Trojaner-Board - Zugriff auf Rechner blockiert-White Screen+"Please wait while the connection is being established"

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Zugriff auf Rechner blockiert-White Screen+"Please wait while the connection is being established" (https://www.trojaner-board.de/116855-zugriff-rechner-blockiert-white-screen-please-wait-while-the-connection-is-being-established.html)

Zugriff auf Rechner blockiert-White Screen+"Please wait while the connection is being established"

Moin liebes Forum,

Folgendes Problem:
Nachdem ich meinen Rechner gestartet hatte, tauchte plötzlich ein White Screen auf mit dem Text "Please wait while the connection is being established". Der Task Manager kann noch geöffnet werden, mehr nicht. Im abgesicherten Modus tritt bei mir das Problem nicht auf. Daraufhin hab ich ein Systemcheck durchgeführt, das sagt keinen Virenbefall an, jedoch spuckt es 109 Warnungen aus.
Einen Reboot mit OTLPENet.exe hab ich schon versucht, es öffnet sich aber kein REATOGO-X-PE Desktop.
System: Windows 7

Mit meinem Latein bin ich jetzt am Ende,:confused: ich hoffe hier kann mir jemand weiterhelfen.

Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.08.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Steffen :: STEFFEN-PC [Administrator]

Schutz: Deaktiviert

08.06.2012 17:30:35
mbam-log-2012-06-08 (17-30-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 570565
Laufzeit: 1 Stunde(n), 35 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Steffen\Downloads\MyWebFaceSetup2.3.96.3.GRchr999.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_deepnet-explorer.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_ideas.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)
.daguru
hier noch nachträglich der log des scans

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

ne war der erste scan

Führ bitte auch ESET aus, danach sehen wir weiter:

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Hier der log vom ESET Scan

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ca362f5b3d0cca479555399bbb9caa8e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-11 03:55:26
# local_time=2012-06-11 05:55:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 14666945 14666945 0 0
# compatibility_mode=1792 16777215 100 0 6786949 6786949 0 0
# compatibility_mode=5893 16776574 100 94 23976626 91046191 0 0
# compatibility_mode=8192 67108863 100 0 182 182 0 0
# scanned=508210
# found=20
# cleaned=0
# scan_time=13785
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll Variante von Win32/Adware.Yontoo.B Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll Variante von Win32/Adware.Yontoo.B Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\AppData\Local\Temp\124kkk290347.exe Win32/Injector.SJO Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\AppData\Local\Temp\is1293846689\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\AppData\Roaming\WinzipArchiver.exe Win32/Injector.SJO Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\Downloads\MyWebFaceSetup2.3.96.3.GRchr999.exe Variante von Win32/Toolbar.MyWebSearch.O Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_deepnet-explorer.exe Win32/SoftonicDownloader.D Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_ideas.exe Win32/SoftonicDownloader.D Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I

Zitat:

C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_deepnet-explorer.exe

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Zunächst mal sind noch alle Programme da. Allerdings ist Windows im normalen Modus immer noch mit dem selben Problem belastet, mit der Veränderung das der Rechner jetzt doch deutlich langsamer geworden ist.
Was mir jetzt allerdings auffällt ist diese Zeile des ESET Scan Logs:

Zitat:

C:\Users\Steffen\AppData\Roaming\WinzipArchiver.exe Win32/Injector.SJO Trojaner

Wenn ich mit Alt+Tab versuche die Fenster zu wechseln ist der White Screen angegeben als dieser "WinZipArchiver".
Kann es da einen Zusammenhang geben?

Bitte erstmal einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

der neuste log von heute(zweiter insgesamt):

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.12.02
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Steffen :: STEFFEN-PC [Administrator]
 

Schutz: Deaktiviert
 

12.06.2012 12:47:27

mbam-log-2012-06-12 (12-47-27).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 571044

Laufzeit: 1 Stunde(n), 38 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wgp1yRCryj6IMET (Trojan.Bifrose) -> Daten: C:\Users\Steffen\AppData\Roaming\WinzipArchiver.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Users\Steffen\AppData\Roaming\WinzipArchiver.exe (Trojan.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Steffen\AppData\Local\Temp\124kkk290347.exe (Trojan.Bifrose) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Erster Log vom 08.06.12:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.08.04
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Steffen :: STEFFEN-PC [Administrator]
 

Schutz: Deaktiviert
 

08.06.2012 17:30:35

mbam-log-2012-06-08 (17-30-35).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 570565

Laufzeit: 1 Stunde(n), 35 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Steffen\Downloads\MyWebFaceSetup2.3.96.3.GRchr999.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt.

C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_deepnet-explorer.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

C:\Users\Steffen\Downloads\exe und setups\SoftonicDownloader_fuer_ideas.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
 

(Ende)

Und nun? Muss das wiederholen:

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Der White Screen bleibt weg und ich hab wieder vollen Zugriff. Fehlen tut auch nix. Großes :dankeschoen: schon mal dafür.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der Inhalt der otl.txt Datei:

Code:

OTL logfile created on: 12.06.2012 15:32:23 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Steffen\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,91 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,91% Memory free

7,82 Gb Paging File | 5,58 Gb Available in Paging File | 71,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 414,66 Gb Total Space | 314,65 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

Drive D: | 48,00 Gb Total Space | 22,97 Gb Free Space | 47,86% Space Free | Partition Type: NTFS

 

Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.12 15:30:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Downloads\OTL.exe

PRC - [2012.05.08 10:08:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.08 10:08:51 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.08 10:08:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.07.13 22:56:16 | 003,426,312 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe

PRC - [2011.07.09 01:50:10 | 000,824,328 | R--- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe

PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

PRC - [2010.10.05 21:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.10.05 21:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.08.23 15:03:02 | 001,662,352 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe

PRC - [2010.08.23 15:02:50 | 012,375,952 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\SMARTBoardTools.exe

PRC - [2010.08.23 15:02:48 | 005,347,728 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\SMARTBoardService.exe

PRC - [2010.08.23 15:02:32 | 006,645,136 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\Marker.exe

PRC - [2010.08.23 15:02:14 | 002,970,000 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\Aware.exe

PRC - [2010.08.23 14:55:54 | 000,030,608 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\ResponseSoftwareService.exe

PRC - [2010.08.23 14:55:54 | 000,030,608 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe

PRC - [2010.08.23 14:55:46 | 001,947,024 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\DesktopMenu.exe

PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010.01.13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

