000,000,905 | ---- | M] () -- C:\Users\Natscho\Desktop\TestingCheatsEnabled true.contact
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.08 08:23:40 | 000,028,487 | ---- | C] () -- C:\Users\Natscho\Desktop\OTL.zip
[2012.06.03 20:47:23 | 000,001,584 | ---- | C] () -- C:\Users\Natscho\Desktop\Dokument.rtf
[2012.06.03 20:38:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 18:53:48 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.30 18:53:10 | 022,259,528 | ---- | C] () -- C:\Users\Natscho\Desktop\vlc-2.0.1-win32.exe
[2012.05.25 16:59:30 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.05.23 18:04:52 | 001,653,799 | ---- | C] () -- C:\Users\Natscho\Desktop\IMG_0942.JPG
[2012.05.23 18:04:01 | 001,511,942 | ---- | C] () -- C:\Users\Natscho\Desktop\IMG_0945.JPG
[2012.05.18 19:13:35 | 000,000,905 | ---- | C] () -- C:\Users\Natscho\Desktop\TestingCheatsEnabled true.contact
[2012.04.16 19:47:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.04.16 19:47:07 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2012.04.15 13:18:15 | 003,182,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.26 14:28:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.20 16:43:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.20 16:32:56 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.20 16:31:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.20 16:31:44 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.20 16:31:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.20 16:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.20 16:31:42 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.20 16:31:42 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.20 16:28:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.09.03 21:31:15 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

< End of report >
--- --- ---

[/Code]
So hier der neuste :D

cosinus 13.06.2012 09:37
Das war jetzt aber kein CustomScan :(

TeiTei 13.06.2012 17:39
OTL Logfile:
Code:
OTL logfile created on: 13.06.2012 18:23:22 - Run 4
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Natscho\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,65% Memory free
7,90 Gb Paging File | 5,85 Gb Available in Paging File | 74,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,95 Gb Total Space | 342,50 Gb Free Space | 76,98% Space Free | Partition Type: NTFS
Drive D: | 20,51 Gb Total Space | 2,16 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
 
Computer Name: NATSCHOLAP | User Name: Natscho | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.03 20:48:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Natscho\Desktop\OTL.exe
PRC - [2012.05.08 20:23:53 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:23:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:23:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.22 12:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011.03.03 14:31:48 | 000,969,216 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011.02.17 23:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011.02.17 23:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011.01.27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.13 04:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 17:57:00 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9781fa053a605fae45d9ef57126760f6\IAStorUtil.ni.dll
MOD - [2012.05.12 17:57:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2012.05.12 15:49:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 15:46:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.12 15:46:07 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.12 15:45:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 15:45:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 15:45:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 15:45:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 15:45:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.04 06:29:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.03.03 14:09:44 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2011.03.03 14:09:40 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.05.07 21:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012.05.08 20:23:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:23:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.03.11 12:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.03.01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.17 23:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011.02.15 16:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011.01.13 04:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.29 20:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 20:23:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:23:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.04.25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.20 16:37:01 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.04 06:53:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.09.04 06:53:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.07 21:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.07 20:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.15 06:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.11 12:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.13 02:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.17 04:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 20:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.07.28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.07.20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3726544439-3805714386-2428701163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B74E371-9185-40B5-8D1E-5E180337D8FD}: DhcpNameServer = 172.168.51.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3E35D88-2D8C-46CA-A394-D6F536883884}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 09:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.06.13 09:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.08 17:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.06.08 17:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.06.08 16:39:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.08 07:44:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Natscho\Desktop\OTL.exe
[2012.06.06 17:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Malwarebytes
[2012.06.03 20:38:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 18:53:55 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\vlc
[2012.05.30 18:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.05.28 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Local\LogMeIn Hamachi
[2012.05.28 19:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.05.28 13:47:22 | 000,000,000 | ---D | C] -- C:\Users\Natscho\Desktop\Death Note (2006) ANiME Complete DL x264 - FallenA
[2012.05.25 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.13 18:24:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 18:24:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 18:21:36 | 003,140,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 18:21:36 | 000,695,108 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.06.13 18:21:36 | 000,689,786 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.06.13 18:21:36 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 18:21:36 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 18:21:36 | 000,130,560 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.06.13 18:21:36 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 18:21:36 | 000,127,564 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.06.13 18:21:36 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 18:16:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 18:16:02 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 08:23:40 | 000,028,487 | ---- | M] () -- C:\Users\Natscho\Desktop\OTL.zip
[2012.06.06 17:05:28 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 20:48:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Natscho\Desktop\OTL.exe
[2012.06.03 20:47:23 | 000,001,584 | ---- | M] () -- C:\Users\Natscho\Desktop\Dokument.rtf
[2012.05.30 18:53:48 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.30 18:53:22 | 022,259,528 | ---- | M] () -- C:\Users\Natscho\Desktop\vlc-2.0.1-win32.exe
[2012.05.28 13:47:55 | 000,000,206 | ---- | M] () -- C:\Users\Natscho\Documents\PWOOptions.ini
[2012.05.28 01:59:39 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNatscho.job
[2012.05.28 01:57:36 | 537,189,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.26 10:34:14 | 000,416,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.25 16:59:30 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.05.23 18:05:16 | 001,653,799 | ---- | M] () -- C:\Users\Natscho\Desktop\IMG_0942.JPG
[2012.05.23 18:04:23 | 001,511,942 | ---- | M] () -- C:\Users\Natscho\Desktop\IMG_0945.JPG
[2012.05.18 19:13:35 | 000,000,905 | ---- | M] () -- C:\Users\Natscho\Desktop\TestingCheatsEnabled true.contact
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.08 08:23:40 | 000,028,487 | ---- | C] () -- C:\Users\Natscho\Desktop\OTL.zip
[2012.06.03 20:47:23 | 000,001,584 | ---- | C] () -- C:\Users\Natscho\Desktop\Dokument.rtf
[2012.06.03 20:38:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 18:53:48 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.30 18:53:10 | 022,259,528 | ---- | C] () -- C:\Users\Natscho\Desktop\vlc-2.0.1-win32.exe
[2012.05.25 16:59:30 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2012.05.23 18:04:52 | 001,653,799 | ---- | C] () -- C:\Users\Natscho\Desktop\IMG_0942.JPG
[2012.05.23 18:04:01 | 001,511,942 | ---- | C] () -- C:\Users\Natscho\Desktop\IMG_0945.JPG
[2012.05.18 19:13:35 | 000,000,905 | ---- | C] () -- C:\Users\Natscho\Desktop\TestingCheatsEnabled true.contact
[2012.04.16 19:47:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.04.16 19:47:07 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2012.04.15 13:18:15 | 003,182,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.26 14:28:33 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.20 16:43:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.20 16:32:56 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.20 16:31:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.20 16:31:44 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.20 16:31:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.20 16:31:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.20 16:31:42 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.20 16:31:42 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.20 16:28:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.09.03 21:31:15 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.03.03 22:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012.01.15 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\.minecraft
[2012.01.10 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\IDT
[2012.05.10 20:02:45 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Origin
[2012.01.19 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\PhotoScape
[2012.01.12 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\playmink
[2012.01.08 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Playrix Entertainment
[2012.04.16 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Playtinum
[2012.04.25 12:14:19 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\SoftGrid Client
[2012.01.07 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Synaptics
[2012.04.15 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\TP
[2012.04.07 21:35:04 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\UseNeXT
[2012.04.09 12:56:37 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.15 21:33:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Adobe
[2012.01.07 16:18:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Anwendungsdaten
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Application Data
[2012.06.08 17:00:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\ATI
[2012.03.07 23:28:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Avira
[2012.06.13 09:44:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Hewlett-Packard
[2012.06.13 09:47:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Malwarebytes
[2012.06.13 10:00:55 | 000,000,000 | --SD | M] -- C:\ProgramData\Application Data\Microsoft
[2012.06.13 10:00:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Microsoft Help
[2012.06.08 17:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Nero
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AcrobatUpdater.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARM.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\AdobeARMHelper.exe
File not found -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_10.0.0\21529\ReaderUpdater.exe
 
< %APPDATA%\*. >
[2012.01.15 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\.minecraft
[2012.01.15 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Adobe
[2012.01.07 17:24:44 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\ATI
[2012.03.08 00:33:41 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Avira
[2012.01.12 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\CyberLink
[2012.01.30 18:29:47 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Hewlett-Packard
[2012.02.12 17:20:12 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\hpqlog
[2012.01.07 17:23:16 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Identities
[2012.01.10 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\IDT
[2012.01.07 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Intel Corporation
[2012.01.07 17:26:15 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Macromedia
[2012.06.03 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Malwarebytes
[2011.11.21 02:23:24 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Media Center Programs
[2012.06.13 10:00:05 | 000,000,000 | --SD | M] -- C:\Users\Natscho\AppData\Roaming\Microsoft
[2012.03.26 14:06:39 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Microsoft Games
[2012.03.26 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Nero
[2012.05.10 20:02:45 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Origin
[2012.01.19 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\PhotoScape
[2012.01.12 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\playmink
[2012.01.08 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Playrix Entertainment
[2012.04.16 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Playtinum
[2012.06.13 18:17:40 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Skype
[2012.04.25 12:14:19 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\SoftGrid Client
[2012.01.07 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\Synaptics
[2012.04.15 13:18:46 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\TP
[2012.04.07 21:35:04 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\UseNeXT
[2012.06.01 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Natscho\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.05.10 19:38:50 | 000,010,134 | R--- | M] () -- C:\Users\Natscho\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.09.04 06:53:28 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.09.04 06:53:28 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.09.04 06:53:28 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.09.04 06:53:28 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.09.04 06:53:28 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.09.04 06:53:28 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.09.04 06:53:28 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.09.04 06:53:28 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---


Sry das ich so ein schwerer fall bin ... also nun das gewünschte

cosinus 13.06.2012 20:46
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

TeiTei 18.06.2012 12:21
So ich war die letzten 4 Tage in interlaken auf dem greenfield (Rock open air) entschuldigung dass ich nun erst schreibe also hier wieder der report :D

Code:
13:15:17.0284 4780        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
13:15:17.0393 4780        ============================================================
13:15:17.0393 4780        Current date / time: 2012/06/18 13:15:17.0393
13:15:17.0393 4780        SystemInfo:
13:15:17.0393 4780       
13:15:17.0393 4780        OS Version: 6.1.7601 ServicePack: 1.0
13:15:17.0393 4780        Product type: Workstation
13:15:17.0393 4780        ComputerName: NATSCHOLAP
13:15:17.0393 4780        UserName: Natscho
13:15:17.0393 4780        Windows directory: C:\Windows
13:15:17.0393 4780        System windows directory: C:\Windows
13:15:17.0393 4780        Running under WOW64
13:15:17.0393 4780        Processor architecture: Intel x64
13:15:17.0393 4780        Number of processors: 8
13:15:17.0393 4780        Page size: 0x1000
13:15:17.0393 4780        Boot type: Normal boot
13:15:17.0393 4780        ============================================================
13:15:18.0188 4780        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:15:18.0188 4780        ============================================================
13:15:18.0188 4780        \Device\Harddisk0\DR0:
13:15:18.0188 4780        MBR partitions:
13:15:18.0188 4780        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:15:18.0188 4780        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x379E7000
13:15:18.0188 4780        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37A4B000, BlocksNum 0x2907000
13:15:18.0188 4780        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
13:15:18.0188 4780        ============================================================
13:15:18.0313 4780        C: <-> \Device\Harddisk0\DR0\Partition1
13:15:18.0656 4780        D: <-> \Device\Harddisk0\DR0\Partition2
13:15:18.0656 4780        ============================================================
13:15:18.0656 4780        Initialize success
13:15:18.0656 4780        ============================================================
13:15:22.0510 2744        ============================================================
13:15:22.0510 2744        Scan started
13:15:22.0510 2744        Mode: Manual;
13:15:22.0510 2744        ============================================================
13:15:26.0332 2744        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:15:26.0332 2744        1394ohci - ok
13:15:26.0394 2744        Accelerometer  (733ca4df8be48a1009b86fa442551ca4) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:15:26.0394 2744        Accelerometer - ok
13:15:26.0456 2744        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:15:26.0456 2744        ACPI - ok
13:15:26.0488 2744        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:15:26.0488 2744        AcpiPmi - ok
13:15:26.0659 2744        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:15:26.0659 2744        AdobeARMservice - ok
13:15:26.0784 2744        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:15:26.0784 2744        adp94xx - ok
13:15:26.0862 2744        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:15:26.0862 2744        adpahci - ok
13:15:26.0909 2744        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:15:26.0909 2744        adpu320 - ok
13:15:26.0940 2744        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:15:26.0940 2744        AeLookupSvc - ok
13:15:27.0065 2744        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
13:15:27.0065 2744        AESTFilters - ok
13:15:27.0174 2744        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:15:27.0190 2744        AFD - ok
13:15:27.0236 2744        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:15:27.0236 2744        agp440 - ok
13:15:27.0299 2744        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:15:27.0299 2744        ALG - ok
13:15:27.0439 2744        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:15:27.0439 2744        aliide - ok
13:15:27.0517 2744        AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe
13:15:27.0517 2744        AMD External Events Utility - ok
13:15:27.0533 2744        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:15:27.0533 2744        amdide - ok
13:15:27.0611 2744        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:15:27.0611 2744        AmdK8 - ok
13:15:29.0202 2744        amdkmdag        (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys
13:15:29.0483 2744        amdkmdag - ok
13:15:29.0873 2744        amdkmdap        (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys
13:15:29.0904 2744        amdkmdap - ok
13:15:29.0920 2744        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:15:29.0935 2744        AmdPPM - ok
13:15:29.0982 2744        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:15:29.0982 2744        amdsata - ok
13:15:30.0013 2744        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:15:30.0013 2744        amdsbs - ok
13:15:30.0029 2744        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:15:30.0029 2744        amdxata - ok
13:15:30.0216 2744        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:15:30.0216 2744        AntiVirSchedulerService - ok
13:15:30.0294 2744        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:15:30.0294 2744        AntiVirService - ok
13:15:30.0341 2744        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:15:30.0341 2744        AppID - ok
13:15:30.0356 2744        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:15:30.0356 2744        AppIDSvc - ok
13:15:30.0388 2744        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:15:30.0388 2744        Appinfo - ok
13:15:30.0419 2744        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:15:30.0419 2744        arc - ok
13:15:30.0434 2744        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:15:30.0434 2744        arcsas - ok
13:15:30.0466 2744        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:15:30.0466 2744        AsyncMac - ok
13:15:30.0512 2744        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:15:30.0512 2744        atapi - ok
13:15:30.0637 2744        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:15:30.0653 2744        AudioEndpointBuilder - ok
13:15:30.0668 2744        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:15:30.0668 2744        AudioSrv - ok
13:15:30.0746 2744        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:15:30.0746 2744        avgntflt - ok
13:15:30.0778 2744        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:15:30.0778 2744        avipbb - ok
13:15:30.0824 2744        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:15:30.0824 2744        avkmgr - ok
13:15:30.0871 2744        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:15:30.0871 2744        AxInstSV - ok
13:15:30.0965 2744        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:15:30.0965 2744        b06bdrv - ok
13:15:31.0152 2744        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:15:31.0168 2744        b57nd60a - ok
13:15:31.0464 2744        BBSvc          (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:15:31.0480 2744        BBSvc - ok
13:15:32.0104 2744        BCM43XX        (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:15:32.0166 2744        BCM43XX - ok
13:15:32.0384 2744        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:15:32.0400 2744        BDESVC - ok
13:15:32.0462 2744        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:15:32.0462 2744        Beep - ok
13:15:32.0587 2744        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:15:32.0603 2744        BFE - ok
13:15:32.0665 2744        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:15:32.0681 2744        BITS - ok
13:15:32.0759 2744        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:15:32.0759 2744        blbdrive - ok
13:15:32.0821 2744        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:15:32.0821 2744        bowser - ok
13:15:32.0852 2744        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:15:32.0852 2744        BrFiltLo - ok
13:15:32.0884 2744        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:15:32.0884 2744        BrFiltUp - ok
13:15:32.0962 2744        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:15:32.0977 2744        Browser - ok
13:15:33.0008 2744        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:15:33.0024 2744        Brserid - ok
13:15:33.0055 2744        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:15:33.0055 2744        BrSerWdm - ok
13:15:33.0086 2744        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:15:33.0086 2744        BrUsbMdm - ok
13:15:33.0102 2744        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:15:33.0102 2744        BrUsbSer - ok
13:15:33.0164 2744        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:15:33.0164 2744        BthEnum - ok
13:15:33.0196 2744        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:15:33.0196 2744        BTHMODEM - ok
13:15:33.0242 2744        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:15:33.0242 2744        BthPan - ok
13:15:33.0320 2744        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:15:33.0320 2744        BTHPORT - ok
13:15:33.0383 2744        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:15:33.0383 2744        bthserv - ok
13:15:33.0414 2744        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:15:33.0414 2744        BTHUSB - ok
13:15:33.0508 2744        btwampfl        (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
13:15:33.0508 2744        btwampfl - ok
13:15:33.0539 2744        btwaudio        (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
13:15:33.0554 2744        btwaudio - ok
13:15:33.0617 2744        btwavdt        (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
13:15:33.0632 2744        btwavdt - ok
13:15:33.0851 2744        btwdins        (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:15:33.0866 2744        btwdins - ok
13:15:33.0913 2744        btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:15:33.0913 2744        btwl2cap - ok
13:15:33.0913 2744        btwrchid        (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
13:15:33.0913 2744        btwrchid - ok
13:15:33.0960 2744        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:15:33.0960 2744        cdfs - ok
13:15:33.0991 2744        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:15:33.0991 2744        cdrom - ok
13:15:34.0038 2744        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:15:34.0038 2744        CertPropSvc - ok
13:15:34.0069 2744        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:15:34.0069 2744        circlass - ok
13:15:34.0241 2744        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:15:34.0256 2744        CLFS - ok
13:15:34.0381 2744        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:34.0381 2744        clr_optimization_v2.0.50727_32 - ok
13:15:34.0444 2744        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:15:34.0459 2744        clr_optimization_v2.0.50727_64 - ok
13:15:34.0584 2744        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:15:34.0584 2744        clr_optimization_v4.0.30319_32 - ok
13:15:34.0646 2744        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:15:34.0646 2744        clr_optimization_v4.0.30319_64 - ok
13:15:34.0724 2744        clwvd          (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
13:15:34.0724 2744        clwvd - ok
13:15:34.0756 2744        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:15:34.0756 2744        CmBatt - ok
13:15:34.0771 2744        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:15:34.0771 2744        cmdide - ok
13:15:34.0834 2744        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:15:34.0834 2744        CNG - ok
13:15:34.0880 2744        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:15:34.0880 2744        Compbatt - ok
13:15:34.0912 2744        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:15:34.0927 2744        CompositeBus - ok
13:15:34.0927 2744        COMSysApp - ok
13:15:34.0974 2744        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:15:34.0990 2744        crcdisk - ok
13:15:35.0099 2744        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:15:35.0099 2744        CryptSvc - ok
13:15:35.0489 2744        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:15:35.0504 2744        cvhsvc - ok
13:15:35.0614 2744        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:15:35.0629 2744        DcomLaunch - ok
13:15:35.0707 2744        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:15:35.0738 2744        defragsvc - ok
13:15:35.0863 2744        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:15:35.0863 2744        DfsC - ok
13:15:35.0972 2744        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:15:35.0972 2744        Dhcp - ok
13:15:36.0035 2744        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:15:36.0035 2744        discache - ok
13:15:36.0144 2744        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:15:36.0144 2744        Disk - ok
13:15:36.0222 2744        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:15:36.0222 2744        Dnscache - ok
13:15:36.0284 2744        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:15:36.0284 2744        dot3svc - ok
13:15:36.0362 2744        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:15:36.0362 2744        DPS - ok
13:15:36.0440 2744        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:15:36.0440 2744        drmkaud - ok
13:15:36.0737 2744        DXGKrnl        (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys
13:15:36.0784 2744        DXGKrnl - ok
13:15:36.0862 2744        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:15:36.0862 2744        EapHost - ok
13:15:37.0439 2744        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:15:37.0610 2744        ebdrv - ok
13:15:37.0782 2744        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:15:37.0798 2744        EFS - ok
13:15:37.0860 2744        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:15:37.0876 2744        ehRecvr - ok
13:15:37.0891 2744        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:15:37.0907 2744        ehSched - ok
13:15:38.0047 2744        ElbyCDFL        (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
13:15:38.0047 2744        ElbyCDFL - ok
13:15:38.0078 2744        ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:15:38.0078 2744        ElbyCDIO - ok
13:15:38.0141 2744        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:15:38.0141 2744        elxstor - ok
13:15:38.0172 2744        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:15:38.0172 2744        ErrDev - ok
13:15:38.0266 2744        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:15:38.0266 2744        EventSystem - ok
13:15:38.0297 2744        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:15:38.0297 2744        exfat - ok
13:15:38.0328 2744        ezSharedSvc - ok
13:15:38.0344 2744        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:15:38.0344 2744        fastfat - ok
13:15:38.0437 2744        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:15:38.0437 2744        Fax - ok
13:15:38.0468 2744        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:15:38.0468 2744        fdc - ok
13:15:38.0515 2744        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:15:38.0515 2744        fdPHost - ok
13:15:38.0531 2744        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:15:38.0531 2744        FDResPub - ok
13:15:38.0578 2744        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:15:38.0578 2744        FileInfo - ok
13:15:38.0593 2744        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:15:38.0593 2744        Filetrace - ok
13:15:38.0609 2744        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:15:38.0609 2744        flpydisk - ok
13:15:38.0640 2744        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:15:38.0640 2744        FltMgr - ok
13:15:38.0734 2744        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:15:38.0734 2744        FontCache - ok
13:15:38.0843 2744        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:15:38.0843 2744        FontCache3.0.0.0 - ok
13:15:38.0952 2744        FPLService      (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
13:15:38.0952 2744        FPLService - ok
13:15:39.0124 2744        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:15:39.0124 2744        FsDepends - ok
13:15:39.0170 2744        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:15:39.0170 2744        Fs_Rec - ok
13:15:39.0202 2744        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:15:39.0202 2744        fvevol - ok
13:15:39.0264 2744        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:15:39.0280 2744        gagp30kx - ok
13:15:39.0358 2744        GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:15:39.0358 2744        GamesAppService - ok
13:15:39.0436 2744        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:15:39.0451 2744        gpsvc - ok
13:15:39.0498 2744        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:15:39.0498 2744        hamachi - ok
13:15:39.0872 2744        Hamachi2Svc    (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:15:39.0919 2744        Hamachi2Svc - ok
13:15:40.0091 2744        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:15:40.0091 2744        hcw85cir - ok
13:15:40.0184 2744        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:15:40.0184 2744        HdAudAddService - ok
13:15:40.0262 2744        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:15:40.0262 2744        HDAudBus - ok
13:15:40.0278 2744        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:15:40.0278 2744        HidBatt - ok
13:15:40.0294 2744        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:15:40.0294 2744        HidBth - ok
13:15:40.0372 2744        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:15:40.0372 2744        HidIr - ok
13:15:40.0434 2744        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:15:40.0434 2744        hidserv - ok
13:15:40.0481 2744        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:15:40.0481 2744        HidUsb - ok
13:15:40.0528 2744        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:15:40.0543 2744        hkmsvc - ok
13:15:40.0606 2744        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:15:40.0606 2744        HomeGroupListener - ok
13:15:40.0668 2744        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:15:40.0668 2744        HomeGroupProvider - ok
13:15:40.0808 2744        HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:15:40.0808 2744        HP Support Assistant Service - ok
13:15:40.0886 2744        HPClientSvc    (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:15:40.0902 2744        HPClientSvc - ok
13:15:41.0105 2744        hpCMSrv        (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
13:15:41.0120 2744        hpCMSrv - ok
13:15:41.0370 2744        hpdskflt        (bdfe112fa2f3422842e83da631065b37) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:15:41.0370 2744        hpdskflt - ok
13:15:41.0464 2744        hpqwmiex        (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:15:41.0479 2744        hpqwmiex - ok
13:15:41.0510 2744        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:15:41.0510 2744        HpSAMD - ok
13:15:41.0557 2744        hpsrv          (a92d6de158bc0671d9336580f6414044) C:\Windows\system32\Hpservice.exe
13:15:41.0557 2744        hpsrv - ok
13:15:41.0620 2744        HPWMISVC        (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:15:41.0620 2744        HPWMISVC - ok
13:15:41.0698 2744        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:15:41.0698 2744        HTTP - ok
13:15:41.0744 2744        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:15:41.0744 2744        hwpolicy - ok
13:15:41.0838 2744        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:15:42.0166 2744        i8042prt - ok
13:15:42.0290 2744        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
13:15:42.0306 2744        iaStor - ok
13:15:42.0727 2744        IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:15:42.0727 2744        IAStorDataMgrSvc - ok
13:15:42.0821 2744        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:15:42.0883 2744        iaStorV - ok
13:15:42.0961 2744        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:15:42.0961 2744        IDriverT - ok
13:15:43.0258 2744        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:15:43.0273 2744        idsvc - ok
13:15:43.0538 2744        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:15:43.0538 2744        iirsp - ok
13:15:43.0757 2744        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:15:43.0850 2744        IKEEXT - ok
13:15:43.0991 2744        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:15:43.0991 2744        IntcDAud - ok
13:15:44.0053 2744        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:15:44.0053 2744        intelide - ok
13:15:45.0878 2744        intelkmd        (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys
13:15:46.0112 2744        intelkmd - ok
13:15:46.0393 2744        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:15:46.0393 2744        intelppm - ok
13:15:46.0502 2744        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:15:46.0502 2744        IPBusEnum - ok
13:15:46.0580 2744        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:15:46.0580 2744        IpFilterDriver - ok
13:15:46.0658 2744        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:15:46.0690 2744        iphlpsvc - ok
13:15:46.0690 2744        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:15:46.0690 2744        IPMIDRV - ok
13:15:46.0721 2744        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:15:46.0721 2744        IPNAT - ok
13:15:46.0752 2744        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:15:46.0752 2744        IRENUM - ok
13:15:46.0783 2744        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:15:46.0783 2744        isapnp - ok
13:15:46.0799 2744        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:15:46.0799 2744        iScsiPrt - ok
13:15:46.0830 2744        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:15:46.0830 2744        kbdclass - ok
13:15:46.0846 2744        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:15:46.0861 2744        kbdhid - ok
13:15:46.0892 2744        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:46.0892 2744        KeyIso - ok
13:15:46.0955 2744        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:15:47.0002 2744        KSecDD - ok
13:15:47.0033 2744        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:15:47.0033 2744        KSecPkg - ok
13:15:47.0095 2744        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:15:47.0095 2744        ksthunk - ok
13:15:47.0126 2744        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:15:47.0142 2744        KtmRm - ok
13:15:47.0173 2744        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:15:47.0189 2744        LanmanServer - ok
13:15:47.0204 2744        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:15:47.0220 2744        LanmanWorkstation - ok
13:15:47.0251 2744        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:15:47.0251 2744        lltdio - ok
13:15:47.0298 2744        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:15:47.0298 2744        lltdsvc - ok
13:15:47.0360 2744        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:15:47.0360 2744        lmhosts - ok
13:15:47.0501 2744        LMS            (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:15:47.0516 2744        LMS - ok
13:15:47.0579 2744        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:15:47.0579 2744        LSI_FC - ok
13:15:47.0594 2744        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:15:47.0594 2744        LSI_SAS - ok
13:15:47.0610 2744        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:15:47.0610 2744        LSI_SAS2 - ok
13:15:47.0641 2744        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:15:47.0641 2744        LSI_SCSI - ok
13:15:47.0672 2744        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:15:47.0672 2744        luafv - ok
13:15:47.0735 2744        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:15:47.0735 2744        MBAMProtector - ok
13:15:48.0078 2744        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:15:48.0094 2744        MBAMService - ok
13:15:48.0203 2744        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:15:48.0203 2744        Mcx2Svc - ok
13:15:48.0218 2744        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:15:48.0218 2744        megasas - ok
13:15:48.0250 2744        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:15:48.0250 2744        MegaSR - ok
13:15:48.0312 2744        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:15:48.0312 2744        MEIx64 - ok
13:15:48.0421 2744        Microsoft SharePoint Workspace Audit Service - ok
13:15:48.0468 2744        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:15:48.0484 2744        MMCSS - ok
13:15:48.0499 2744        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:15:48.0499 2744        Modem - ok
13:15:48.0515 2744        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:15:48.0515 2744        monitor - ok
13:15:48.0546 2744        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:15:48.0546 2744        mouclass - ok
13:15:48.0593 2744        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:15:48.0593 2744        mouhid - ok
13:15:48.0624 2744        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:15:48.0640 2744        mountmgr - ok
13:15:48.0671 2744        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:15:48.0686 2744        mpio - ok
13:15:48.0702 2744        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:15:48.0702 2744        mpsdrv - ok
13:15:48.0749 2744        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:15:48.0764 2744        MpsSvc - ok
13:15:48.0796 2744        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:15:48.0796 2744        MRxDAV - ok
13:15:48.0827 2744        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:15:48.0827 2744        mrxsmb - ok
13:15:48.0874 2744        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:15:48.0889 2744        mrxsmb10 - ok
13:15:48.0905 2744        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:15:48.0905 2744        mrxsmb20 - ok
13:15:48.0936 2744        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:15:48.0936 2744        msahci - ok
13:15:48.0967 2744        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:15:48.0967 2744        msdsm - ok
13:15:49.0014 2744        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:15:49.0014 2744        MSDTC - ok
13:15:49.0045 2744        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:15:49.0045 2744        Msfs - ok
13:15:49.0092 2744        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:15:49.0092 2744        mshidkmdf - ok
13:15:49.0108 2744        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:15:49.0108 2744        msisadrv - ok