PRC - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe

PRC - [2009.12.19 00:38:18 | 000,345,608 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe

PRC - [2008.07.22 18:33:28 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe

PRC - [2006.11.29 11:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.20 15:13:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2010.08.23 14:57:38 | 000,066,960 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\libLogger.dll

MOD - [2010.08.06 02:41:30 | 000,425,984 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\ZipArchive.dll

MOD - [2010.08.06 02:41:30 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\XalanMessages_1_10.dll

MOD - [2010.08.06 02:41:28 | 002,277,376 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\xqilla10.dll

MOD - [2010.08.06 02:41:28 | 001,019,904 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\js32.dll

MOD - [2010.08.06 02:41:28 | 000,976,384 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\libxml2.dll

MOD - [2010.08.06 02:41:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\raptor.dll

MOD - [2010.08.06 02:41:28 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\rasqal.dll

MOD - [2010.08.06 02:41:28 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\librdf.dll

MOD - [2010.08.06 02:41:26 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\libxslt.dll

MOD - [2010.08.06 02:41:26 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\zlib1.dll

MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2010.01.06 08:22:10 | 002,011,648 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\QtCore4.dll

MOD - [2009.09.29 05:43:02 | 007,462,912 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\QtGui4.dll

MOD - [2009.09.29 05:32:20 | 000,877,056 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\QtNetwork4.dll

MOD - [2008.02.19 13:48:16 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\SMART Technologies\QtPlugins\imageformats\qtiff4.dll

MOD - [2008.02.19 13:47:44 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\SMART Technologies\QtPlugins\imageformats\qgif4.dll

MOD - [2008.02.19 13:47:38 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\SMART Technologies\QtPlugins\imageformats\qjpeg4.dll

MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.05.05 22:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)

SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)

SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)

SRV:64bit: - [2011.01.26 08:46:34 | 000,914,664 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService)

SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)

SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2012.05.11 11:04:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.05.08 10:08:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.08 10:08:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.12.06 13:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)

SRV - [2010.11.02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)

SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)

SRV - [2010.10.05 21:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.10.05 21:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.08.23 14:55:54 | 000,030,608 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe -- (Response Hardware)

SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.05.08 10:08:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.08 10:08:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.24 20:56:30 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.07.27 01:22:48 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)

DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.10 17:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.08.24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010.08.23 15:01:38 | 000,023,952 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)

DRV:64bit: - [2010.08.23 15:01:30 | 000,015,888 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)

DRV:64bit: - [2010.08.23 15:01:04 | 000,012,688 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)

DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2010.01.22 10:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009.10.23 16:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2009.08.26 07:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.08 13:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr)

DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=f2d3d60c00000000000078929c4e2633

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_7_&babsrc=SP_ss&mntrId=f2d3d60c00000000000078929c4e2633

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\SearchScopes\{DBC09D0A-1C49-40B7-AFB2-38AD97BE02AB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE466

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=f2d3d60c00000000000078929c4e2633"

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=KW_ss&mntrId=f2d3d60c00000000000078929c4e2633&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.12.27 21:33:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.12.27 21:33:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.12.27 21:33:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.04 14:57:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.21 19:29:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.04 14:57:20 | 000,000,000 | ---D | M]

 

[2012.04.21 19:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions

[2012.06.07 22:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\qan3l8td.default\extensions

[2012.04.21 19:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.07 22:21:01 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.91\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: SweetIM for Facebook = C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 

CHR - Extension: SweetIM for Facebook = C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\

CHR - Extension: Skype Click to Call = C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

CHR - Extension: SweetIM for Facebook = C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 

CHR - Extension: SweetIM for Facebook = C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\

CHR - Extension: Skype Click to Call = C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (SMART Sync) - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Classroom Teacher\Sync Teacher\SyncIEToolbar.dll (SMART Technologies ULC.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3:64bit: - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)

O4:64bit: - HKLM..\Run: [MacrokeyManager] C:\Windows\SysNative\WTMKM.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\Classroom Teacher\SMARTBoardService.exe (SMART Technologies)

O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe (SMART Technologies ULC)

O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CCD9051-4C8F-4EFE-A913-AB010AA58E35}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)

O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.12 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{7AF6BB6C-9C8B-437E-BB81-A38CE49DF4D0}

[2012.06.12 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{4D20D5BE-C45C-49C7-A344-0417DFC93F66}

[2012.06.12 15:17:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.06.12 15:13:51 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HpUpdate

[2012.06.12 15:13:44 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard

[2012.06.12 15:10:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{33C89060-7A97-4676-AD79-67B3D5AE1858}

[2012.06.12 15:10:00 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{E7509770-3242-41D5-AC3B-B87AD7BAD279}

[2012.06.11 14:34:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012.06.11 14:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.06.11 13:57:12 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steffen\Desktop\esetsmartinstaller_deu.exe

[2012.06.08 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes

[2012.06.08 17:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.06.08 17:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.06.08 17:29:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.08 17:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.08 16:47:21 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{FD82EA85-3D3B-4639-9008-919B17045A64}

[2012.06.08 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{264F234E-742C-481A-849F-130F71230BF9}

[2012.06.08 15:58:54 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{D9F0BE0F-2DF9-497C-B9DD-B3092D742C8E}

[2012.06.08 15:58:31 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{0FF7949D-82C7-4FA7-9B2F-E0714FF58C53}

[2012.06.08 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{CBA3FD35-C632-437C-AA3B-76D35AE426B6}

[2012.06.08 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{3650CC05-FCED-426E-BA35-CFE60DBF3916}

[2012.06.08 09:51:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{EC65B90F-61FE-4E6F-BA6C-701C1CB00793}

[2012.06.08 01:39:11 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{4664F09C-E34F-459C-9CD9-37B662B650C2}

[2012.06.08 01:38:24 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{54519887-E2A6-4284-AAF6-727F5B0CB7F1}

[2012.06.07 22:20:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\YourFileDownloader

[2012.06.06 01:01:26 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Rovio

[2012.06.06 01:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio

[2012.06.06 01:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio

[2012.06.05 09:25:13 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\DAPE

[2012.06.05 09:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deepnet Explorer

[2012.06.05 09:24:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Deepnet Explorer

[2012.06.05 09:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deepnet Explorer

[2012.06.04 15:04:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\HP

[2012.06.04 15:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2012.06.04 15:01:22 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HP

[2012.06.04 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion

[2012.06.04 14:57:29 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Yahoo!

[2012.06.04 14:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!

[2012.06.04 14:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2012.06.04 14:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2012.06.04 14:55:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012.06.04 14:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard

[2012.06.04 14:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP

[2012.06.04 14:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2012.06.04 14:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2012.05.31 15:35:21 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{DEF7A13C-B4F6-4927-80EB-C805BA94E02B}

[2012.05.31 15:35:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{97C8C6AC-6CEE-4883-A72F-8256E7A864C4}

[2012.05.30 10:05:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{DDE47D0C-7830-4F89-8DAB-ED8291F3517C}

[2012.05.30 10:04:49 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{61E884D9-CE1D-45C8-B9EE-A9675AEF702E}

[2012.05.28 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{B485037E-19AA-4E9E-B68C-CBC7D6C9F1D1}

[2012.05.28 22:59:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{562283CD-E433-4B3C-8A67-1EC0FA385F04}

[2012.05.19 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Steffen\.gimp-2.6

[2012.05.18 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{C802279F-7008-4999-95A5-E39308EE8253}

[2012.05.18 15:47:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{81BC2D58-C369-47D2-A351-C346B79866A1}

[2012.05.16 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrokey Manager

[2012.05.16 16:04:27 | 000,007,680 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\moufiltr.sys

[2012.05.16 16:04:27 | 000,007,552 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\walvhid.sys

[2012.05.16 16:04:27 | 000,000,000 | ---D | C] -- C:\Windows\udtablet

[2012.05.16 16:04:26 | 000,119,528 | ---- | C] (WALTOP International Corp.) -- C:\Windows\SysWow64\WINTAB32.dll

[2012.05.16 16:04:26 | 000,116,968 | ---- | C] (Aiptek) -- C:\Windows\SysWow64\Tblfunc.dll

[2012.05.16 16:04:26 | 000,000,000 | ---D | C] -- C:\Windows\vhid

[2012.05.16 16:04:25 | 001,929,448 | ---- | C] (WALTOP International Corp.) -- C:\Windows\SysNative\tablet.cpl

[2012.05.16 16:04:18 | 001,757,344 | ---- | C] (WALTOP International Corp.) -- C:\Windows\SysNative\TblRes.dll

[2012.05.16 16:04:18 | 000,095,976 | ---- | C] (WALTOP International Corp.) -- C:\Windows\SysNative\WINTAB32.dll

[2012.05.16 16:04:17 | 000,091,880 | ---- | C] (Aiptek) -- C:\Windows\SysNative\TBLFUNC.dll

[2012.05.16 16:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tablet

[2012.05.16 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Notes & Office Ink

[2012.05.16 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Notes & Office Ink

[2012.05.16 16:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Presenter RE II

[2012.05.16 16:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Power Presenter RE II

[2012.05.16 15:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2012.05.16 15:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead Systems

[2012.05.16 15:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact 12

[2012.05.16 15:55:17 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL

[2012.05.16 15:55:16 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.dll

[2012.05.16 15:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems

[2012.05.16 15:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems

[2012.05.16 15:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems

[2012.05.14 10:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games

[2012.05.14 10:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

[2012.05.14 00:33:47 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{8D2F8F8E-1D3E-4F0E-A51E-8EB9A2F4DE7D}

[2012.05.14 00:33:24 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{AE54D507-8249-4E6D-8E64-4DD24CCEB64B}

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.12 15:31:51 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.12 15:31:51 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.12 15:27:07 | 007,743,520 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.12 15:27:07 | 000,694,664 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2012.06.12 15:27:07 | 000,693,688 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat

[2012.06.12 15:27:07 | 000,691,426 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat

[2012.06.12 15:27:07 | 000,689,960 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2012.06.12 15:27:07 | 000,689,342 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2012.06.12 15:27:07 | 000,679,576 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat

[2012.06.12 15:27:07 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.12 15:27:07 | 000,632,414 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat

[2012.06.12 15:27:07 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.12 15:27:07 | 000,462,406 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat

[2012.06.12 15:27:07 | 000,148,544 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat

[2012.06.12 15:27:07 | 000,137,296 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat

[2012.06.12 15:27:07 | 000,135,074 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2012.06.12 15:27:07 | 000,133,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat

[2012.06.12 15:27:07 | 000,133,174 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat

[2012.06.12 15:27:07 | 000,130,374 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2012.06.12 15:27:07 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.12 15:27:07 | 000,127,378 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2012.06.12 15:27:07 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.12 15:27:07 | 000,080,038 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat

[2012.06.12 15:20:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.12 15:19:36 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat

[2012.06.12 15:19:30 | 3151,331,328 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.12 15:12:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.11 13:57:17 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steffen\Desktop\esetsmartinstaller_deu.exe

[2012.06.08 17:29:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.08 16:04:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.08 01:34:24 | 000,594,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.06.07 22:21:15 | 000,000,250 | ---- | M] () -- C:\user.js

[2012.06.04 15:01:14 | 000,245,575 | ---- | M] () -- C:\Windows\hpoins19.dat

[2012.06.04 14:55:19 | 000,002,103 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012.05.30 23:16:34 | 000,000,693 | -H-- | M] () -- C:\Users\Steffen\Desktop\Steffen - Verknüpfung.lnk

[2012.05.19 14:20:13 | 000,000,355 | -H-- | M] () -- C:\Users\Steffen\Desktop\Computer - Verknüpfung.lnk

[2012.05.18 16:49:47 | 000,000,359 | -H-- | M] () -- C:\Users\Steffen\Desktop\Papierkorb - Verknüpfung.lnk

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.06.08 17:29:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.06.07 22:21:13 | 000,000,250 | ---- | C] () -- C:\user.js

[2012.06.04 14:56:21 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk

[2012.06.04 14:55:19 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012.06.04 14:51:24 | 000,245,575 | ---- | C] () -- C:\Windows\hpoins19.dat

[2012.06.04 14:51:24 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2012.05.18 16:49:31 | 000,000,359 | -H-- | C] () -- C:\Users\Steffen\Desktop\Papierkorb - Verknüpfung.lnk

[2012.05.18 16:23:07 | 000,000,355 | -H-- | C] () -- C:\Users\Steffen\Desktop\Computer - Verknüpfung.lnk

[2012.05.18 16:22:54 | 000,000,693 | -H-- | C] () -- C:\Users\Steffen\Desktop\Steffen - Verknüpfung.lnk