13:15:49.0123 2744        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:15:49.0123 2744        MSiSCSI - ok
13:15:49.0139 2744        msiserver - ok
13:15:49.0170 2744        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:15:49.0170 2744        MSKSSRV - ok
13:15:49.0186 2744        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:15:49.0186 2744        MSPCLOCK - ok
13:15:49.0232 2744        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:15:49.0232 2744        MSPQM - ok
13:15:49.0279 2744        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:15:49.0279 2744        MsRPC - ok
13:15:49.0310 2744        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:15:49.0310 2744        mssmbios - ok
13:15:49.0342 2744        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:15:49.0342 2744        MSTEE - ok
13:15:49.0357 2744        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:15:49.0357 2744        MTConfig - ok
13:15:49.0373 2744        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:15:49.0373 2744        Mup - ok
13:15:49.0451 2744        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:15:49.0466 2744        napagent - ok
13:15:49.0576 2744        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:15:49.0576 2744        NativeWifiP - ok
13:15:49.0763 2744        NAUpdate        (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
13:15:49.0778 2744        NAUpdate - ok
13:15:49.0888 2744        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:15:49.0903 2744        NDIS - ok
13:15:49.0934 2744        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:15:49.0934 2744        NdisCap - ok
13:15:49.0950 2744        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:15:49.0950 2744        NdisTapi - ok
13:15:49.0997 2744        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:15:49.0997 2744        Ndisuio - ok
13:15:50.0028 2744        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:15:50.0028 2744        NdisWan - ok
13:15:50.0059 2744        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:15:50.0059 2744        NDProxy - ok
13:15:50.0090 2744        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:15:50.0090 2744        NetBIOS - ok
13:15:50.0122 2744        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:15:50.0122 2744        NetBT - ok
13:15:50.0231 2744        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:50.0231 2744        Netlogon - ok
13:15:50.0371 2744        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:15:50.0371 2744        Netman - ok
13:15:50.0402 2744        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:15:50.0418 2744        netprofm - ok
13:15:50.0558 2744        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:15:50.0558 2744        NetTcpPortSharing - ok
13:15:50.0652 2744        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:15:50.0652 2744        nfrd960 - ok
13:15:50.0714 2744        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:15:50.0714 2744        NlaSvc - ok
13:15:50.0746 2744        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:15:50.0746 2744        Npfs - ok
13:15:50.0777 2744        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:15:50.0777 2744        nsi - ok
13:15:50.0792 2744        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:15:50.0792 2744        nsiproxy - ok
13:15:50.0917 2744        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:15:50.0933 2744        Ntfs - ok
13:15:51.0104 2744        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:15:51.0104 2744        Null - ok
13:15:51.0167 2744        nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:15:51.0167 2744        nusb3hub - ok
13:15:51.0198 2744        nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:15:51.0198 2744        nusb3xhc - ok
13:15:51.0260 2744        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:15:51.0260 2744        NVENETFD - ok
13:15:51.0307 2744        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:15:51.0307 2744        nvraid - ok
13:15:51.0338 2744        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:15:51.0338 2744        nvstor - ok
13:15:51.0354 2744        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:15:51.0354 2744        nv_agp - ok
13:15:51.0370 2744        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:15:51.0370 2744        ohci1394 - ok
13:15:51.0557 2744        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:51.0557 2744        ose - ok
13:15:52.0462 2744        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:15:52.0602 2744        osppsvc - ok
13:15:52.0742 2744        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:15:52.0758 2744        p2pimsvc - ok
13:15:52.0805 2744        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:15:52.0805 2744        p2psvc - ok
13:15:52.0898 2744        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:15:52.0898 2744        Parport - ok
13:15:52.0930 2744        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:15:52.0930 2744        partmgr - ok
13:15:52.0961 2744        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:15:52.0976 2744        PcaSvc - ok
13:15:53.0008 2744        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:15:53.0008 2744        pci - ok
13:15:53.0023 2744        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:15:53.0023 2744        pciide - ok
13:15:53.0148 2744        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:15:53.0164 2744        pcmcia - ok
13:15:53.0226 2744        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:15:53.0226 2744        pcw - ok
13:15:53.0413 2744        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:15:53.0476 2744        PEAUTH - ok
13:15:53.0866 2744        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:15:53.0866 2744        PerfHost - ok
13:15:54.0209 2744        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:15:54.0240 2744        pla - ok
13:15:54.0614 2744        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:15:54.0661 2744        PlugPlay - ok
13:15:54.0677 2744        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:15:54.0692 2744        PNRPAutoReg - ok
13:15:54.0770 2744        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:15:54.0786 2744        PNRPsvc - ok
13:15:54.0958 2744        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:15:54.0973 2744        PolicyAgent - ok
13:15:55.0036 2744        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:15:55.0036 2744        Power - ok
13:15:55.0160 2744        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:15:55.0160 2744        PptpMiniport - ok
13:15:55.0207 2744        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:15:55.0207 2744        Processor - ok
13:15:55.0348 2744        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:15:55.0363 2744        ProfSvc - ok
13:15:55.0613 2744        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:55.0613 2744        ProtectedStorage - ok
13:15:55.0972 2744        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:15:55.0972 2744        Psched - ok
13:15:56.0206 2744        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:15:56.0253 2744        ql2300 - ok
13:15:56.0596 2744        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:15:56.0596 2744        ql40xx - ok
13:15:56.0643 2744        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:15:56.0643 2744        QWAVE - ok
13:15:56.0658 2744        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:15:56.0674 2744        QWAVEdrv - ok
13:15:56.0689 2744        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:15:56.0689 2744        RasAcd - ok
13:15:56.0721 2744        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:15:56.0721 2744        RasAgileVpn - ok
13:15:56.0752 2744        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:15:56.0752 2744        RasAuto - ok
13:15:56.0767 2744        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:15:56.0767 2744        Rasl2tp - ok
13:15:56.0814 2744        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:15:56.0830 2744        RasMan - ok
13:15:56.0877 2744        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:15:56.0877 2744        RasPppoe - ok
13:15:56.0955 2744        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:15:56.0955 2744        RasSstp - ok
13:15:56.0986 2744        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:15:56.0986 2744        rdbss - ok
13:15:57.0001 2744        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:15:57.0001 2744        rdpbus - ok
13:15:57.0033 2744        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:15:57.0033 2744        RDPCDD - ok
13:15:57.0064 2744        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:15:57.0064 2744        RDPENCDD - ok
13:15:57.0111 2744        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:15:57.0111 2744        RDPREFMP - ok
13:15:57.0220 2744        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:15:57.0220 2744        RDPWD - ok
13:15:57.0251 2744        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:15:57.0251 2744        rdyboost - ok
13:15:57.0282 2744        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:15:57.0298 2744        RemoteAccess - ok
13:15:57.0345 2744        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:15:57.0345 2744        RemoteRegistry - ok
13:15:57.0407 2744        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:15:57.0407 2744        RFCOMM - ok
13:15:57.0438 2744        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:15:57.0438 2744        RpcEptMapper - ok
13:15:57.0469 2744        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:15:57.0469 2744        RpcLocator - ok
13:15:57.0610 2744        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:15:57.0610 2744        RpcSs - ok
13:15:57.0703 2744        RSPCIESTOR      (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
13:15:57.0703 2744        RSPCIESTOR - ok
13:15:57.0891 2744        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:15:57.0891 2744        rspndr - ok
13:15:57.0937 2744        RTL8167        (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:15:57.0953 2744        RTL8167 - ok
13:15:57.0984 2744        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:57.0984 2744        SamSs - ok
13:15:58.0047 2744        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:15:58.0047 2744        sbp2port - ok
13:15:58.0109 2744        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:15:58.0125 2744        SCardSvr - ok
13:15:58.0140 2744        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:15:58.0140 2744        scfilter - ok
13:15:58.0296 2744        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:15:58.0359 2744        Schedule - ok
13:15:58.0421 2744        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:15:58.0421 2744        SCPolicySvc - ok
13:15:58.0530 2744        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
13:15:58.0546 2744        sdbus - ok
13:15:58.0624 2744        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:15:58.0639 2744        SDRSVC - ok
13:15:58.0983 2744        SeaPort        (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:15:58.0983 2744        SeaPort - ok
13:15:59.0076 2744        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:15:59.0076 2744        secdrv - ok
13:15:59.0092 2744        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:15:59.0107 2744        seclogon - ok
13:15:59.0154 2744        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:15:59.0154 2744        SENS - ok
13:15:59.0185 2744        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:15:59.0185 2744        SensrSvc - ok
13:15:59.0217 2744        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:15:59.0232 2744        Serenum - ok
13:15:59.0248 2744        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:15:59.0248 2744        Serial - ok
13:15:59.0310 2744        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:15:59.0326 2744        sermouse - ok
13:15:59.0357 2744        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:15:59.0373 2744        SessionEnv - ok
13:15:59.0404 2744        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:15:59.0404 2744        sffdisk - ok
13:15:59.0404 2744        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:15:59.0404 2744        sffp_mmc - ok
13:15:59.0419 2744        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:15:59.0419 2744        sffp_sd - ok
13:15:59.0482 2744        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:15:59.0482 2744        sfloppy - ok
13:15:59.0607 2744        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:15:59.0622 2744        Sftfs - ok
13:15:59.0747 2744        sftlist        (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:15:59.0747 2744        sftlist - ok
13:16:00.0090 2744        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:16:00.0106 2744        Sftplay - ok
13:16:00.0137 2744        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:16:00.0137 2744        Sftredir - ok
13:16:00.0184 2744        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:16:00.0184 2744        Sftvol - ok
13:16:00.0231 2744        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:16:00.0231 2744        sftvsa - ok
13:16:00.0324 2744        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:16:00.0324 2744        SharedAccess - ok
13:16:00.0402 2744        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:16:00.0418 2744        ShellHWDetection - ok
13:16:00.0465 2744        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:16:00.0465 2744        SiSRaid2 - ok
13:16:00.0496 2744        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:16:00.0496 2744        SiSRaid4 - ok
13:16:00.0543 2744        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:16:00.0558 2744        Smb - ok
13:16:00.0636 2744        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:16:00.0636 2744        SNMPTRAP - ok
13:16:00.0667 2744        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:16:00.0667 2744        spldr - ok
13:16:00.0777 2744        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:16:00.0777 2744        Spooler - ok
13:16:01.0385 2744        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:16:01.0463 2744        sppsvc - ok
13:16:01.0650 2744        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:16:01.0650 2744        sppuinotify - ok
13:16:01.0728 2744        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:16:01.0728 2744        srv - ok
13:16:01.0869 2744        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:16:01.0884 2744        srv2 - ok
13:16:01.0931 2744        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:16:01.0931 2744        SrvHsfHDA - ok
13:16:02.0056 2744        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:16:02.0056 2744        SrvHsfV92 - ok
13:16:02.0555 2744        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:16:02.0602 2744        SrvHsfWinac - ok
13:16:02.0711 2744        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:16:02.0742 2744        srvnet - ok
13:16:02.0836 2744        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:16:02.0851 2744        SSDPSRV - ok
13:16:02.0867 2744        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:16:02.0867 2744        SstpSvc - ok
13:16:03.0101 2744        STacSV          (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
13:16:03.0117 2744        STacSV - ok
13:16:03.0179 2744        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:16:03.0179 2744        stexstor - ok
13:16:03.0366 2744        STHDA          (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
13:16:03.0382 2744        STHDA - ok
13:16:03.0553 2744        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:16:03.0569 2744        stisvc - ok
13:16:03.0600 2744        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:16:03.0600 2744        swenum - ok
13:16:03.0709 2744        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:16:03.0725 2744        swprv - ok
13:16:04.0006 2744        SynTP          (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
13:16:04.0037 2744        SynTP - ok
13:16:04.0614 2744        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:16:04.0661 2744        SysMain - ok
13:16:04.0926 2744        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:16:04.0926 2744        TabletInputService - ok
13:16:05.0004 2744        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:16:05.0067 2744        TapiSrv - ok
13:16:05.0113 2744        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:16:05.0129 2744        TBS - ok
13:16:05.0519 2744        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:16:05.0581 2744        Tcpip - ok
13:16:06.0205 2744        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:16:06.0221 2744        TCPIP6 - ok
13:16:06.0455 2744        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:16:06.0471 2744        tcpipreg - ok
13:16:06.0502 2744        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:16:06.0502 2744        TDPIPE - ok
13:16:06.0533 2744        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:16:06.0720 2744        TDTCP - ok
13:16:06.0767 2744        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:16:06.0767 2744        tdx - ok
13:16:06.0798 2744        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:16:06.0798 2744        TermDD - ok
13:16:06.0876 2744        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:16:06.0892 2744        TermService - ok
13:16:06.0954 2744        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:16:06.0970 2744        Themes - ok
13:16:06.0985 2744        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:16:06.0985 2744        THREADORDER - ok
13:16:07.0017 2744        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:16:07.0017 2744        TrkWks - ok
13:16:07.0079 2744        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:16:07.0079 2744        TrustedInstaller - ok
13:16:07.0297 2744        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:07.0297 2744        tssecsrv - ok
13:16:07.0344 2744        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:16:07.0360 2744        TsUsbFlt - ok
13:16:07.0360 2744        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:16:07.0360 2744        TsUsbGD - ok
13:16:07.0391 2744        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:16:07.0407 2744        tunnel - ok
13:16:07.0422 2744        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:16:07.0422 2744        uagp35 - ok
13:16:07.0453 2744        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:16:07.0453 2744        udfs - ok
13:16:07.0485 2744        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:16:07.0485 2744        UI0Detect - ok
13:16:07.0516 2744        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:16:07.0516 2744        uliagpkx - ok
13:16:07.0531 2744        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:16:07.0531 2744        umbus - ok
13:16:07.0547 2744        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:16:07.0547 2744        UmPass - ok
13:16:07.0828 2744        UNS            (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:16:07.0843 2744        UNS - ok
13:16:08.0062 2744        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:16:08.0077 2744        upnphost - ok
13:16:08.0171 2744        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:16:08.0171 2744        usbaudio - ok
13:16:08.0202 2744        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:08.0202 2744        usbccgp - ok
13:16:08.0296 2744        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:16:08.0296 2744        usbcir - ok
13:16:08.0374 2744        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:16:08.0374 2744        usbehci - ok
13:16:08.0452 2744        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
13:16:08.0452 2744        usbhub - ok
13:16:08.0467 2744        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:16:08.0467 2744        usbohci - ok
13:16:08.0514 2744        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:16:08.0514 2744        usbprint - ok
13:16:08.0561 2744        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:16:08.0577 2744        usbscan - ok
13:16:08.0592 2744        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:08.0592 2744        USBSTOR - ok
13:16:08.0592 2744        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:16:08.0608 2744        usbuhci - ok
13:16:08.0701 2744        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:16:08.0733 2744        usbvideo - ok
13:16:08.0764 2744        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:16:08.0764 2744        UxSms - ok
13:16:08.0811 2744        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:16:08.0811 2744        VaultSvc - ok
13:16:08.0811 2744        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:16:08.0811 2744        vdrvroot - ok
13:16:08.0842 2744        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:16:08.0857 2744        vds - ok
13:16:08.0904 2744        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:08.0904 2744        vga - ok
13:16:08.0935 2744        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:16:08.0935 2744        VgaSave - ok
13:16:08.0951 2744        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:16:08.0967 2744        vhdmp - ok
13:16:08.0998 2744        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:16:08.0998 2744        viaide - ok
13:16:09.0076 2744        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:16:09.0076 2744        volmgr - ok
13:16:09.0091 2744        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:16:09.0091 2744        volmgrx - ok
13:16:09.0123 2744        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:16:09.0123 2744        volsnap - ok
13:16:09.0138 2744        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:16:09.0154 2744        vsmraid - ok
13:16:09.0232 2744        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:16:09.0247 2744        VSS - ok
13:16:09.0481 2744        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:16:09.0481 2744        vwifibus - ok
13:16:09.0497 2744        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:16:09.0497 2744        vwififlt - ok
13:16:09.0591 2744        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:16:09.0591 2744        W32Time - ok
13:16:09.0622 2744        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:16:09.0622 2744        WacomPen - ok
13:16:09.0669 2744        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:16:09.0669 2744        WANARP - ok
13:16:09.0684 2744        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:16:09.0684 2744        Wanarpv6 - ok
13:16:09.0840 2744        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:16:09.0871 2744        WatAdminSvc - ok
13:16:09.0981 2744        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:16:09.0996 2744        wbengine - ok
13:16:10.0137 2744        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:16:10.0137 2744        WbioSrvc - ok
13:16:10.0215 2744        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:16:10.0215 2744        wcncsvc - ok
13:16:10.0246 2744        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:16:10.0246 2744        WcsPlugInService - ok
13:16:10.0293 2744        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:16:10.0293 2744        Wd - ok
13:16:10.0339 2744        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:16:10.0355 2744        Wdf01000 - ok
13:16:10.0386 2744        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:16:10.0386 2744        WdiServiceHost - ok
13:16:10.0386 2744        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:16:10.0386 2744        WdiSystemHost - ok
13:16:10.0433 2744        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:16:10.0433 2744        WebClient - ok
13:16:10.0464 2744        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:16:10.0464 2744        Wecsvc - ok
13:16:10.0480 2744        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:16:10.0480 2744        wercplsupport - ok
13:16:10.0527 2744        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:16:10.0542 2744        WerSvc - ok
13:16:10.0605 2744        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:16:10.0605 2744        WfpLwf - ok
13:16:10.0620 2744        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:16:10.0620 2744        WIMMount - ok
13:16:10.0792 2744        WinDefend - ok
13:16:10.0807 2744        WinHttpAutoProxySvc - ok
13:16:10.0917 2744        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:16:10.0932 2744        Winmgmt - ok
13:16:11.0322 2744        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:16:11.0385 2744        WinRM - ok
13:16:11.0946 2744        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:16:11.0946 2744        WinUsb - ok
13:16:12.0165 2744        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:16:12.0227 2744        Wlansvc - ok
13:16:12.0367 2744        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:16:12.0367 2744        wlcrasvc - ok
13:16:13.0288 2744        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:16:13.0335 2744        wlidsvc - ok
13:16:13.0537 2744        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:16:13.0537 2744        WmiAcpi - ok
13:16:13.0662 2744        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:16:13.0662 2744        wmiApSrv - ok
13:16:13.0725 2744        WMPNetworkSvc - ok
13:16:14.0068 2744        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:16:14.0068 2744        WPCSvc - ok
13:16:14.0099 2744        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:16:14.0099 2744        WPDBusEnum - ok
13:16:14.0146 2744        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:16:14.0146 2744        ws2ifsl - ok
13:16:14.0193 2744        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:16:14.0193 2744        wscsvc - ok
13:16:14.0193 2744        WSearch - ok
13:16:14.0614 2744        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:16:14.0692 2744        wuauserv - ok
13:16:15.0066 2744        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:16:15.0066 2744        WudfPf - ok
13:16:15.0222 2744        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:15.0222 2744        WUDFRd - ok
13:16:15.0269 2744        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:16:15.0285 2744        wudfsvc - ok
13:16:15.0316 2744        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:16:15.0316 2744        WwanSvc - ok
13:16:15.0456 2744        X6va005 - ok
13:16:15.0503 2744        X6va006 - ok
13:16:15.0581 2744        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:16:16.0065 2744        \Device\Harddisk0\DR0 - ok
13:16:16.0096 2744        Boot (0x1200)  (59f0df8d4c08f8c876a4ecf535ed8a0e) \Device\Harddisk0\DR0\Partition0
13:16:16.0096 2744        \Device\Harddisk0\DR0\Partition0 - ok