[2012.05.16 16:04:29 | 000,010,525 | ---- | C] () -- C:\Windows\SysNative\Default_3.ini

[2012.05.16 16:04:29 | 000,010,283 | ---- | C] () -- C:\Windows\SysNative\Default_2.ini

[2012.05.16 16:04:29 | 000,009,917 | ---- | C] () -- C:\Windows\SysNative\Default_1.ini

[2012.05.16 16:04:29 | 000,000,738 | ---- | C] () -- C:\Windows\SysNative\MKProfile.ini

[2012.05.16 16:04:24 | 000,914,664 | ---- | C] () -- C:\Windows\SysNative\atwtusb.exe

[2012.05.16 16:04:23 | 007,319,784 | ---- | C] () -- C:\Windows\SysNative\WTMKM.exe

[2012.05.16 16:04:17 | 003,883,240 | ---- | C] () -- C:\Windows\SysNative\Control Panel_Betteryless.exe

[2012.05.16 16:04:17 | 000,088,736 | ---- | C] () -- C:\Windows\SysNative\InstallService.exe

[2012.05.16 16:04:17 | 000,001,192 | ---- | C] () -- C:\Windows\SysNative\Hit.WAV

[2012.05.16 16:04:14 | 000,161,512 | ---- | C] () -- C:\Windows\SysNative\Calibration.exe

[2012.05.16 16:04:12 | 000,844,288 | ---- | C] () -- C:\Windows\RmTablet.exe

[2012.05.16 16:04:11 | 000,010,708 | ---- | C] () -- C:\Windows\SysNative\aiptbl.ini

[2012.04.11 16:24:32 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2012.01.13 02:00:32 | 000,006,144 | ---- | C] () -- C:\Users\Steffen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.12.27 17:26:47 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2011.12.25 10:30:53 | 007,840,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.08 00:22:17 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011.07.27 01:20:38 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.07.27 01:20:38 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.07.27 01:20:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.07.27 01:14:32 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011.07.27 00:50:58 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

 
 ========== LOP Check ==========

 

[2012.05.11 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.smarttech-webinterface

[2012.02.17 20:18:28 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Ableton

[2011.12.25 10:52:49 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Atari

[2011.12.27 15:44:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon

[2012.06.05 09:25:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAPE

[2012.01.06 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DarkWave Studio

[2012.04.15 08:25:39 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAZ 3D

[2012.06.05 09:27:26 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Deepnet Explorer

[2012.01.29 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Diercke Globus Online

[2012.01.05 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoft

[2012.01.05 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.03.19 18:52:36 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\FontCreator

[2012.04.06 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\gtk-2.0

[2012.03.05 01:41:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\IrfanView

[2012.01.06 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Music Editor Free

[2012.01.20 15:13:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OpenOffice.org

[2012.01.06 18:19:08 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Propellerhead Software

[2012.06.06 01:01:26 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Rovio

[2012.05.11 13:58:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SMART Technologies

[2012.05.11 13:18:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SMART Technologies Inc

[2012.03.19 16:29:35 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer

[2012.03.27 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TP

[2012.05.07 10:12:39 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent

[2011.12.25 01:02:22 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Virtual Desktop Manager

[2011.12.27 21:37:56 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\XMedia Recode

[2012.06.07 22:20:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\YourFileDownloader

[2009.07.14 07:08:49 | 000,024,468 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.05.11 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.smarttech-webinterface

[2012.02.17 20:18:28 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Ableton

[2012.01.24 16:16:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Adobe

[2011.12.25 10:52:49 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Atari

[2012.03.25 01:55:54 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Avira

[2011.12.27 15:44:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon

[2011.12.25 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Corel

[2012.04.13 09:33:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\CyberLink

[2012.06.05 09:25:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAPE

[2012.01.06 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DarkWave Studio

[2012.04.15 08:25:39 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAZ 3D

[2012.06.05 09:27:26 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Deepnet Explorer

[2012.01.29 17:12:42 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Diercke Globus Online

[2012.01.05 16:50:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoft

[2012.01.05 16:49:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.03.19 18:52:36 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\FontCreator

[2011.12.25 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Google

[2012.04.06 09:56:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\gtk-2.0

[2012.06.04 15:07:16 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HP

[2012.06.12 15:18:09 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HpUpdate

[2011.12.24 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Identities

[2011.12.24 20:59:29 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Intel

[2012.03.05 01:41:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\IrfanView

[2011.08.29 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Macromedia

[2012.06.08 17:29:47 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes

[2011.04.12 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Media Center Programs

[2012.05.21 22:06:22 | 000,000,000 | --SD | M] -- C:\Users\Steffen\AppData\Roaming\Microsoft

[2012.04.21 19:30:01 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Mozilla

[2012.01.06 18:10:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Music Editor Free

[2012.01.20 15:13:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OpenOffice.org

[2012.01.06 18:19:08 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Propellerhead Software

[2012.06.06 01:01:26 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Rovio

[2012.06.12 15:32:17 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Skype

[2012.05.11 13:58:07 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SMART Technologies

[2012.05.11 13:18:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SMART Technologies Inc

[2012.03.19 16:29:35 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer

[2012.03.27 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TP

[2012.05.07 10:12:39 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent

[2011.12.25 01:02:22 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Virtual Desktop Manager

[2012.01.17 15:38:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\vlc

[2011.12.27 21:38:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\WinRAR

[2011.12.27 21:37:56 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\XMedia Recode

[2012.06.04 14:57:29 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Yahoo!

[2012.06.07 22:20:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\YourFileDownloader

 
 < %APPDATA%\*.exe /s >

[2011.05.06 23:10:26 | 005,751,917 | ---- | M] (DAZ 3D) -- C:\Users\Steffen\AppData\Roaming\DAZ 3D\Studio4\Updater\AutoUpdate_Win.exe

[2011.08.29 21:22:05 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Steffen\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2008.06.06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll

[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Zusätzlich hat sich noch eine zweite txt-Datei geöffnet.
"extras.txt":

Code:

OTL Extras logfile created on: 12.06.2012 15:32:23 - Run 1

OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Steffen\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,91 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,91% Memory free

7,82 Gb Paging File | 5,58 Gb Available in Paging File | 71,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 414,66 Gb Total Space | 314,65 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

Drive D: | 48,00 Gb Total Space | 22,97 Gb Free Space | 47,86% Space Free | Partition Type: NTFS

 

Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06CF5950-813A-4453-8722-3A6C17AF1264}" = rport=138 | protocol=17 | dir=out | app=system | 

"{0ECE016A-B45F-4637-962E-FAE0A19A1CC7}" = lport=137 | protocol=17 | dir=in | app=system | 

"{223AC5E6-6A03-4834-B0AD-09607D65EFA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

"{23283979-DE5D-4DB8-9DE7-AA04AFBDFA86}" = rport=445 | protocol=6 | dir=out | app=system | 

"{35859EE3-1F9D-48DF-BEF4-3E7E3885DBFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3761D7EF-E131-493B-BE73-C8EBA1F7DC38}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{39469545-14F4-4FD5-917A-33DB2E8DEEC7}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{3C0B2058-85F1-46E2-AF71-F3CCB5C3827C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{462F8BDF-DE6C-4885-ABA9-C7557B37D597}" = lport=138 | protocol=17 | dir=in | app=system | 

"{49C9F1F1-CA15-491E-B976-ADE5CB8CB68B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{54C67E7E-AD32-40B8-BAA5-FA5B85F18AFF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5D729551-8EC6-49AD-8B3C-82E62C7F78BE}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5FE451D2-85D2-4EBC-B2F3-C688B8251F43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8C3CA34D-DA96-45BC-AC83-FC06D226D071}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A3989BE8-417C-4174-BCB2-22285BE203D6}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{C6E5C397-7738-4ABF-AF65-1FFE067211F4}" = rport=137 | protocol=17 | dir=out | app=system | 

"{C9521C06-2098-466E-AF1E-FF60112A7FE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CA131144-4747-46DF-B98A-DE79CDCE822D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D913D8A7-A31C-41CC-ABBA-1A5FF22817AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DA4EC65B-4310-4E9F-9EF3-FA5A884651CC}" = rport=139 | protocol=6 | dir=out | app=system | 

"{DCBC54D5-F135-4198-9E94-404D8352D21C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{EEA91603-CEE9-4FD4-A9CF-42F4CFB2ED22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{FD526DF1-FC6D-4E29-BECE-EAD2272DBB68}" = lport=445 | protocol=6 | dir=in | app=system | 

"{FF808A90-BDAD-4471-9959-892E3E9C625B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0677D5F1-7B0B-43C5-94A3-BCADF083841E}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 

"{09F5124E-E7B4-460D-87F3-727039314156}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{102A67E5-D70E-490C-875A-4D64BC7E770E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 

"{115113EE-812D-4B10-A42A-5C08DEB99645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1235F88F-5873-4A29-A430-6B6E3A29B8FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 

"{125B498B-6501-4524-A8A0-CBB1EF2AD22E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{1782B802-8AB6-4975-A5AA-BEBF41B427FA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{27F5591B-FCE3-4BD4-8FBC-BDAC52C160B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{2A420A18-C31C-4A74-AC63-A4CABF2884B6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{2C9C83D7-9B51-4D24-8B26-7D354D4D4F3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

"{307F7E7D-C80F-4FCB-9A13-C8F2E61AF32F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 

"{342DD51D-332D-4D2B-B85D-85D269D3BF22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{36555406-98D5-4572-B73E-5F4DB26113A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{382D2A49-FA72-43DA-AEB2-97DB5908D14B}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\ucgui.exe | 

"{3D05DC1D-14B3-44C4-8E2F-78D3195A02CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 

"{3DF98A40-E953-4D06-9510-ACFAA3B1ACD5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{3E692C96-ADEF-49B3-BD29-439689ADB381}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{40BE775A-043C-4C7F-BFAE-9EF1A2A98608}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 

"{41A99DDE-346B-4054-AA11-B00039575D93}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\smartsnmpagent.exe | 

"{42CB76E4-8552-403C-BE90-D06C1C6AF97F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 

"{456CD281-E4B5-46E0-A8EA-9BE2E967D732}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{4E4C4707-576D-4B60-945E-EF0D900A460B}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\sync teacher\smartsyncteacher.exe | 

"{4E7620C4-E3B9-4C6D-BA23-0773627283F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{4F392583-D15F-4BE7-974F-2C61784F4997}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 

"{50295BDF-D5B7-4230-A58E-F9F559462BFB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 

"{51927778-FCB9-411A-8208-51F52714A634}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 

"{571812FB-059F-4277-AAF4-123BD9C0F95C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{5C7E5FFC-E5EA-4B22-BAD1-FFE2B3E5BD39}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{5C9A2C05-1EF6-4317-93BE-9568CD997A25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{626D9AB9-3E7F-4EF6-A001-0F732CFDEE6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{628E2641-5AB2-4D5E-9FF0-1B1EA144FF30}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 

"{6459B069-7E7F-4991-8388-48EB4C348645}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{67D10B2E-4AA3-4211-97FB-C2494231915E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 

"{69249E7B-3FD4-4246-BE80-A3AD061B667F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{6C6558FD-5B19-46F1-BAF5-47483A6169CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{6F5C44EA-EB9A-4B30-AD5C-B9104E79D6FB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{6F9CBAD6-994D-4B90-8B07-14C3A1306C48}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{74752259-DE7C-4AE4-AED6-AFFC5CEC526B}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\responsesoftwareservice.exe | 

"{758121C1-DB3D-4359-B1AF-7BF743E4B6A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{77BB33BE-073D-4CF7-9839-5D1BF072460A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 

"{7B4AABDA-D002-4B63-802D-C5434B008922}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

"{7D504303-56A5-4C39-A216-334DAF0BF722}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 

"{7F3B9890-9456-40A8-931E-45D7462A5B19}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\smartsnmpagent.exe | 

"{80387C7A-B6A9-4A61-A68B-C68C57C7F8E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{8519A3B6-4E59-4484-A49B-2BE57FD5C263}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{873CD870-BE3D-43CE-ABF2-541FB96272FA}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\ucgui.exe | 

"{8C6E86C3-64D9-4E5B-B5B1-24FA8006EC02}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\sync teacher\smartsyncteacher.exe | 

"{8D6D02E0-8BC4-45AB-B431-4AFB22DEDE27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 

"{8DAD4B0E-FB82-4BC8-8E0A-858E0EA34A03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 

"{8DEE1593-7C48-4810-B200-C3B4225FE34C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 

"{933C69FE-47FC-47C1-8D55-B4305C74135B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{9DF81431-4AA0-44C0-87AF-E85A9D0BE9A0}" = protocol=6 | dir=out | app=system | 