13:16:16.0127 2744        Boot (0x1200)  (75b17f8f143845a881bce26303f9a7aa) \Device\Harddisk0\DR0\Partition1
13:16:16.0127 2744        \Device\Harddisk0\DR0\Partition1 - ok
13:16:16.0158 2744        Boot (0x1200)  (f11fa613903ea2b17ca7c9aad28ff740) \Device\Harddisk0\DR0\Partition2
13:16:16.0158 2744        \Device\Harddisk0\DR0\Partition2 - ok
13:16:16.0283 2744        Boot (0x1200)  (3fe1f9c32ce03d27d5e56d867c9acab8) \Device\Harddisk0\DR0\Partition3
13:16:16.0299 2744        \Device\Harddisk0\DR0\Partition3 - ok
13:16:16.0299 2744        ============================================================
13:16:16.0299 2744        Scan finished
13:16:16.0299 2744        ============================================================
13:16:16.0314 4692        Detected object count: 0
13:16:16.0314 4692        Actual detected object count: 0
13:16:52.0584 4756        ============================================================
13:16:52.0584 4756        Scan started
13:16:52.0584 4756        Mode: Manual; SigCheck; TDLFS;
13:16:52.0584 4756        ============================================================
13:16:59.0261 4756        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:16:59.0386 4756        1394ohci - ok
13:16:59.0526 4756        Accelerometer  (733ca4df8be48a1009b86fa442551ca4) C:\Windows\system32\DRIVERS\Accelerometer.sys
13:16:59.0557 4756        Accelerometer - ok
13:16:59.0682 4756        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:16:59.0698 4756        ACPI - ok
13:16:59.0729 4756        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:17:00.0103 4756        AcpiPmi - ok
13:17:00.0197 4756        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:17:00.0228 4756        AdobeARMservice - ok
13:17:00.0322 4756        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:17:00.0353 4756        adp94xx - ok
13:17:00.0431 4756        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:17:00.0462 4756        adpahci - ok
13:17:00.0509 4756        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:17:00.0525 4756        adpu320 - ok
13:17:00.0571 4756        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:17:00.0821 4756        AeLookupSvc - ok
13:17:00.0899 4756        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
13:17:00.0977 4756        AESTFilters - ok
13:17:01.0024 4756        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:17:01.0149 4756        AFD - ok
13:17:01.0211 4756        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:17:01.0227 4756        agp440 - ok
13:17:01.0258 4756        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:17:01.0336 4756        ALG - ok
13:17:01.0351 4756        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:17:01.0367 4756        aliide - ok
13:17:01.0445 4756        AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe
13:17:01.0617 4756        AMD External Events Utility - ok
13:17:01.0632 4756        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:17:01.0663 4756        amdide - ok
13:17:01.0695 4756        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:17:01.0773 4756        AmdK8 - ok
13:17:03.0457 4756        amdkmdag        (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys
13:17:03.0629 4756        amdkmdag - ok
13:17:04.0019 4756        amdkmdap        (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys
13:17:04.0097 4756        amdkmdap - ok
13:17:04.0347 4756        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:17:04.0378 4756        AmdPPM - ok
13:17:04.0487 4756        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:17:04.0518 4756        amdsata - ok
13:17:04.0581 4756        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:17:04.0596 4756        amdsbs - ok
13:17:04.0627 4756        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:17:04.0643 4756        amdxata - ok
13:17:04.0737 4756        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:17:04.0768 4756        AntiVirSchedulerService - ok
13:17:04.0815 4756        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:17:04.0830 4756        AntiVirService - ok
13:17:04.0908 4756        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:17:05.0657 4756        AppID - ok
13:17:05.0751 4756        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:17:05.0829 4756        AppIDSvc - ok
13:17:06.0203 4756        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:17:06.0967 4756        Appinfo - ok
13:17:07.0030 4756        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:17:07.0061 4756        arc - ok
13:17:07.0092 4756        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:17:07.0123 4756        arcsas - ok
13:17:07.0139 4756        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:17:07.0233 4756        AsyncMac - ok
13:17:07.0420 4756        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:17:07.0451 4756        atapi - ok
13:17:07.0591 4756        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:17:07.0685 4756        AudioEndpointBuilder - ok
13:17:07.0685 4756        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:17:07.0747 4756        AudioSrv - ok
13:17:08.0153 4756        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:17:08.0184 4756        avgntflt - ok
13:17:08.0231 4756        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:17:08.0262 4756        avipbb - ok
13:17:08.0325 4756        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:17:08.0356 4756        avkmgr - ok
13:17:08.0465 4756        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:17:08.0621 4756        AxInstSV - ok
13:17:08.0917 4756        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:17:09.0058 4756        b06bdrv - ok
13:17:09.0120 4756        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:17:09.0183 4756        b57nd60a - ok
13:17:09.0354 4756        BBSvc          (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:17:09.0385 4756        BBSvc - ok
13:17:10.0509 4756        BCM43XX        (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:17:10.0555 4756        BCM43XX - ok
13:17:10.0945 4756        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:17:11.0008 4756        BDESVC - ok
13:17:11.0086 4756        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:17:11.0179 4756        Beep - ok
13:17:11.0616 4756        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:17:11.0725 4756        BFE - ok
13:17:11.0928 4756        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:17:12.0131 4756        BITS - ok
13:17:12.0739 4756        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:17:12.0771 4756        blbdrive - ok
13:17:13.0488 4756        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:17:14.0721 4756        bowser - ok
13:17:14.0783 4756        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:17:15.0516 4756        BrFiltLo - ok
13:17:15.0579 4756        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:17:15.0610 4756        BrFiltUp - ok
13:17:15.0672 4756        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:17:15.0813 4756        Browser - ok
13:17:16.0203 4756        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:17:16.0281 4756        Brserid - ok
13:17:16.0390 4756        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:17:16.0452 4756        BrSerWdm - ok
13:17:16.0483 4756        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:17:16.0749 4756        BrUsbMdm - ok
13:17:16.0842 4756        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:17:16.0873 4756        BrUsbSer - ok
13:17:16.0920 4756        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:17:17.0014 4756        BthEnum - ok
13:17:17.0045 4756        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:17:18.0090 4756        BTHMODEM - ok
13:17:18.0433 4756        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:17:18.0480 4756        BthPan - ok
13:17:18.0777 4756        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:17:18.0839 4756        BTHPORT - ok
13:17:18.0886 4756        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:17:18.0964 4756        bthserv - ok
13:17:19.0026 4756        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:17:19.0057 4756        BTHUSB - ok
13:17:19.0213 4756        btwampfl        (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
13:17:19.0260 4756        btwampfl - ok
13:17:19.0307 4756        btwaudio        (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
13:17:19.0323 4756        btwaudio - ok
13:17:19.0401 4756        btwavdt        (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
13:17:19.0416 4756        btwavdt - ok
13:17:20.0399 4756        btwdins        (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:17:20.0477 4756        btwdins - ok
13:17:20.0508 4756        btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:17:20.0524 4756        btwl2cap - ok
13:17:20.0555 4756        btwrchid        (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
13:17:20.0571 4756        btwrchid - ok
13:17:20.0680 4756        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:17:20.0820 4756        cdfs - ok
13:17:20.0898 4756        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:17:20.0945 4756        cdrom - ok
13:17:20.0992 4756        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:17:21.0070 4756        CertPropSvc - ok
13:17:21.0101 4756        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:17:21.0148 4756        circlass - ok
13:17:21.0366 4756        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:17:21.0413 4756        CLFS - ok
13:17:21.0569 4756        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:17:21.0616 4756        clr_optimization_v2.0.50727_32 - ok
13:17:22.0333 4756        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:17:22.0349 4756        clr_optimization_v2.0.50727_64 - ok
13:17:22.0505 4756        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:17:22.0536 4756        clr_optimization_v4.0.30319_32 - ok
13:17:22.0661 4756        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:17:22.0677 4756        clr_optimization_v4.0.30319_64 - ok
13:17:22.0833 4756        clwvd          (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
13:17:22.0848 4756        clwvd - ok
13:17:22.0895 4756        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:17:23.0004 4756        CmBatt - ok
13:17:23.0020 4756        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:17:23.0051 4756        cmdide - ok
13:17:23.0301 4756        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:17:23.0379 4756        CNG - ok
13:17:23.0457 4756        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:17:23.0472 4756        Compbatt - ok
13:17:23.0519 4756        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:17:23.0566 4756        CompositeBus - ok
13:17:23.0566 4756        COMSysApp - ok
13:17:23.0597 4756        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:17:23.0613 4756        crcdisk - ok
13:17:23.0659 4756        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:17:23.0753 4756        CryptSvc - ok
13:17:24.0673 4756        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:17:24.0767 4756        cvhsvc - ok
13:17:24.0985 4756        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:17:25.0079 4756        DcomLaunch - ok
13:17:25.0173 4756        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:17:25.0329 4756        defragsvc - ok
13:17:25.0485 4756        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:17:25.0578 4756        DfsC - ok
13:17:26.0155 4756        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:17:26.0499 4756        Dhcp - ok
13:17:26.0701 4756        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:17:26.0811 4756        discache - ok
13:17:26.0842 4756        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:17:26.0857 4756        Disk - ok
13:17:26.0904 4756        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:17:27.0013 4756        Dnscache - ok
13:17:27.0107 4756        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:17:27.0232 4756        dot3svc - ok
13:17:27.0559 4756        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:17:27.0637 4756        DPS - ok
13:17:27.0700 4756        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:17:27.0747 4756        drmkaud - ok
13:17:29.0197 4756        DXGKrnl        (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys
13:17:29.0291 4756        DXGKrnl - ok
13:17:29.0431 4756        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:17:29.0556 4756        EapHost - ok
13:17:31.0600 4756        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:17:31.0803 4756        ebdrv - ok
13:17:32.0645 4756        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:17:32.0739 4756        EFS - ok
13:17:32.0957 4756        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:17:33.0113 4756        ehRecvr - ok
13:17:33.0222 4756        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:17:33.0253 4756        ehSched - ok
13:17:33.0394 4756        ElbyCDFL        (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
13:17:33.0456 4756        ElbyCDFL - ok
13:17:33.0487 4756        ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:17:33.0519 4756        ElbyCDIO - ok
13:17:33.0612 4756        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:17:33.0643 4756        elxstor - ok
13:17:33.0675 4756        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:17:33.0690 4756        ErrDev - ok
13:17:34.0408 4756        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:17:34.0486 4756        EventSystem - ok
13:17:34.0548 4756        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:17:34.0626 4756        exfat - ok
13:17:34.0626 4756        ezSharedSvc - ok
13:17:34.0657 4756        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:17:34.0767 4756        fastfat - ok
13:17:34.0876 4756        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:17:34.0938 4756        Fax - ok
13:17:34.0985 4756        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:17:35.0047 4756        fdc - ok
13:17:35.0063 4756        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:17:35.0125 4756        fdPHost - ok
13:17:35.0157 4756        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:17:35.0203 4756        FDResPub - ok
13:17:35.0235 4756        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:17:35.0235 4756        FileInfo - ok
13:17:35.0250 4756        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:17:35.0313 4756        Filetrace - ok
13:17:35.0328 4756        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:17:35.0328 4756        flpydisk - ok
13:17:35.0359 4756        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:17:35.0375 4756        FltMgr - ok
13:17:35.0484 4756        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:17:35.0578 4756        FontCache - ok
13:17:35.0656 4756        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:17:35.0671 4756        FontCache3.0.0.0 - ok
13:17:35.0781 4756        FPLService      (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
13:17:35.0890 4756        FPLService - ok
13:17:36.0873 4756        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:17:36.0904 4756        FsDepends - ok
13:17:36.0951 4756        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:17:36.0966 4756        Fs_Rec - ok
13:17:37.0013 4756        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:17:37.0044 4756        fvevol - ok
13:17:37.0122 4756        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:17:37.0138 4756        gagp30kx - ok
13:17:37.0231 4756        GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:17:37.0263 4756        GamesAppService - ok
13:17:37.0387 4756        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:17:37.0434 4756        gpsvc - ok
13:17:37.0497 4756        hamachi        (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:17:37.0497 4756        hamachi - ok
13:17:37.0715 4756        Hamachi2Svc    (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:17:37.0777 4756        Hamachi2Svc - ok
13:17:38.0464 4756        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:17:38.0526 4756        hcw85cir - ok
13:17:38.0604 4756        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:17:38.0667 4756        HdAudAddService - ok
13:17:38.0698 4756        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:17:38.0745 4756        HDAudBus - ok
13:17:38.0776 4756        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:17:38.0807 4756        HidBatt - ok
13:17:38.0823 4756        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:17:38.0869 4756        HidBth - ok
13:17:38.0932 4756        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:17:38.0947 4756        HidIr - ok
13:17:38.0979 4756        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:17:39.0057 4756        hidserv - ok
13:17:39.0072 4756        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:17:39.0088 4756        HidUsb - ok
13:17:39.0150 4756        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:17:39.0228 4756        hkmsvc - ok
13:17:39.0306 4756        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:17:39.0353 4756        HomeGroupListener - ok
13:17:39.0400 4756        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:17:39.0415 4756        HomeGroupProvider - ok
13:17:39.0540 4756        HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:17:39.0540 4756        HP Support Assistant Service - ok
13:17:40.0320 4756        HPClientSvc    (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:17:40.0351 4756        HPClientSvc - ok
13:17:40.0601 4756        hpCMSrv        (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
13:17:40.0695 4756        hpCMSrv - ok
13:17:41.0350 4756        hpdskflt        (bdfe112fa2f3422842e83da631065b37) C:\Windows\system32\DRIVERS\hpdskflt.sys
13:17:41.0412 4756        hpdskflt - ok
13:17:41.0615 4756        hpqwmiex        (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:17:41.0662 4756        hpqwmiex - ok
13:17:41.0709 4756        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:17:41.0709 4756        HpSAMD - ok
13:17:41.0755 4756        hpsrv          (a92d6de158bc0671d9336580f6414044) C:\Windows\system32\Hpservice.exe
13:17:41.0771 4756        hpsrv - ok
13:17:42.0083 4756        HPWMISVC        (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:17:42.0099 4756        HPWMISVC - ok
13:17:42.0145 4756        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:17:42.0239 4756        HTTP - ok
13:17:42.0473 4756        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:17:42.0645 4756        hwpolicy - ok
13:17:42.0910 4756        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:17:42.0925 4756        i8042prt - ok
13:17:43.0019 4756        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
13:17:43.0019 4756        iaStor - ok
13:17:43.0113 4756        IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:17:43.0113 4756        IAStorDataMgrSvc - ok
13:17:44.0751 4756        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:17:44.0813 4756        iaStorV - ok
13:17:45.0031 4756        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:17:45.0125 4756        IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:17:45.0125 4756        IDriverT - detected UnsignedFile.Multi.Generic (1)
13:17:45.0421 4756        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:17:45.0468 4756        idsvc - ok
13:17:46.0841 4756        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:17:46.0857 4756        iirsp - ok
13:17:47.0091 4756        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:17:47.0231 4756        IKEEXT - ok
13:17:47.0278 4756        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:17:47.0325 4756        IntcDAud - ok
13:17:47.0371 4756        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:17:47.0387 4756        intelide - ok
13:17:50.0414 4756        intelkmd        (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys
13:17:50.0788 4756        intelkmd - ok
13:17:51.0194 4756        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:17:51.0240 4756        intelppm - ok
13:17:51.0272 4756        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:17:51.0381 4756        IPBusEnum - ok
13:17:51.0428 4756        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:17:51.0490 4756        IpFilterDriver - ok
13:17:51.0724 4756        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:17:51.0849 4756        iphlpsvc - ok
13:17:51.0927 4756        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:17:52.0020 4756        IPMIDRV - ok
13:17:52.0052 4756        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:17:52.0145 4756        IPNAT - ok
13:17:52.0192 4756        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:17:52.0223 4756        IRENUM - ok
13:17:52.0254 4756        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:17:52.0270 4756        isapnp - ok
13:17:52.0473 4756        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:17:52.0504 4756        iScsiPrt - ok
13:17:52.0582 4756        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:17:52.0613 4756        kbdclass - ok
13:17:52.0629 4756        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:17:52.0707 4756        kbdhid - ok
13:17:52.0832 4756        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:17:52.0863 4756        KeyIso - ok
13:17:52.0910 4756        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:17:52.0941 4756        KSecDD - ok
13:17:53.0003 4756        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:17:53.0034 4756        KSecPkg - ok
13:17:53.0097 4756        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:17:53.0190 4756        ksthunk - ok
13:17:53.0346 4756        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:17:53.0424 4756        KtmRm - ok
13:17:53.0534 4756        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:17:53.0612 4756        LanmanServer - ok
13:17:53.0658 4756        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:17:53.0814 4756        LanmanWorkstation - ok
13:17:54.0204 4756        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:17:54.0298 4756        lltdio - ok
13:17:54.0392 4756        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:17:54.0438 4756        lltdsvc - ok
13:17:54.0563 4756        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:17:54.0641 4756        lmhosts - ok
13:17:54.0828 4756        LMS            (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:17:54.0860 4756        LMS - ok
13:17:54.0891 4756        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:17:54.0922 4756        LSI_FC - ok
13:17:54.0938 4756        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:17:54.0953 4756        LSI_SAS - ok
13:17:54.0984 4756        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:17:55.0000 4756        LSI_SAS2 - ok
13:17:55.0094 4756        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:17:55.0125 4756        LSI_SCSI - ok
13:17:55.0156 4756        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:17:55.0218 4756        luafv - ok
13:17:55.0265 4756        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:17:55.0281 4756        MBAMProtector - ok
13:17:55.0624 4756        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:17:55.0686 4756        MBAMService - ok
13:17:55.0733 4756        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:17:55.0764 4756        Mcx2Svc - ok
13:17:55.0874 4756        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:17:55.0936 4756        megasas - ok
13:17:56.0186 4756        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:17:56.0232 4756        MegaSR - ok
13:17:56.0326 4756        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:17:56.0357 4756        MEIx64 - ok
13:17:56.0451 4756        Microsoft SharePoint Workspace Audit Service - ok
13:17:56.0498 4756        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:17:56.0544 4756        MMCSS - ok
13:17:56.0560 4756        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:17:56.0622 4756        Modem - ok
13:17:56.0638 4756        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:17:56.0654 4756        monitor - ok
13:17:56.0685 4756        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:17:56.0685 4756        mouclass - ok
13:17:56.0716 4756        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:17:56.0732 4756        mouhid - ok
13:17:56.0763 4756        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:17:56.0778 4756        mountmgr - ok
13:17:56.0872 4756        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:17:56.0888 4756        mpio - ok
13:17:56.0919 4756        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:17:57.0028 4756        mpsdrv - ok
13:17:57.0246 4756        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:17:57.0371 4756        MpsSvc - ok
13:17:57.0543 4756        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:17:57.0605 4756        MRxDAV - ok
13:17:57.0636 4756        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:17:57.0699 4756        mrxsmb - ok
13:17:57.0902 4756        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:17:57.0964 4756        mrxsmb10 - ok
13:17:58.0011 4756        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:17:58.0026 4756        mrxsmb20 - ok
13:17:58.0073 4756        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:17:58.0089 4756        msahci - ok
13:17:58.0136 4756        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:17:58.0167 4756        msdsm - ok
13:17:58.0229 4756        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:17:58.0260 4756        MSDTC - ok
13:17:58.0292 4756        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:17:58.0354 4756        Msfs - ok
13:17:58.0401 4756        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:17:58.0448 4756        mshidkmdf - ok
13:17:58.0463 4756        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:17:58.0479 4756        msisadrv - ok
13:17:58.0619 4756        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:17:58.0697 4756        MSiSCSI - ok
13:17:58.0697 4756        msiserver - ok
13:17:58.0760 4756        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:17:58.0853 4756        MSKSSRV - ok
13:17:58.0884 4756        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:17:58.0962 4756        MSPCLOCK - ok
13:17:58.0978 4756        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:17:59.0040 4756        MSPQM - ok
13:17:59.0072 4756        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:17:59.0118 4756        MsRPC - ok
13:17:59.0228 4756        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:17:59.0274 4756        mssmbios - ok
13:17:59.0384 4756        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:17:59.0493 4756        MSTEE - ok
13:17:59.0540 4756        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:17:59.0586 4756        MTConfig - ok
13:17:59.0602 4756        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:17:59.0618 4756        Mup - ok