"{A197BA65-EB0E-426C-9548-5D6F457F3897}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{A288C15F-168E-483D-BC60-76170E949EA6}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\ucservice.exe | 

"{A4EA3732-75CA-44EA-9EF4-90C8B1CB6277}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{A4FD2F88-972E-475F-BA32-ECD15263C040}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{A5B2F2CA-FC55-42B2-BEE1-BD8808914056}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AD96EEB2-E4FB-40FE-9EFA-73219EA52234}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{ADBC44FA-2861-4BE6-81F3-6614C6469160}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 

"{AE401108-9DE7-42C6-A157-6293C1EBBC3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{B41C00E5-90FF-49C4-BEC1-C1D028B51DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 

"{B6882103-DE33-46CD-AA6D-7E30CE466103}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 

"{B7540BA8-96E1-4C7D-AC1E-F77F5382B5E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 

"{BDEA93E5-68BF-4F29-BD0B-484CBB5135A4}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\ucservice.exe | 

"{C6940175-44CD-4E7F-8DF4-722948CAD158}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 

"{CA34BA2A-FF7A-464E-BD45-DACA8DB32DE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{CB1B34C8-5C7B-4AAF-9018-41EACA197D52}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{CC25B63B-9520-40FD-98F7-CADCD7EA94EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{CF8310A0-A577-482B-A1C6-D1278D407676}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 

"{D232759F-B17C-4D96-9600-86026FE7D616}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 

"{D3B5E4CE-C121-45B2-873A-034680DF65B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{D7C4B99E-5FCB-43DA-8015-F16D283CFCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 

"{DB583E4D-F85C-4C2D-91D1-5622F8F04A86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 

"{DE36118D-A6C8-4722-81CA-2ED10727FD93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{E0DBDF2C-C011-49B0-B392-D0BE9246977C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E15E54B1-2D6F-4832-8A5C-8FEA223EC5DD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{E443B122-7B80-4EDB-B9B2-29E0A6511385}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E531BB07-D14C-4087-B373-69940AD83C4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 

"{EEA3EB4E-8F05-47FA-B413-54BAF9A7653D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{EEE67B23-FD34-4474-8A95-D40C48A0F371}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

"{F27DF36D-A82D-45B9-BE10-9ECC049DE0A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 

"{F8C222CE-1D8D-4144-99ED-A5EB06C02DCC}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\responsesoftwareservice.exe | 

"{FC9C431D-6209-437F-A5C4-B599DD9E1772}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{0251E9AA-2C33-4B87-8A05-8D9C12BCE03D}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 

"TCP Query User{D3377461-5BCC-4944-9EE8-496C565F0F80}C:\program files (x86)\smart technologies\classroom teacher\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\smartsnmpagent.exe | 

"TCP Query User{F932348D-9260-403E-8A61-3C74FCB6ABFF}C:\program files (x86)\rockstar games\midnight club ii\mc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\midnight club ii\mc2.exe | 

"UDP Query User{38B5F67F-7669-484B-B9EC-DC50E918FDFC}C:\program files (x86)\rockstar games\midnight club ii\mc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\midnight club ii\mc2.exe | 

"UDP Query User{46A104A3-342E-424F-8A31-558BCC254C24}C:\program files (x86)\smart technologies\classroom teacher\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\classroom teacher\smartsnmpagent.exe | 

"UDP Query User{6A82D7FE-34D5-469C-9A71-0BB8095D9A5B}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources

"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)

"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources

"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software

"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources

"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources

"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010

"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{D3836C5E-6824-4C9F-9B45-09C989B13EF6}" = VR-pulse Installer

"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)

"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CNXT_AUDIO_HDA" = Conexant HD Audio

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"ProInst" = Intel PROSet Wireless

"RmTablet" = Tablet Driver With Macrokey Manager

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5

"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger

"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common

"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail

"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan

"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26

"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data

"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader

"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger

"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help

"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz

"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live

"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live

"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials

"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common

"{8537166B-40F4-4FAE-BAC5-454A4DD773B7}" = Power Presenter RE II

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw

"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3

"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B14EF863-8E62-4577-99E3-5B8C358E8D0F}" = SMART Classroom Suite Teacher

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CCD3F3D0-C85A-4BB7-ADDA-CA68019631D5}" = Angry Birds Seasons

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker

"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer

"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES

"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger

"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F3856E7C-AD71-48E1-9A95-6D7E7FCB164A}" = Midnight Club II

"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb

"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AmUStor" = Alcor Micro USB Card Reader

"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer

"Ashampoo Snap_is1" = Ashampoo Snap

"Avira AntiVir Desktop" = Avira Free Antivirus

"Bryce 7.1 7.1.0.109" = Bryce 7.1

"DarkWave Studio" = DarkWave Studio 3.7.7

"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service

"DAZ Studio 4 (64bit) 4.0.3.47" = DAZ Studio 4 (64bit)

"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer

"DS4 Default Content 4.0.0.19" = DS4 Default Content

"Electronic Piano 2.5_is1" = Electronic Piano 2.5

"ESET Online Scanner" = ESET Online Scanner v3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228

"Google Chrome" = Google Chrome

"Hexagon 2 2.5.1.79" = Hexagon 2

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"IrfanView" = IrfanView (remove only)

"Live 8.2.2" = Live 8.2.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)

"myMugle3.0.0.0" = myMugle

"ProInst" = Intel PROSet Wireless

"TeamViewer 7" = TeamViewer 7

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-Bit)

"XMedia Recode" = XMedia Recode 3.0.6.0

"Yahoo! Companion" = Yahoo! Toolbar

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ExpressFiles" = ExpressFiles

"Uncompressor" = Uncompressor

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12.06.2012 04:08:00 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Steffen\Downloads\exe

 und setups\SoftonicDownloader_fuer_deepnet-explorer.exe". Fehler in  Manifest- oder

 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 12.06.2012 04:08:00 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Steffen\Downloads\exe

 und setups\SoftonicDownloader_fuer_ideas.exe". Fehler in  Manifest- oder Richtliniendatei

 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt

 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.

Komponente

 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 12.06.2012 06:56:14 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Steffen\Desktop\esetsmartinstaller_deu.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 12.06.2012 07:16:14 | Computer Name = Steffen-PC | Source = System Restore | ID = 8193

Description = 

 

Error - 12.06.2012 07:16:24 | Computer Name = Steffen-PC | Source = System Restore | ID = 8193

Description = 

 

Error - 12.06.2012 07:23:28 | Computer Name = Steffen-PC | Source = System Restore | ID = 8193

Description = 

 

Error - 12.06.2012 07:23:29 | Computer Name = Steffen-PC | Source = Microsoft Office 14 | ID = 5000

Description = EventType office12setup, P1 {10140000-0f00-0000-0000--0000000ff1ce},

 P2 14.0.4755.1000, P3 x, P4 unexpectederror, P5 office32.ww_office32ww.xml, P6 

x, P7 x, P8 NIL, P9 NIL, P10 NIL.

 

Error - 12.06.2012 08:40:11 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Steffen\Desktop\esetsmartinstaller_deu.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 12.06.2012 09:07:23 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Steffen\Desktop\esetsmartinstaller_deu.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 12.06.2012 09:17:29 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,

 Zeitstempel: 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000295c2

ID

 des fehlerhaften Prozesses: 0xf40  Startzeit der fehlerhaften Anwendung: 0x01cd489c3e90e081

Pfad

 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften

 Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: f5a24ed2-b490-11e1-bfe2-386077738e74

 

[ System Events ]

Error - 12.06.2012 09:02:52 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 12.06.2012 09:02:52 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 12.06.2012 09:02:52 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 12.06.2012 09:08:31 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Media Player-Netzwerkfreigabedienst erreicht.

 

Error - 12.06.2012 09:08:31 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund

 folgenden Fehlers nicht gestartet:   %%1053

 

Error - 12.06.2012 09:09:01 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Media Player-Netzwerkfreigabedienst erreicht.

 

Error - 12.06.2012 09:09:01 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund

 folgenden Fehlers nicht gestartet:   %%1053

 

Error - 12.06.2012 09:09:42 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

 

Error - 12.06.2012 09:20:54 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 watchmi service erreicht.

 

Error - 12.06.2012 09:20:54 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=f2d3d60c00000000000078929c4e2633

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2571331456-2068494994-131038660-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_7_&babsrc=SP_ss&mntrId=f2d3d60c00000000000078929c4e2633

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=f2d3d60c00000000000078929c4e2633"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=KW_ss&mntrId=f2d3d60c00000000000078929c4e2633&q="

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

[2012.06.07 22:21:13 | 000,000,250 | ---- | C] () -- C:\user.js

[2011.12.27 15:44:58 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon
 

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

alles erledigt, hier der log

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-2571331456-2068494994-131038660-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2571331456-2068494994-131038660-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.

HKEY_USERS\S-1-5-21-2571331456-2068494994-131038660-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2571331456-2068494994-131038660-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine

Prefs.js: "hxxp://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=HP_ss&mntrId=f2d3d60c00000000000078929c4e2633" removed from browser.startup.homepage

Prefs.js: "hxxp://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=KW_ss&mntrId=f2d3d60c00000000000078929c4e2633&q=" removed from keyword.URL

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

C:\user.js moved successfully.

C:\Users\Steffen\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Steffen

->Temp folder emptied: 2365260638 bytes

->Temporary Internet Files folder emptied: 46310501 bytes

->Java cache emptied: 30975635 bytes

->FireFox cache emptied: 47399829 bytes

->Google Chrome cache emptied: 203645519 bytes

->Flash cache emptied: 92969 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 256990520 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 2.814,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Steffen

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.48.0 log created on 06132012_001551
 

Files\Folders moved on Reboot...

C:\Users\Steffen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\master33041 moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

tdss-log:

Code:

10:35:40.0143 1800        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

10:35:40.0689 1800        ============================================================

10:35:40.0689 1800        Current date / time: 2012/06/13 10:35:40.0689

10:35:40.0689 1800        SystemInfo:

10:35:40.0689 1800        

10:35:40.0689 1800        OS Version: 6.1.7601 ServicePack: 1.0

10:35:40.0689 1800        Product type: Workstation

10:35:40.0689 1800        ComputerName: STEFFEN-PC

10:35:40.0689 1800        UserName: Steffen

10:35:40.0689 1800        Windows directory: C:\Windows

10:35:40.0689 1800        System windows directory: C:\Windows

10:35:40.0689 1800        Running under WOW64

10:35:40.0689 1800        Processor architecture: Intel x64

10:35:40.0689 1800        Number of processors: 2

10:35:40.0689 1800        Page size: 0x1000

10:35:40.0689 1800        Boot type: Normal boot

10:35:40.0689 1800        ============================================================

10:35:41.0329 1800        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:35:41.0329 1800        ============================================================

10:35:41.0329 1800        \Device\Harddisk0\DR0:

10:35:41.0329 1800        MBR partitions:

10:35:41.0329 1800        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:35:41.0329 1800        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x33D53800

10:35:41.0360 1800        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33D86800, BlocksNum 0x5FFE000

10:35:41.0407 1800        ============================================================

10:35:41.0454 1800        C: <-> \Device\Harddisk0\DR0\Partition1

10:35:41.0500 1800        D: <-> \Device\Harddisk0\DR0\Partition2

10:35:41.0500 1800        ============================================================

10:35:41.0500 1800        Initialize success

10:35:41.0500 1800        ============================================================

10:35:45.0260 5188        ============================================================

10:35:45.0260 5188        Scan started

10:35:45.0260 5188        Mode: Manual; 

10:35:45.0260 5188        ============================================================

10:35:47.0335 5188        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:35:47.0335 5188        1394ohci - ok

10:35:47.0382 5188        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:35:47.0397 5188        ACPI - ok

10:35:47.0428 5188        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:35:47.0428 5188        AcpiPmi - ok

10:35:47.0584 5188        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:35:47.0584 5188        AdobeARMservice - ok

10:35:47.0740 5188        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:35:47.0740 5188        AdobeFlashPlayerUpdateSvc - ok

10:35:47.0818 5188        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:35:47.0834 5188        adp94xx - ok

10:35:47.0865 5188        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:35:47.0865 5188        adpahci - ok

10:35:47.0912 5188        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:35:47.0912 5188        adpu320 - ok

10:35:47.0928 5188        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:35:47.0928 5188        AeLookupSvc - ok

10:35:47.0990 5188        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:35:48.0006 5188        AFD - ok

10:35:48.0052 5188        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:35:48.0052 5188        agp440 - ok