13:17:59.0711 4756        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:17:59.0820 4756        napagent - ok
13:18:00.0086 4756        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:18:00.0164 4756        NativeWifiP - ok
13:18:00.0382 4756        NAUpdate        (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
13:18:00.0429 4756        NAUpdate - ok
13:18:00.0554 4756        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:18:00.0647 4756        NDIS - ok
13:18:00.0710 4756        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:18:00.0803 4756        NdisCap - ok
13:18:00.0834 4756        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:18:00.0881 4756        NdisTapi - ok
13:18:00.0912 4756        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:18:00.0959 4756        Ndisuio - ok
13:18:01.0068 4756        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:18:01.0146 4756        NdisWan - ok
13:18:01.0178 4756        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:18:01.0224 4756        NDProxy - ok
13:18:01.0240 4756        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:18:01.0287 4756        NetBIOS - ok
13:18:01.0583 4756        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:18:01.0677 4756        NetBT - ok
13:18:01.0724 4756        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:18:01.0770 4756        Netlogon - ok
13:18:02.0285 4756        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:18:02.0426 4756        Netman - ok
13:18:02.0519 4756        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:18:02.0582 4756        netprofm - ok
13:18:02.0691 4756        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:18:02.0722 4756        NetTcpPortSharing - ok
13:18:03.0112 4756        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:18:03.0143 4756        nfrd960 - ok
13:18:03.0252 4756        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:18:03.0362 4756        NlaSvc - ok
13:18:03.0393 4756        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:18:03.0440 4756        Npfs - ok
13:18:03.0502 4756        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:18:03.0596 4756        nsi - ok
13:18:03.0627 4756        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:18:03.0674 4756        nsiproxy - ok
13:18:04.0454 4756        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:18:04.0594 4756        Ntfs - ok
13:18:05.0062 4756        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:18:05.0124 4756        Null - ok
13:18:05.0171 4756        nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:18:05.0218 4756        nusb3hub - ok
13:18:05.0265 4756        nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:18:05.0327 4756        nusb3xhc - ok
13:18:05.0421 4756        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:18:05.0561 4756        NVENETFD - ok
13:18:05.0686 4756        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:18:05.0717 4756        nvraid - ok
13:18:06.0060 4756        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:18:06.0107 4756        nvstor - ok
13:18:06.0170 4756        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:18:06.0185 4756        nv_agp - ok
13:18:06.0216 4756        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:18:06.0248 4756        ohci1394 - ok
13:18:06.0388 4756        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:18:06.0404 4756        ose - ok
13:18:07.0823 4756        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:18:07.0901 4756        osppsvc - ok
13:18:08.0603 4756        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:18:08.0666 4756        p2pimsvc - ok
13:18:08.0712 4756        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:18:08.0744 4756        p2psvc - ok
13:18:08.0822 4756        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:18:08.0853 4756        Parport - ok
13:18:08.0915 4756        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:18:08.0931 4756        partmgr - ok
13:18:08.0962 4756        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:18:09.0009 4756        PcaSvc - ok
13:18:09.0118 4756        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:18:09.0134 4756        pci - ok
13:18:09.0165 4756        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:18:09.0180 4756        pciide - ok
13:18:09.0227 4756        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:18:09.0258 4756        pcmcia - ok
13:18:09.0274 4756        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:18:09.0305 4756        pcw - ok
13:18:09.0414 4756        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:18:09.0492 4756        PEAUTH - ok
13:18:09.0617 4756        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:18:09.0648 4756        PerfHost - ok
13:18:10.0070 4756        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:18:10.0241 4756        pla - ok
13:18:10.0740 4756        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:18:10.0834 4756        PlugPlay - ok
13:18:10.0881 4756        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:18:10.0943 4756        PNRPAutoReg - ok
13:18:11.0052 4756        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:18:11.0099 4756        PNRPsvc - ok
13:18:11.0224 4756        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:18:11.0349 4756        PolicyAgent - ok
13:18:11.0583 4756        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:18:11.0692 4756        Power - ok
13:18:11.0801 4756        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:18:11.0895 4756        PptpMiniport - ok
13:18:11.0942 4756        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:18:11.0957 4756        Processor - ok
13:18:12.0004 4756        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:18:12.0051 4756        ProfSvc - ok
13:18:12.0113 4756        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:18:12.0144 4756        ProtectedStorage - ok
13:18:12.0410 4756        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:18:12.0488 4756        Psched - ok
13:18:12.0690 4756        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:18:12.0753 4756        ql2300 - ok
13:18:12.0987 4756        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:18:13.0002 4756        ql40xx - ok
13:18:13.0221 4756        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:18:13.0268 4756        QWAVE - ok
13:18:13.0283 4756        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:18:13.0314 4756        QWAVEdrv - ok
13:18:13.0330 4756        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:18:13.0408 4756        RasAcd - ok
13:18:13.0455 4756        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:18:13.0486 4756        RasAgileVpn - ok
13:18:13.0517 4756        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:18:13.0595 4756        RasAuto - ok
13:18:13.0611 4756        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:18:13.0658 4756        Rasl2tp - ok
13:18:13.0736 4756        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:18:13.0798 4756        RasMan - ok
13:18:14.0048 4756        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:18:14.0141 4756        RasPppoe - ok
13:18:14.0172 4756        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:18:14.0204 4756        RasSstp - ok
13:18:14.0313 4756        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:18:14.0500 4756        rdbss - ok
13:18:14.0516 4756        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:18:14.0562 4756        rdpbus - ok
13:18:14.0594 4756        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:18:14.0656 4756        RDPCDD - ok
13:18:14.0703 4756        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:18:14.0765 4756        RDPENCDD - ok
13:18:14.0843 4756        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:18:14.0906 4756        RDPREFMP - ok
13:18:14.0968 4756        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:18:15.0077 4756        RDPWD - ok
13:18:15.0140 4756        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:18:15.0171 4756        rdyboost - ok
13:18:15.0249 4756        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:18:15.0342 4756        RemoteAccess - ok
13:18:15.0389 4756        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:18:15.0498 4756        RemoteRegistry - ok
13:18:15.0561 4756        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:18:15.0639 4756        RFCOMM - ok
13:18:15.0701 4756        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:18:15.0779 4756        RpcEptMapper - ok
13:18:15.0998 4756        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:18:16.0029 4756        RpcLocator - ok
13:18:16.0325 4756        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:18:16.0403 4756        RpcSs - ok
13:18:16.0512 4756        RSPCIESTOR      (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
13:18:16.0559 4756        RSPCIESTOR - ok
13:18:16.0668 4756        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:18:16.0746 4756        rspndr - ok
13:18:16.0934 4756        RTL8167        (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:18:16.0965 4756        RTL8167 - ok
13:18:17.0043 4756        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:18:17.0090 4756        SamSs - ok
13:18:17.0214 4756        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:18:17.0246 4756        sbp2port - ok
13:18:17.0324 4756        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:18:17.0433 4756        SCardSvr - ok
13:18:17.0448 4756        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:18:17.0511 4756        scfilter - ok
13:18:17.0729 4756        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:18:17.0854 4756        Schedule - ok
13:18:18.0104 4756        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:18:18.0166 4756        SCPolicySvc - ok
13:18:18.0556 4756        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
13:18:18.0603 4756        sdbus - ok
13:18:18.0681 4756        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:18:18.0743 4756        SDRSVC - ok
13:18:19.0055 4756        SeaPort        (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:18:19.0086 4756        SeaPort - ok
13:18:19.0149 4756        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:18:19.0211 4756        secdrv - ok
13:18:19.0289 4756        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:18:19.0352 4756        seclogon - ok
13:18:19.0383 4756        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:18:19.0445 4756        SENS - ok
13:18:19.0476 4756        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:18:19.0554 4756        SensrSvc - ok
13:18:19.0601 4756        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:18:19.0632 4756        Serenum - ok
13:18:19.0679 4756        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:18:19.0726 4756        Serial - ok
13:18:19.0851 4756        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:18:19.0882 4756        sermouse - ok
13:18:19.0960 4756        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:18:20.0054 4756        SessionEnv - ok
13:18:20.0069 4756        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:18:20.0085 4756        sffdisk - ok
13:18:20.0100 4756        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:18:20.0132 4756        sffp_mmc - ok
13:18:20.0147 4756        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:18:20.0194 4756        sffp_sd - ok
13:18:20.0272 4756        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:18:20.0319 4756        sfloppy - ok
13:18:20.0459 4756        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:18:20.0522 4756        Sftfs - ok
13:18:20.0787 4756        sftlist        (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:18:20.0834 4756        sftlist - ok
13:18:21.0161 4756        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:18:21.0192 4756        Sftplay - ok
13:18:21.0426 4756        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:18:21.0442 4756        Sftredir - ok
13:18:21.0489 4756        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:18:21.0520 4756        Sftvol - ok
13:18:21.0551 4756        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:18:21.0582 4756        sftvsa - ok
13:18:21.0645 4756        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:18:21.0723 4756        SharedAccess - ok
13:18:21.0816 4756        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:18:21.0941 4756        ShellHWDetection - ok
13:18:21.0957 4756        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:18:21.0972 4756        SiSRaid2 - ok
13:18:22.0019 4756        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:18:22.0035 4756        SiSRaid4 - ok
13:18:22.0113 4756        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:18:22.0175 4756        Smb - ok
13:18:22.0269 4756        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:18:22.0300 4756        SNMPTRAP - ok
13:18:22.0456 4756        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:18:22.0503 4756        spldr - ok
13:18:22.0659 4756        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:18:22.0784 4756        Spooler - ok
13:18:23.0626 4756        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:18:23.0860 4756        sppsvc - ok
13:18:24.0110 4756        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:18:24.0188 4756        sppuinotify - ok
13:18:24.0328 4756        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:18:24.0437 4756        srv - ok
13:18:24.0640 4756        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:18:24.0827 4756        srv2 - ok
13:18:24.0874 4756        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:18:24.0890 4756        SrvHsfHDA - ok
13:18:25.0124 4756        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:18:25.0248 4756        SrvHsfV92 - ok
13:18:25.0670 4756        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:18:25.0716 4756        SrvHsfWinac - ok
13:18:25.0763 4756        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:18:25.0810 4756        srvnet - ok
13:18:25.0919 4756        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:18:25.0997 4756        SSDPSRV - ok
13:18:26.0138 4756        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:18:26.0200 4756        SstpSvc - ok
13:18:26.0418 4756        STacSV          (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
13:18:26.0450 4756        STacSV - ok
13:18:26.0481 4756        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:18:26.0512 4756        stexstor - ok
13:18:26.0637 4756        STHDA          (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
13:18:26.0730 4756        STHDA - ok
13:18:26.0840 4756        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:18:26.0918 4756        stisvc - ok
13:18:27.0042 4756        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:18:27.0074 4756        swenum - ok
13:18:27.0230 4756        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:18:27.0339 4756        swprv - ok
13:18:27.0542 4756        SynTP          (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
13:18:27.0635 4756        SynTP - ok
13:18:28.0322 4756        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:18:28.0462 4756        SysMain - ok
13:18:28.0696 4756        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:18:28.0774 4756        TabletInputService - ok
13:18:29.0039 4756        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:18:29.0164 4756        TapiSrv - ok
13:18:29.0211 4756        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:18:29.0304 4756        TBS - ok
13:18:29.0554 4756        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:18:29.0663 4756        Tcpip - ok
13:18:30.0521 4756        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:18:30.0615 4756        TCPIP6 - ok
13:18:31.0098 4756        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:18:31.0192 4756        tcpipreg - ok
13:18:31.0379 4756        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:18:31.0691 4756        TDPIPE - ok
13:18:31.0738 4756        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:18:31.0847 4756        TDTCP - ok
13:18:31.0910 4756        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:18:31.0972 4756        tdx - ok
13:18:32.0081 4756        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:18:32.0097 4756        TermDD - ok
13:18:32.0268 4756        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:18:32.0424 4756        TermService - ok
13:18:32.0502 4756        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:18:32.0534 4756        Themes - ok
13:18:32.0580 4756        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:18:32.0627 4756        THREADORDER - ok
13:18:32.0674 4756        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:18:32.0768 4756        TrkWks - ok
13:18:32.0892 4756        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:18:32.0970 4756        TrustedInstaller - ok
13:18:33.0126 4756        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:18:33.0204 4756        tssecsrv - ok
13:18:33.0220 4756        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:18:33.0267 4756        TsUsbFlt - ok
13:18:33.0423 4756        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:18:33.0454 4756        TsUsbGD - ok
13:18:33.0501 4756        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:18:33.0594 4756        tunnel - ok
13:18:33.0626 4756        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:18:33.0657 4756        uagp35 - ok
13:18:33.0704 4756        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:18:33.0797 4756        udfs - ok
13:18:34.0078 4756        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:18:34.0109 4756        UI0Detect - ok
13:18:34.0172 4756        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:18:34.0203 4756        uliagpkx - ok
13:18:34.0218 4756        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:18:34.0250 4756        umbus - ok
13:18:34.0281 4756        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:18:34.0312 4756        UmPass - ok
13:18:34.0733 4756        UNS            (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:18:34.0780 4756        UNS - ok
13:18:35.0108 4756        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:18:35.0217 4756        upnphost - ok
13:18:35.0466 4756        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:18:35.0607 4756        usbaudio - ok
13:18:35.0654 4756        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:18:35.0716 4756        usbccgp - ok
13:18:35.0763 4756        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:18:35.0794 4756        usbcir - ok
13:18:35.0872 4756        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:18:35.0966 4756        usbehci - ok
13:18:36.0028 4756        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
13:18:36.0059 4756        usbhub - ok
13:18:36.0075 4756        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:18:36.0122 4756        usbohci - ok
13:18:36.0168 4756        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:18:36.0200 4756        usbprint - ok
13:18:36.0246 4756        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:18:36.0278 4756        usbscan - ok
13:18:36.0590 4756        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:18:36.0668 4756        USBSTOR - ok
13:18:36.0714 4756        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:18:36.0761 4756        usbuhci - ok
13:18:36.0995 4756        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:18:37.0089 4756        usbvideo - ok
13:18:37.0120 4756        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:18:37.0182 4756        UxSms - ok
13:18:37.0214 4756        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:18:37.0214 4756        VaultSvc - ok
13:18:37.0245 4756        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:18:37.0245 4756        vdrvroot - ok
13:18:37.0338 4756        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:18:37.0572 4756        vds - ok
13:18:37.0619 4756        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:18:37.0635 4756        vga - ok
13:18:37.0650 4756        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:18:37.0728 4756        VgaSave - ok
13:18:37.0869 4756        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:18:37.0900 4756        vhdmp - ok
13:18:37.0962 4756        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:18:37.0978 4756        viaide - ok
13:18:38.0056 4756        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:18:38.0072 4756        volmgr - ok
13:18:38.0134 4756        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:18:38.0165 4756        volmgrx - ok
13:18:38.0196 4756        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:18:38.0228 4756        volsnap - ok
13:18:38.0306 4756        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:18:38.0337 4756        vsmraid - ok
13:18:38.0820 4756        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:18:38.0976 4756        VSS - ok
13:18:39.0304 4756        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:18:39.0351 4756        vwifibus - ok
13:18:39.0366 4756        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:18:39.0413 4756        vwififlt - ok
13:18:39.0491 4756        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:18:39.0585 4756        W32Time - ok
13:18:39.0616 4756        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:18:39.0647 4756        WacomPen - ok
13:18:39.0678 4756        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:18:39.0741 4756        WANARP - ok
13:18:39.0741 4756        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:18:39.0756 4756        Wanarpv6 - ok
13:18:40.0053 4756        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:18:40.0162 4756        WatAdminSvc - ok
13:18:40.0505 4756        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:18:40.0708 4756        wbengine - ok
13:18:41.0192 4756        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:18:41.0238 4756        WbioSrvc - ok
13:18:41.0363 4756        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:18:41.0504 4756        wcncsvc - ok
13:18:41.0597 4756        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:18:41.0660 4756        WcsPlugInService - ok
13:18:41.0909 4756        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:18:41.0940 4756        Wd - ok
13:18:42.0440 4756        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:18:42.0580 4756        Wdf01000 - ok
13:18:42.0876 4756        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:18:43.0251 4756        WdiServiceHost - ok
13:18:43.0266 4756        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:18:43.0298 4756        WdiSystemHost - ok
13:18:43.0594 4756        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:18:43.0844 4756        WebClient - ok
13:18:44.0140 4756        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:18:44.0358 4756        Wecsvc - ok
13:18:44.0452 4756        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:18:44.0577 4756        wercplsupport - ok
13:18:44.0686 4756        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:18:44.0764 4756        WerSvc - ok
13:18:44.0936 4756        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:18:45.0014 4756        WfpLwf - ok
13:18:45.0185 4756        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:18:45.0216 4756        WIMMount - ok
13:18:45.0653 4756        WinDefend - ok
13:18:45.0669 4756        WinHttpAutoProxySvc - ok
13:18:46.0464 4756        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:18:46.0511 4756        Winmgmt - ok
13:18:47.0120 4756        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:18:47.0354 4756        WinRM - ok
13:18:48.0414 4756        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:18:48.0446 4756        WinUsb - ok
13:18:48.0617 4756        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:18:48.0742 4756        Wlansvc - ok
13:18:48.0929 4756        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:18:48.0960 4756        wlcrasvc - ok
13:18:49.0538 4756        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:18:49.0584 4756        wlidsvc - ok
13:18:50.0162 4756        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:18:50.0208 4756        WmiAcpi - ok
13:18:50.0302 4756        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:18:50.0349 4756        wmiApSrv - ok
13:18:50.0427 4756        WMPNetworkSvc - ok
13:18:50.0458 4756        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:18:50.0520 4756        WPCSvc - ok
13:18:50.0630 4756        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:18:50.0676 4756        WPDBusEnum - ok
13:18:50.0708 4756        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:18:50.0786 4756        ws2ifsl - ok
13:18:50.0832 4756        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:18:50.0879 4756        wscsvc - ok
13:18:50.0879 4756        WSearch - ok
13:18:51.0519 4756        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:18:51.0800 4756        wuauserv - ok
13:18:52.0470 4756        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:18:52.0548 4756        WudfPf - ok
13:18:52.0611 4756        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:18:52.0673 4756        WUDFRd - ok
13:18:52.0767 4756        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:18:52.0860 4756        wudfsvc - ok
13:18:52.0938 4756        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:18:52.0985 4756        WwanSvc - ok
13:18:53.0235 4756        X6va005 - ok
13:18:53.0235 4756        X6va006 - ok
13:18:53.0266 4756        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:18:54.0998 4756        \Device\Harddisk0\DR0 - ok
13:18:55.0013 4756        Boot (0x1200)  (59f0df8d4c08f8c876a4ecf535ed8a0e) \Device\Harddisk0\DR0\Partition0
13:18:55.0013 4756        \Device\Harddisk0\DR0\Partition0 - ok
13:18:55.0044 4756        Boot (0x1200)  (75b17f8f143845a881bce26303f9a7aa) \Device\Harddisk0\DR0\Partition1
13:18:55.0044 4756        \Device\Harddisk0\DR0\Partition1 - ok
13:18:55.0091 4756        Boot (0x1200)  (f11fa613903ea2b17ca7c9aad28ff740) \Device\Harddisk0\DR0\Partition2
13:18:55.0091 4756        \Device\Harddisk0\DR0\Partition2 - ok
13:18:55.0138 4756        Boot (0x1200)  (3fe1f9c32ce03d27d5e56d867c9acab8) \Device\Harddisk0\DR0\Partition3
13:18:55.0138 4756        \Device\Harddisk0\DR0\Partition3 - ok
13:18:55.0138 4756        ============================================================
13:18:55.0138 4756        Scan finished
13:18:55.0138 4756        ============================================================
13:18:55.0154 3772        Detected object count: 1
13:18:55.0154 3772        Actual detected object count: 1
13:19:02.0836 3772        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:02.0836 3772        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
Ganz liebe Grüsse JJ :dankeschoen:

cosinus 18.06.2012 14:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

TeiTei 18.06.2012 17:17
[Code]
Combofix Logfile:
Code:
ComboFix 12-06-16.02 - Natscho 18.06.2012  17:14:56.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.41.1031.18.4044.2254 [GMT 2:00]
ausgeführt von:: c:\users\Natscho\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-18 bis 2012-06-18  ))))))))))))))))))))))))))))))
.
.
2012-06-18 15:52 . 2012-06-18 15:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-13 16:24 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 08:01 . 2012-06-13 08:00        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-13 07:59 . 2012-06-18 11:23        --------        d-----w-        c:\programdata\Microsoft Help
2012-06-13 07:47 . 2012-06-13 07:47        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-08 15:17 . 2012-06-08 15:17        --------        d-----w-        c:\programdata\Nero
2012-06-08 15:00 . 2012-06-08 15:00        --------        d-----w-        c:\programdata\ATI
2012-06-08 14:39 . 2012-06-08 14:39        --------        d-----w-        C:\_OTL
2012-06-06 15:18 . 2012-06-06 15:18        --------        d-----w-        c:\program files (x86)\ESET
2012-06-03 18:38 . 2012-06-03 18:38        --------        d-----w-        c:\users\Natscho\AppData\Roaming\Malwarebytes
2012-06-03 18:38 . 2012-06-06 15:05        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 18:38 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-30 16:53 . 2012-06-01 17:51        --------        d-----w-        c:\users\Natscho\AppData\Roaming\vlc
2012-05-30 16:53 . 2012-05-30 16:53        --------        d-----w-        c:\program files (x86)\VideoLAN
2012-05-28 17:49 . 2012-06-18 15:11        --------        d-----w-        c:\users\Natscho\AppData\Local\LogMeIn Hamachi
2012-05-28 17:49 . 2012-05-28 17:49        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 22:10 . 2012-05-13 22:10        0        ----a-w-        c:\windows\SysWow64\shoE281.tmp
2012-05-12 21:44 . 2012-05-12 21:44        0        ----a-w-        c:\windows\SysWow64\sho9516.tmp
2012-05-08 18:23 . 2012-03-07 21:28        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:23 . 2012-03-07 21:28        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-25 12:02 . 2012-04-25 12:02        43800        ----a-w-        c:\windows\system32\drivers\Accelerometer.sys
2012-04-25 12:02 . 2012-04-25 12:02        31000        ----a-w-        c:\windows\system32\hpservice.exe
2012-04-25 12:02 . 2012-04-25 12:02        21272        ----a-w-        c:\windows\system32\accelerometerdll.DLL
2012-04-25 12:02 . 2012-04-25 12:02        18200        ----a-w-        c:\windows\system32\HPMDPCoInst12.dll
2012-04-25 12:02 . 2011-01-26 15:01        30488        ----a-w-        c:\windows\system32\drivers\hpdskflt.sys
2012-03-30 11:35 . 2012-05-10 16:41        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-3-3 969216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Natscho\AppData\Local\Temp\0056225.tmp [x]
R3 X6va006;X6va006;c:\users\Natscho\AppData\Local\Temp\00620DB.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-27 c:\windows\Tasks\HPCeeScheduleForNatscho.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Natscho\AppData\Local\Temp\0056225.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Natscho\AppData\Local\Temp\00620DB.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ðñ#*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-18  18:03:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-18 16:02
.
Vor Suchlauf: 10 Verzeichnis(se), 367'214'768'128 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 368'620'736'512 Bytes frei
.
- - End Of File - - 1119F590D09A803D1834A90897C66D8D
--- --- ---

cosinus 18.06.2012 21:04
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

TeiTei 19.06.2012 09:24
GMER:

[Code]
GMER Logfile:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-19 10:24:09
Windows 6.1.7601 Service Pack 1
Running: n0vgkkln.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf424ef88                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf424ef88@d45d4225099d        0xCD 0xF0 0x6F 0xE9 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf424ef88@d4e8b2ef9c99        0x21 0xB6 0xF4 0x32 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf424ef88 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf424ef88@d45d4225099d            0xCD 0xF0 0x6F 0xE9 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf424ef88@d4e8b2ef9c99            0x21 0xB6 0xF4 0x32 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

--- --- ---

Osam:

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:31:35 on 19.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForNatscho.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"X6va005" (X6va005) - ? - C:\Users\Natscho\AppData\Local\Temp\0056225.tmp  (File not found)
"X6va006" (X6va006) - ? - C:\Users\Natscho\AppData\Local\Temp\00620DB.tmp  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
"Senden an Bluetooth" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} "TrueSuite Website Log On" - "HP" - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"CloneCDTray" - "SlySoft, Inc." - "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
"Easybits Recovery" - "EasyBits Software AS" - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
"HP Quick Launch" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"HPConnectionManager" - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
"HPOSD" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files (x86)\Nero\Update\NASvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Easybits Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezSharedSvcHost.exe  (File not found)
"GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
"HP Client Services" (HPClientSvc) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
"HP Connection Manager 4.0 Service" (hpCMSrv) - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
"HPWMISVC" (HPWMISVC) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"TrueSuiteService" (FPLService) - "HP" - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
--- --- ---

aswMBR:
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-19 10:56:44
-----------------------------
10:56:44.100    OS Version: Windows x64 6.1.7601 Service Pack 1
10:56:44.100    Number of processors: 8 586 0x2A07
10:56:44.100    ComputerName: NATSCHOLAP  UserName: Natscho
10:56:44.771    Initialze error C000010E - driver not loaded
10:56:44.818    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
10:56:44.911    AVAST engine defs: 12061802
10:57:18.514    Service scanning
10:57:55.923    Modules scanning
10:57:55.923    Disk 0 trace - called modules:
10:57:55.923   
10:57:55.938    Scan finished successfully
10:58:22.333    The log file has been saved successfully to "C:\Users\Natscho\Desktop\aswMBR.txt"

cosinus 19.06.2012 11:27
mit aswMBR ging irgendwas schief. Hast du es per Rechtsklick als Administrator ausgeführt?

TeiTei 19.06.2012 13:19
Zuerst ja dann ist es jedoch abgestürzt
und da ich das fenster nicht schliesen sollte und das aktivierungs symbol unter dem fenster versteckt war, konnte ich es nur mit enter aktivieren

cosinus 19.06.2012 14:40
Probier es bitte nochmal.
Ganz unten zu aswMBR hab ich übrigens noch einen Hinweis gepostet

TeiTei 19.06.2012 15:44
ich hatte auch bei dem ersten mal so wie im hinweiss stehend gehandelt nur es war nicht moeglich es als admin auszufueren da ich nicht mit rechtsklick ran kam :D

diesmal ist es wieder hängen geblieben doch diesmal konnte ich das 2 te öffnen als admin da ich den ordner vorher in die ecke verschob

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-19 10:56:44
-----------------------------
10:56:44.100    OS Version: Windows x64 6.1.7601 Service Pack 1
10:56:44.100    Number of processors: 8 586 0x2A07
10:56:44.100    ComputerName: NATSCHOLAP  UserName: Natscho
10:56:44.771    Initialze error C000010E - driver not loaded
10:56:44.818    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
10:56:44.911    AVAST engine defs: 12061802
10:57:18.514    Service scanning
10:57:55.923    Modules scanning
10:57:55.923    Disk 0 trace - called modules:
10:57:55.923   
10:57:55.938    Scan finished successfully
10:58:22.333    The log file has been saved successfully to "C:\Users\Natscho\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-19 16:38:10
-----------------------------
16:38:10.884    OS Version: Windows x64 6.1.7601 Service Pack 1
16:38:10.884    Number of processors: 8 586 0x2A07
16:38:10.884    ComputerName: NATSCHOLAP  UserName: Natscho
16:38:11.757    Initialze error C000010E - driver not loaded
16:38:11.820    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
16:38:12.069    AVAST engine defs: 12061802
16:38:17.561    Service scanning
16:38:56.405    Modules scanning
16:38:56.405    Disk 0 trace - called modules:
16:38:56.420   
16:38:56.420    Scan finished successfully
16:40:11.098    The log file has been saved successfully to "C:\Users\Natscho\Desktop\aswMBR.txt"

cosinus 19.06.2012 22:04
Heißt das du hast aswMBR jetzt per Rechtsklicks als Admin ausgeführt odre nicht?

TeiTei 20.06.2012 06:40
Korrekt diesmal als admin

cosinus 20.06.2012 09:36
Irgendwie zeigt das Log aber nur Murks an.
Probier aswMBR bitte nochmal im abgesicherten Modus mit Netzwerktreibern aus - und unbedingt per Rechtsklicks als Admin starten

TeiTei 11.07.2012 18:23
Ich muss mich nochmal entschuldigen ich war abwesend und meine freundin hat den lappy währendessen normal weiterbenutzt.
Ich schaue wie ich den abgesichertenmodus starte und werde es machen ...
entschuldigung nochmal


so hier ist es im abgesichertenmodus mit netzwerktreibern

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-19 10:56:44
-----------------------------
10:56:44.100    OS Version: Windows x64 6.1.7601 Service Pack 1
10:56:44.100    Number of processors: 8 586 0x2A07
10:56:44.100    ComputerName: NATSCHOLAP  UserName: Natscho
10:56:44.771    Initialze error C000010E - driver not loaded
10:56:44.818    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
10:56:44.911    AVAST engine defs: 12061802
10:57:18.514    Service scanning
10:57:55.923    Modules scanning
10:57:55.923    Disk 0 trace - called modules:
10:57:55.923   
10:57:55.938    Scan finished successfully
10:58:22.333    The log file has been saved successfully to "C:\Users\Natscho\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-19 16:38:10
-----------------------------
16:38:10.884    OS Version: Windows x64 6.1.7601 Service Pack 1
16:38:10.884    Number of processors: 8 586 0x2A07
16:38:10.884    ComputerName: NATSCHOLAP  UserName: Natscho
16:38:11.757    Initialze error C000010E - driver not loaded
16:38:11.820    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
16:38:12.069    AVAST engine defs: 12061802
16:38:17.561    Service scanning
16:38:56.405    Modules scanning
16:38:56.405    Disk 0 trace - called modules:
16:38:56.420   
16:38:56.420    Scan finished successfully
16:40:11.098    The log file has been saved successfully to "C:\Users\Natscho\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 19:36:36
-----------------------------
19:36:36.213    OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:36.213    Number of processors: 8 586 0x2A07
19:36:36.213    ComputerName: NATSCHOLAP  UserName: Natscho
19:36:38.163    Initialze error C0000061 - driver not loaded
19:36:42.391    AVAST engine defs: 12071101
19:36:44.513    Service scanning
19:37:14.340    Modules scanning
19:37:14.340    Disk 0 trace - called modules:
19:37:14.340   
19:37:15.229    AVAST engine scan C:\Windows
19:37:17.663    AVAST engine scan C:\Windows\system32
19:39:28.687    AVAST engine scan C:\Windows\system32\drivers
19:39:38.593    AVAST engine scan C:\Users\Natscho
19:47:52.989    AVAST engine scan C:\ProgramData
19:48:02.942    Scan finished successfully
19:54:55.703    The log file has been saved successfully to "C:\Users\Natscho\Desktop\aswMBR.txt"

cosinus 11.07.2012 22:32
egal, lassen wir das

Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

TeiTei 12.07.2012 12:34
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Natscho :: NATSCHOLAP [Administrator]

Schutz: Aktiviert

12.07.2012 12:37:45
mbam-log-2012-07-12 (12-37-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216822
Laufzeit: 2 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/12/2012 at 02:31 PM

Application Version : 5.5.1006

Core Rules Database Version : 8888
Trace Rules Database Version: 6700

Scan type      : Complete Scan
Total Scan Time : 00:53:51

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 799
Memory threats detected  : 0
Registry items scanned    : 66933
Registry threats detected : 0
File items scanned        : 63362
File threats detected    : 311

Adware.Tracking Cookie
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\natscho@c.gigcount[1].txt [ /c.gigcount ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\natscho@imrworldwide[2].txt [ /imrworldwide ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\natscho@mm.chitika[2].txt [ /mm.chitika ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WL4D9STW.txt [ /de.sitestat.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\7BQP0PMJ.txt [ /adserver.local.ch ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\DKPQ424Y.txt [ /revsci.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\DTC0XY4N.txt [ /adultfriendfinder.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\HZARVNVJ.txt [ /stats.mobi.ch ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\1YM5WXAL.txt [ /adv.wrzucto.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\HE6ZHPIF.txt [ /ad.adc-serv.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\9DTZU1RP.txt [ /delivery.way2traffic.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WIP1P4JL.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\324ROU4T.txt [ /www.usenext.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\HPO554K1.txt [ /eas.apm.emediate.eu ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\NE4YZ1BZ.txt [ /adultswim.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\8FD0UDN1.txt [ /adform.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\5QLA7Z9X.txt [ /ad.adition.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\8HRJIRHR.txt [ /ads3.net2day.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\1RSKIW1T.txt [ /zanox.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\EBQA7TXN.txt [ /tracking.gameforge.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\B9QUY0C0.txt [ /doubleclick.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\FO8D2ECR.txt [ /adserv.kwick.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\CZ7YDA2D.txt [ /track.socialclicks.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WP1DXL22.txt [ /webmasterplan.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\U2NH7WY0.txt [ /invitemedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZX16J92V.txt [ /smartadserver.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\CFYYY2OE.txt [ /atdmt.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\CLVJ0JSO.txt [ /onlineadtracker.co.uk ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\AF7EVI44.txt [ /tracking.quisma.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\8HXDJ2I1.txt [ /amazon-adsystem.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\OBNWA3R9.txt [ /ad.360yield.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\H7692VF3.txt [ /ads.jinkads.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZS07IWTB.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TQ1WHNDJ.txt [ /stats.ilivid.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\4M79HZ97.txt [ /tracking.novem.pl ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\FI7WAV84.txt [ /ad.ad-srv.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TVEORM8X.txt [ /www.pornhub.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\KIYNHK1E.txt [ /adxpose.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\72KPZY38.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\B5Y0N8MD.txt [ /adbrite.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\OLH3UZ9S.txt [ /track.effiliation.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\VIUZEIDF.txt [ /ads.ad4game.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\FZ5QNJYN.txt [ /zedo.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\C25J30LB.txt [ /collective-media.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WWOM8EI6.txt [ /track.adform.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\HH8UD4F3.txt [ /c.atdmt.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\0K9VIL6P.txt [ /usenext.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\J0V016B5.txt [ /at.atwola.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\9YCO4DY0.txt [ /statcounter.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\KA4SCF2X.txt [ /ads.pubmatic.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\BL0IKX8B.txt [ /www.tldadserv.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\BE0YVUVP.txt [ /serving-sys.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZUU00XDM.txt [ /delivery.way2traffic.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\LLRODYCW.txt [ /delivery.way2traffic.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\VXEV0YCD.txt [ /server.cpmstar.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZSDWJFP7.txt [ /apmebf.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\9P67TYCL.txt [ /ads.adultswim.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\J8WBKQK0.txt [ /forum.usenext.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\QGZXZQOY.txt [ /mediaplex.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\5VGW3XNE.txt [ /toplist.cz ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\8ZBJV5MN.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\0V0KJ5GE.txt [ /lfstmedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\V0V7R2XI.txt [ /counter.hitslink.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\NEEEJ4GT.txt [ /adx.chip.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\129VMZO5.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\F2LHWSCI.txt [ /ads.myswitzerland.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\PX2KM1GK.txt [ /adfarm1.adition.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\GLUCF3US.txt [ /xm.xtendmedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\R36RIRFJ.txt [ /h.atdmt.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\UKDDGDZH.txt [ /ads.net2day.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\2FTCFUSE.txt [ /pornhub.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\5NCVLU3A.txt [ /accounts.google.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\91HA2OFD.txt [ /ad4.adfarm1.adition.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\JZBSS03K.txt [ /lucidmedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\QPJIQ79Q.txt [ /ads4.net2day.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WLCB116D.txt [ /ads.glispa.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\80Y5C0XZ.txt [ /track.effiliation.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\E7NZJ1UU.txt [ /eaeacom.112.2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\5IJT27BW.txt [ /stats.paypal.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\KPVPXDFH.txt [ /de.sitestat.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\GFATM4CG.txt [ /ru4.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\1SOWGNXL.txt [ /microsoftwllivemkt.112.2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\772YQQ3H.txt [ /tribalfusion.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZX6RK5HN.txt [ /conrad.122.2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\DSZ3GSYA.txt [ /adserver.adreactor.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TJIVGF7I.txt [ /ads.whaleads.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\R6DVTQPX.txt [ /www.etracker.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\Z87US6U4.txt [ /bs.serving-sys.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\IZ5O45PP.txt [ /ad.zanox.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\FT2GZDXD.txt [ /azjmp.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\0F38FV5Z.txt [ /track.webtrekk.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\8WAENXLU.txt [ /ads2.net2day.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\L1291FYH.txt [ /myporncomics.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\F2XHOGMP.txt [ /a.revenuemax.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\M7P4F0HX.txt [ /ad.dyntracker.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\T3C2H3R3.txt [ /kabam.postclickmarketing.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\Q14V22AR.txt [ /traffictrack.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\MHJ4UE1Q.txt [ /tradedoubler.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZSGHGGY3.txt [ /in.getclicky.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\KWDZCYAJ.txt [ /statse.webtrendslive.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\F2SRP7OX.txt [ /zbox.zanox.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\Q7T6Z21Q.txt [ /paypal.112.2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\XZRS5AI7.txt [ /casalemedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\3VBZ6PIK.txt [ /www.pixeltrack66.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\GXZTP9RQ.txt [ /ads.intergi.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\YJ3KQK2M.txt [ /vlc-media-player.sd.softonic.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\B4SKC4E3.txt [ /yadro.ru ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ONCO0D1Q.txt [ /exoclick.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\S9R913CG.txt [ /ad.dyntracker.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\SJ2M2B1Z.txt [ /adtech.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\B9W4V5H8.txt [ /ads.saymedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\GP82GU6L.txt [ /2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TH31LW8V.txt [ /ads.webme.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\1ZIVI0SS.txt [ /quartermedia.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\J4QI5E8S.txt [ /adserver.adtechus.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\54D0AWGQ.txt [ /www.adult-empire.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\BED9D84F.txt [ /ad.adnet.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TLV5N3B5.txt [ /liveperson.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\X680ASAM.txt [ /adult-empire.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\QU8MHN77.txt [ /ad.ics-int.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ME97N0GK.txt [ /msnportal.112.2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\V3X01CXU.txt [ /interclick.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\1KW08YH2.txt [ /xiti.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\XRG3142U.txt [ /ads.crowdstar.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\P2Z5GZ9I.txt [ /sexfinder.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\H95350DB.txt [ /media.gan-online.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\749CNAU4.txt [ /hightraffic.hugoboss.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\Q3D9C3IC.txt [ /server.adformdsp.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZHANBF21.txt [ /ads.creative-serving.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\NJ2IKUWE.txt [ /specificclick.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\YA6NS2B5.txt [ /ads.undertone.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TSF1OMA4.txt [ /questionmarket.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WMDSVDBE.txt [ /fastclick.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\GE3UHPGU.txt [ /server.adform.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\OWTZI0BD.txt [ /www.googleadservices.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\35BK3XBA.txt [ /tracking.weinwelt.at ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\EP6AE500.txt [ /track.brighteroption.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\5LJPGRFA.txt [ /advertising.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\AH5BDJV1.txt [ /ads.adk2.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\CBJDK5SG.txt [ /tracking.weinwelt.at ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\MFHOY31Z.txt [ /aim4media.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\7WH9FA1Q.txt [ /ads.247activemedia.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\WH6R3NQR.txt [ /gostats.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\B3R5FZB3.txt [ /adformdsp.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\IPA9YYAO.txt [ /www.netdebit-counter.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\S0MZ49ET.txt [ /ww251.smartadserver.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\7B5RE8YC.txt [ /banner.electronic-arts.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ORTMJNYZ.txt [ /ipcmedia.122.2o7.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\3NH181OG.txt [ /www.3dstats.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\VOQXS6C6.txt [ /adviva.net ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\TSGUUG46.txt [ /zanox-affiliate.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\ZFKT4JLU.txt [ /viewad.exchangecash.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\XT2LBM2U.txt [ /ad.mogelpower.de ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\A04VW7R3.txt [ /bookofsex.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\3EIOZQP8.txt [ /clickfuse.com ]
        C:\Users\Natscho\AppData\Roaming\Microsoft\Windows\Cookies\RWKZC2ON.txt [ /vlc-media-player.softonic.de ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\N257PP7A.txt [ Cookie:natscho@clkads.com/adServe/banners ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\YVNF14LU.txt [ Cookie:natscho@specificclick.net/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Q5JV0PX.txt [ Cookie:natscho@questionmarket.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\VOF16WJ9.txt [ Cookie:natscho@fastclick.net/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\7B6CE02X.txt [ Cookie:natscho@tribalfusion.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8N84YKJW.txt [ Cookie:natscho@eas.apm.emediate.eu/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\1GGYPSI9.txt [ Cookie:natscho@adform.net/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJAPNUN3.txt [ Cookie:natscho@zanox.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\6OB4U95F.txt [ Cookie:natscho@advertising.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\UF6SJZUN.txt [ Cookie:natscho@ad.zanox.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZKGX3VW.txt [ Cookie:natscho@bs.serving-sys.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\K87THAI5.txt [ Cookie:natscho@ad.yieldmanager.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\OGIZ12M1.txt [ Cookie:natscho@a.revenuemax.de/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\7KSK6IMC.txt [ Cookie:natscho@fuckcams.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\6INNBID0.txt [ Cookie:natscho@imrworldwide.com/cgi-bin ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\RSN5C1EF.txt [ Cookie:natscho@invitemedia.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\FA2M3D2L.txt [ Cookie:natscho@smartadserver.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\FIJZI0C6.txt [ Cookie:natscho@tradedoubler.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IRTBLWI.txt [ Cookie:natscho@tracking.quisma.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2GUEK46.txt [ Cookie:natscho@ads.247activemedia.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\UOYGEZ2D.txt [ Cookie:natscho@amazon-adsystem.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\FR89KXV1.txt [ Cookie:natscho@ad1.adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\SVBQ1RBQ.txt [ Cookie:natscho@adxpose.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\FNQE1A7G.txt [ Cookie:natscho@adbrite.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZCPKFZ37.txt [ Cookie:natscho@adtech.de/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\BS1AXHEL.txt [ Cookie:natscho@c.atdmt.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8YAMSNMR.txt [ Cookie:natscho@im.banner.t-online.de/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\XB9ZCPMA.txt [ Cookie:natscho@tomtailor.dyntracker.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\BH3PZ45G.txt [ Cookie:natscho@www.googleadservices.com/pagead/conversion/1032116896/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\686CYKJY.txt [ Cookie:natscho@serving-sys.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\NXLAR8Q0.txt [ Cookie:natscho@apmebf.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\0XXVI4ES.txt [ Cookie:natscho@mediaplex.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\WDZ4DXQ8.txt [ Cookie:natscho@lfstmedia.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IVL1TBM.txt [ Cookie:natscho@ad2.adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8HDFDN65.txt [ Cookie:natscho@adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\RL0AMYZC.txt [ Cookie:natscho@h.atdmt.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\63G3TVIC.txt [ Cookie:natscho@lucidmedia.com/ ]
        C:\USERS\NATSCHO\AppData\Roaming\Microsoft\Windows\Cookies\Low\51BE304U.txt [ Cookie:natscho@toplist.cz/ ]
        C:\USERS\NATSCHO\Cookies\WL4D9STW.txt [ Cookie:natscho@de.sitestat.com/idgcom-de/gamepro/ ]
        C:\USERS\NATSCHO\Cookies\7BQP0PMJ.txt [ Cookie:natscho@adserver.local.ch/ ]
        C:\USERS\NATSCHO\Cookies\DTC0XY4N.txt [ Cookie:natscho@adultfriendfinder.com/ ]
        C:\USERS\NATSCHO\Cookies\9DTZU1RP.txt [ Cookie:natscho@delivery.way2traffic.com/campaign=634/view/4123 ]
        C:\USERS\NATSCHO\Cookies\WIP1P4JL.txt [ Cookie:natscho@wmedia.rotator.hadj7.adjuggler.net/ ]
        C:\USERS\NATSCHO\Cookies\324ROU4T.txt [ Cookie:natscho@www.usenext.de/ ]
        C:\USERS\NATSCHO\Cookies\HPO554K1.txt [ Cookie:natscho@eas.apm.emediate.eu/ ]
        C:\USERS\NATSCHO\Cookies\8FD0UDN1.txt [ Cookie:natscho@adform.net/ ]
        C:\USERS\NATSCHO\Cookies\5QLA7Z9X.txt [ Cookie:natscho@ad.adition.net/ ]
        C:\USERS\NATSCHO\Cookies\8HRJIRHR.txt [ Cookie:natscho@ads3.net2day.de/ ]
        C:\USERS\NATSCHO\Cookies\1RSKIW1T.txt [ Cookie:natscho@zanox.com/ ]
        C:\USERS\NATSCHO\Cookies\EBQA7TXN.txt [ Cookie:natscho@tracking.gameforge.de/track/ ]
        C:\USERS\NATSCHO\Cookies\natscho@imrworldwide[2].txt [ Cookie:natscho@imrworldwide.com/cgi-bin ]
        C:\USERS\NATSCHO\Cookies\CZ7YDA2D.txt [ Cookie:natscho@track.socialclicks.com/ ]
        C:\USERS\NATSCHO\Cookies\U2NH7WY0.txt [ Cookie:natscho@invitemedia.com/ ]
        C:\USERS\NATSCHO\Cookies\ZX16J92V.txt [ Cookie:natscho@smartadserver.com/ ]
        C:\USERS\NATSCHO\Cookies\AF7EVI44.txt [ Cookie:natscho@tracking.quisma.com/ ]
        C:\USERS\NATSCHO\Cookies\8HXDJ2I1.txt [ Cookie:natscho@amazon-adsystem.com/ ]
        C:\USERS\NATSCHO\Cookies\ZS07IWTB.txt [ Cookie:natscho@ad1.adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\Cookies\4M79HZ97.txt [ Cookie:natscho@tracking.novem.pl/ ]
        C:\USERS\NATSCHO\Cookies\KIYNHK1E.txt [ Cookie:natscho@adxpose.com/ ]
        C:\USERS\NATSCHO\Cookies\72KPZY38.txt [ Cookie:natscho@ad3.adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\Cookies\B5Y0N8MD.txt [ Cookie:natscho@adbrite.com/ ]
        C:\USERS\NATSCHO\Cookies\N257PP7A.txt [ Cookie:natscho@clkads.com/adServe/banners ]
        C:\USERS\NATSCHO\Cookies\OLH3UZ9S.txt [ Cookie:natscho@track.effiliation.com/servlet/ ]
        C:\USERS\NATSCHO\Cookies\FZ5QNJYN.txt [ Cookie:natscho@zedo.com/ ]
        C:\USERS\NATSCHO\Cookies\C25J30LB.txt [ Cookie:natscho@collective-media.net/ ]
        C:\USERS\NATSCHO\Cookies\HH8UD4F3.txt [ Cookie:natscho@c.atdmt.com/ ]
        C:\USERS\NATSCHO\Cookies\0K9VIL6P.txt [ Cookie:natscho@usenext.de/ ]
        C:\USERS\NATSCHO\Cookies\natscho@c.gigcount[1].txt [ Cookie:natscho@c.gigcount.com/ ]
        C:\USERS\NATSCHO\Cookies\9YCO4DY0.txt [ Cookie:natscho@statcounter.com/ ]
        C:\USERS\NATSCHO\Cookies\BE0YVUVP.txt [ Cookie:natscho@serving-sys.com/ ]
        C:\USERS\NATSCHO\Cookies\ZUU00XDM.txt [ Cookie:natscho@delivery.way2traffic.com/ ]
        C:\USERS\NATSCHO\Cookies\LLRODYCW.txt [ Cookie:natscho@delivery.way2traffic.com/campaign=634 ]
        C:\USERS\NATSCHO\Cookies\VXEV0YCD.txt [ Cookie:natscho@server.cpmstar.com/ ]
        C:\USERS\NATSCHO\Cookies\ZSDWJFP7.txt [ Cookie:natscho@apmebf.com/ ]
        C:\USERS\NATSCHO\Cookies\9P67TYCL.txt [ Cookie:natscho@ads.adultswim.com/ ]
        C:\USERS\NATSCHO\Cookies\J8WBKQK0.txt [ Cookie:natscho@forum.usenext.de/ ]
        C:\USERS\NATSCHO\Cookies\QGZXZQOY.txt [ Cookie:natscho@mediaplex.com/ ]
        C:\USERS\NATSCHO\Cookies\5VGW3XNE.txt [ Cookie:natscho@toplist.cz/ ]
        C:\USERS\NATSCHO\Cookies\8ZBJV5MN.txt [ Cookie:natscho@fidelity.rotator.hadj7.adjuggler.net/ ]
        C:\USERS\NATSCHO\Cookies\0V0KJ5GE.txt [ Cookie:natscho@lfstmedia.com/ ]
        C:\USERS\NATSCHO\Cookies\V0V7R2XI.txt [ Cookie:natscho@counter.hitslink.com/ ]
        C:\USERS\NATSCHO\Cookies\NEEEJ4GT.txt [ Cookie:natscho@adx.chip.de/ ]
        C:\USERS\NATSCHO\Cookies\129VMZO5.txt [ Cookie:natscho@ad2.adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\Cookies\PX2KM1GK.txt [ Cookie:natscho@adfarm1.adition.com/ ]
        C:\USERS\NATSCHO\Cookies\GLUCF3US.txt [ Cookie:natscho@xm.xtendmedia.com/ ]
        C:\USERS\NATSCHO\Cookies\R36RIRFJ.txt [ Cookie:natscho@h.atdmt.com/ ]
        C:\USERS\NATSCHO\Cookies\2FTCFUSE.txt [ Cookie:natscho@pornhub.com/ ]
        C:\USERS\NATSCHO\Cookies\5NCVLU3A.txt [ Cookie:natscho@accounts.google.com/ ]
        C:\USERS\NATSCHO\Cookies\JZBSS03K.txt [ Cookie:natscho@lucidmedia.com/ ]
        C:\USERS\NATSCHO\Cookies\QPJIQ79Q.txt [ Cookie:natscho@ads4.net2day.de/ ]
        C:\USERS\NATSCHO\Cookies\80Y5C0XZ.txt [ Cookie:natscho@track.effiliation.com/ ]
        C:\USERS\NATSCHO\Cookies\5IJT27BW.txt [ Cookie:natscho@stats.paypal.com/ ]
        C:\USERS\NATSCHO\Cookies\KPVPXDFH.txt [ Cookie:natscho@de.sitestat.com/sueddeutscher/stuttgarter-zeitung/ ]
        C:\USERS\NATSCHO\Cookies\1SOWGNXL.txt [ Cookie:natscho@microsoftwllivemkt.112.2o7.net/ ]
        C:\USERS\NATSCHO\Cookies\772YQQ3H.txt [ Cookie:natscho@tribalfusion.com/ ]
        C:\USERS\NATSCHO\Cookies\ZX6RK5HN.txt [ Cookie:natscho@conrad.122.2o7.net/ ]
        C:\USERS\NATSCHO\Cookies\DSZ3GSYA.txt [ Cookie:natscho@adserver.adreactor.com/ ]
        C:\USERS\NATSCHO\Cookies\R6DVTQPX.txt [ Cookie:natscho@www.etracker.de/ ]
        C:\USERS\NATSCHO\Cookies\Z87US6U4.txt [ Cookie:natscho@bs.serving-sys.com/ ]
        C:\USERS\NATSCHO\Cookies\IZ5O45PP.txt [ Cookie:natscho@ad.zanox.com/ ]
        C:\USERS\NATSCHO\Cookies\FT2GZDXD.txt [ Cookie:natscho@azjmp.com/ ]
        C:\USERS\NATSCHO\Cookies\0F38FV5Z.txt [ Cookie:natscho@track.webtrekk.de/507806068541578/ ]
        C:\USERS\NATSCHO\Cookies\8WAENXLU.txt [ Cookie:natscho@ads2.net2day.de/ ]
        C:\USERS\NATSCHO\Cookies\F2XHOGMP.txt [ Cookie:natscho@a.revenuemax.de/ ]
        C:\USERS\NATSCHO\Cookies\M7P4F0HX.txt [ Cookie:natscho@ad.dyntracker.de/ ]
        C:\USERS\NATSCHO\Cookies\T3C2H3R3.txt [ Cookie:natscho@kabam.postclickmarketing.com/ ]
        C:\USERS\NATSCHO\Cookies\Q14V22AR.txt [ Cookie:natscho@traffictrack.de/ ]
        C:\USERS\NATSCHO\Cookies\MHJ4UE1Q.txt [ Cookie:natscho@tradedoubler.com/ ]
        C:\USERS\NATSCHO\Cookies\ZSGHGGY3.txt [ Cookie:natscho@in.getclicky.com/ ]
        C:\USERS\NATSCHO\Cookies\KWDZCYAJ.txt [ Cookie:natscho@statse.webtrendslive.com/ ]
        C:\USERS\NATSCHO\Cookies\F2SRP7OX.txt [ Cookie:natscho@zbox.zanox.com/ ]
        C:\USERS\NATSCHO\Cookies\Q7T6Z21Q.txt [ Cookie:natscho@paypal.112.2o7.net/ ]
        C:\USERS\NATSCHO\Cookies\XZRS5AI7.txt [ Cookie:natscho@casalemedia.com/ ]
        C:\USERS\NATSCHO\Cookies\3VBZ6PIK.txt [ Cookie:natscho@www.pixeltrack66.com/ ]
        C:\USERS\NATSCHO\Cookies\YJ3KQK2M.txt [ Cookie:natscho@vlc-media-player.sd.softonic.de/ ]
        C:\USERS\NATSCHO\Cookies\B4SKC4E3.txt [ Cookie:natscho@yadro.ru/ ]
        C:\USERS\NATSCHO\Cookies\ONCO0D1Q.txt [ Cookie:natscho@exoclick.com/ ]
        C:\USERS\NATSCHO\Cookies\S9R913CG.txt [ Cookie:natscho@ad.dyntracker.com/ ]
        C:\USERS\NATSCHO\Cookies\SJ2M2B1Z.txt [ Cookie:natscho@adtech.de/ ]
        C:\USERS\NATSCHO\Cookies\GP82GU6L.txt [ Cookie:natscho@2o7.net/ ]
        C:\USERS\NATSCHO\Cookies\1ZIVI0SS.txt [ Cookie:natscho@quartermedia.de/ ]
        C:\USERS\NATSCHO\Cookies\J4QI5E8S.txt [ Cookie:natscho@adserver.adtechus.com/ ]
        C:\USERS\NATSCHO\Cookies\BED9D84F.txt [ Cookie:natscho@ad.adnet.de/ ]
        C:\USERS\NATSCHO\Cookies\TLV5N3B5.txt [ Cookie:natscho@liveperson.net/ ]
        C:\USERS\NATSCHO\Cookies\X680ASAM.txt [ Cookie:natscho@adult-empire.com/ ]
        C:\USERS\NATSCHO\Cookies\1KW08YH2.txt [ Cookie:natscho@xiti.com/ ]
        C:\USERS\NATSCHO\Cookies\P2Z5GZ9I.txt [ Cookie:natscho@sexfinder.com/ ]
        C:\USERS\NATSCHO\Cookies\749CNAU4.txt [ Cookie:natscho@hightraffic.hugoboss.com/ ]
        C:\USERS\NATSCHO\Cookies\Q3D9C3IC.txt [ Cookie:natscho@server.adformdsp.net/ ]
        C:\USERS\NATSCHO\Cookies\NJ2IKUWE.txt [ Cookie:natscho@specificclick.net/ ]
        C:\USERS\NATSCHO\Cookies\TSF1OMA4.txt [ Cookie:natscho@questionmarket.com/ ]
        C:\USERS\NATSCHO\Cookies\WMDSVDBE.txt [ Cookie:natscho@fastclick.net/ ]
        C:\USERS\NATSCHO\Cookies\GE3UHPGU.txt [ Cookie:natscho@server.adform.net/ ]
        C:\USERS\NATSCHO\Cookies\OWTZI0BD.txt [ Cookie:natscho@www.googleadservices.com/pagead/conversion/1061913833/ ]
        C:\USERS\NATSCHO\Cookies\35BK3XBA.txt [ Cookie:natscho@tracking.weinwelt.at/ ]
        C:\USERS\NATSCHO\Cookies\EP6AE500.txt [ Cookie:natscho@track.brighteroption.com/ ]
        C:\USERS\NATSCHO\Cookies\5LJPGRFA.txt [ Cookie:natscho@advertising.com/ ]
        C:\USERS\NATSCHO\Cookies\CBJDK5SG.txt [ Cookie:natscho@tracking.weinwelt.at/dcsjv7dm33g96gb68fchnbixd_2t1i ]
        C:\USERS\NATSCHO\Cookies\MFHOY31Z.txt [ Cookie:natscho@aim4media.com/ ]
        C:\USERS\NATSCHO\Cookies\7WH9FA1Q.txt [ Cookie:natscho@ads.247activemedia.com/ ]
        C:\USERS\NATSCHO\Cookies\B3R5FZB3.txt [ Cookie:natscho@adformdsp.net/ ]
        C:\USERS\NATSCHO\Cookies\IPA9YYAO.txt [ Cookie:natscho@www.netdebit-counter.de/ ]
        C:\USERS\NATSCHO\Cookies\7B5RE8YC.txt [ Cookie:natscho@banner.electronic-arts.de/ ]
        C:\USERS\NATSCHO\Cookies\ORTMJNYZ.txt [ Cookie:natscho@ipcmedia.122.2o7.net/ ]
        C:\USERS\NATSCHO\Cookies\3NH181OG.txt [ Cookie:natscho@www.3dstats.com/cgi-bin ]
        C:\USERS\NATSCHO\Cookies\TSGUUG46.txt [ Cookie:natscho@zanox-affiliate.de/ ]
        C:\USERS\NATSCHO\Cookies\ZFKT4JLU.txt [ Cookie:natscho@viewad.exchangecash.de/ ]
        C:\USERS\NATSCHO\Cookies\3EIOZQP8.txt [ Cookie:natscho@clickfuse.com/ ]
        i.adultswim.com [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]
        imagesrv.adition.com [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]
        media.filb.de [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]
        media.gan-online.com [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]
        serving-sys.com [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]
        video.unrulymedia.com [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]
        www.pornhub.com [ C:\USERS\NATSCHO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4UUMFAMM ]

cosinus 12.07.2012 14:49
Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

TeiTei 12.07.2012 16:03
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Natscho :: NATSCHOLAP [Administrator]

Schutz: Aktiviert

12.07.2012 15:55:31
mbam-log-2012-07-12 (15-55-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 460599
Laufzeit: 56 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 12.07.2012 18:24
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

TeiTei 15.07.2012 05:38
Code:
# AdwCleaner v1.702 - Logfile created 07/15/2012 at 06:37:51
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Natscho - NATSCHOLAP
# Running from : C:\Users\Natscho\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : bProtector

***** [Files / Folders] *****

Folder Found : C:\Users\Natscho\AppData\Local\Conduit
Folder Found : C:\Users\Natscho\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Natscho\AppData\LocalLow\Conduit
Folder Found : C:\Users\Natscho\AppData\LocalLow\PriceGong
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\bProtector
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\bProtector
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\DataMngr_Toolbar
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975

*************************

AdwCleaner[R1].txt - [5266 octets] - [15/07/2012 06:37:51]

########## EOF - C:\AdwCleaner[R1].txt - [5394 octets] ##########

cosinus 15.07.2012 16:39
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

TeiTei 16.07.2012 06:58
Code:
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 07:54:24
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Natscho - NATSCHOLAP
# Running from : C:\Users\Natscho\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : bProtector

***** [Files / Folders] *****

Folder Deleted : C:\Users\Natscho\AppData\Local\Conduit
Folder Deleted : C:\Users\Natscho\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Natscho\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Natscho\AppData\LocalLow\PriceGong
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [5343 octets] - [15/07/2012 06:37:51]
AdwCleaner[S1].txt - [3896 octets] - [16/07/2012 07:54:24]

########## EOF - C:\AdwCleaner[S1].txt - [4024 octets] ##########

cosinus 16.07.2012 16:05
Sieht ok aus, da wurden nur Cookies von SASW gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

TeiTei 16.07.2012 16:18
Rechner, Paint und derartige Standartprogramme sind nichtmehr vorhanden kann ich diese wieder herstellen ?
also wenn ich ausführen "pbrush" eingebe dann öffnet es sich aber warumm finde ich es nichtmehr unter suche bzw wo versteckt es sich

cosinus 16.07.2012 16:48
Du bist echt ein Burner! :rofl:
Ich hab im Laufe des Strang extra nachgefragt ob du etwas vermisst und als Antwort kam "nein alles ist da" (sinngemäß) :applaus:

Zitat:
Zitat von TeiTei (Beitrag 841911)
Ja es Funktioniert alles wieder normal
und wie es aussieht fehlt dem ganzen auch nichts :D

TeiTei 16.07.2012 18:21
Meine Freundin hat auch nur die wichtigen sachen nachgesehen und nun im verlauf gemerkt das dinge die sie selten benutzt nicht mehr da sind -.-

cosinus 17.07.2012 08:39
Das Startmenü wurde von der Ransomware gelöscht, wenn überhaupt kannst du mit unhide noch was wiederherstellen. Wenn nicht bist du ohne Backup angeschmiert

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

TeiTei 18.07.2012 20:15
Oki vielen dank das letztere hat nicht geklappt aber ist auch nicht so wichtig :D
eine rechner app ist schnell gefunden und paint.net ist tausend mal besser als normales paint das lade ich ihr runter :D sonst ist eh noch nichts aufgefallen was noch weg sein könnte :D

cosinus 19.07.2012 15:43
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

TeiTei 22.07.2012 00:54
Ich danke unendlich für die Geduld und die ganze Hilfe
sehr net und top hilfe DANKE :dankeschoen:

TeiTei 12.08.2012 10:35
Hi ho

Also gestern hat meine Freundin nur die übrigen textfiles und co in einen anderen ordner gepackt und auf einmal war der Trojaner wieder da :(

ist es nicht am besten den lappy zu formatieren ?

cosinus 12.08.2012 14:03
Das glaub ich so nicht
Sie muss wieder irgendwas ausgeführt haben oder hat ein Update vernachlässigt

TeiTei 13.08.2012 13:04
kann man es herausfinden wie es passiert ist ?
ich denke wenn dann ist das mit dem update möglich ...

cosinus 13.08.2012 17:42
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:23 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58