10:35:48.0084 5188        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:35:48.0084 5188        ALG - ok

10:35:48.0130 5188        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:35:48.0130 5188        aliide - ok

10:35:48.0162 5188        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:35:48.0162 5188        amdide - ok

10:35:48.0193 5188        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:35:48.0193 5188        AmdK8 - ok

10:35:48.0224 5188        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:35:48.0224 5188        AmdPPM - ok

10:35:48.0255 5188        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:35:48.0255 5188        amdsata - ok

10:35:48.0302 5188        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:35:48.0302 5188        amdsbs - ok

10:35:48.0318 5188        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:35:48.0318 5188        amdxata - ok

10:35:48.0364 5188        AmUStor         (08d51900c07bae4f1fc82fc669b99b79) C:\Windows\system32\drivers\AmUStor.SYS

10:35:48.0364 5188        AmUStor - ok

10:35:48.0583 5188        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

10:35:48.0583 5188        AntiVirSchedulerService - ok

10:35:48.0630 5188        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

10:35:48.0630 5188        AntiVirService - ok

10:35:48.0676 5188        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:35:48.0676 5188        AppID - ok

10:35:48.0708 5188        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:35:48.0708 5188        AppIDSvc - ok

10:35:48.0708 5188        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:35:48.0723 5188        Appinfo - ok

10:35:48.0754 5188        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:35:48.0754 5188        arc - ok

10:35:48.0770 5188        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:35:48.0770 5188        arcsas - ok

10:35:48.0848 5188        ASLDRService    (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe

10:35:48.0848 5188        ASLDRService - ok

10:35:48.0879 5188        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:35:48.0879 5188        AsyncMac - ok

10:35:48.0910 5188        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:35:48.0910 5188        atapi - ok

10:35:48.0957 5188        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:35:48.0988 5188        AudioEndpointBuilder - ok

10:35:48.0988 5188        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:35:48.0988 5188        AudioSrv - ok

10:35:49.0035 5188        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

10:35:49.0035 5188        avgntflt - ok

10:35:49.0098 5188        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

10:35:49.0098 5188        avipbb - ok

10:35:49.0144 5188        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

10:35:49.0144 5188        avkmgr - ok

10:35:49.0207 5188        AVP             (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

10:35:49.0222 5188        AVP - ok

10:35:49.0285 5188        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:35:49.0285 5188        AxInstSV - ok

10:35:49.0300 5188        Scan interrupted by user!

10:35:49.0300 5188        Scan interrupted by user!

10:35:49.0300 5188        Scan interrupted by user!

10:35:49.0300 5188        ============================================================

10:35:49.0300 5188        Scan finished

10:35:49.0300 5188        ============================================================

10:35:49.0300 3524        Detected object count: 0

10:35:49.0300 3524        Actual detected object count: 0

10:35:59.0175 5428        ============================================================

10:35:59.0175 5428        Scan started

10:35:59.0175 5428        Mode: Manual; SigCheck; TDLFS; 

10:35:59.0175 5428        ============================================================

10:35:59.0331 5428        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:35:59.0472 5428        1394ohci - ok

10:35:59.0518 5428        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:35:59.0534 5428        ACPI - ok

10:35:59.0550 5428        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:35:59.0659 5428        AcpiPmi - ok

10:35:59.0721 5428        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:35:59.0737 5428        AdobeARMservice - ok

10:35:59.0830 5428        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:35:59.0846 5428        AdobeFlashPlayerUpdateSvc - ok

10:35:59.0893 5428        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:35:59.0924 5428        adp94xx - ok

10:35:59.0955 5428        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:35:59.0986 5428        adpahci - ok

10:36:00.0018 5428        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:36:00.0033 5428        adpu320 - ok

10:36:00.0064 5428        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:36:00.0220 5428        AeLookupSvc - ok

10:36:00.0283 5428        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:36:00.0330 5428        AFD - ok

10:36:00.0361 5428        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:36:00.0376 5428        agp440 - ok

10:36:00.0408 5428        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:36:00.0454 5428        ALG - ok

10:36:00.0501 5428        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:36:00.0517 5428        aliide - ok

10:36:00.0548 5428        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:36:00.0564 5428        amdide - ok

10:36:00.0595 5428        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:36:00.0626 5428        AmdK8 - ok

10:36:00.0657 5428        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:36:00.0688 5428        AmdPPM - ok

10:36:00.0704 5428        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:36:00.0720 5428        amdsata - ok

10:36:00.0766 5428        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:36:00.0782 5428        amdsbs - ok

10:36:00.0798 5428        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:36:00.0813 5428        amdxata - ok

10:36:00.0860 5428        AmUStor         (08d51900c07bae4f1fc82fc669b99b79) C:\Windows\system32\drivers\AmUStor.SYS

10:36:00.0907 5428        AmUStor - ok

10:36:01.0110 5428        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

10:36:01.0141 5428        AntiVirSchedulerService - ok

10:36:01.0188 5428        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

10:36:01.0188 5428        AntiVirService - ok

10:36:01.0234 5428        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:36:01.0406 5428        AppID - ok

10:36:01.0422 5428        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:36:01.0484 5428        AppIDSvc - ok

10:36:01.0500 5428        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:36:01.0578 5428        Appinfo - ok

10:36:01.0624 5428        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:36:01.0640 5428        arc - ok

10:36:01.0671 5428        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:36:01.0687 5428        arcsas - ok

10:36:01.0734 5428        ASLDRService    (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe

10:36:01.0765 5428        ASLDRService - ok

10:36:01.0796 5428        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:36:01.0858 5428        AsyncMac - ok

10:36:01.0890 5428        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:36:01.0905 5428        atapi - ok

10:36:01.0952 5428        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:36:02.0030 5428        AudioEndpointBuilder - ok

10:36:02.0046 5428        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:36:02.0092 5428        AudioSrv - ok

10:36:02.0124 5428        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

10:36:02.0139 5428        avgntflt - ok

10:36:02.0170 5428        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

10:36:02.0170 5428        avipbb - ok

10:36:02.0186 5428        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

10:36:02.0202 5428        avkmgr - ok

10:36:02.0295 5428        AVP             (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

10:36:02.0311 5428        AVP - ok

10:36:02.0342 5428        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:36:02.0451 5428        AxInstSV - ok

10:36:02.0498 5428        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:36:02.0560 5428        b06bdrv - ok

10:36:02.0592 5428        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:36:02.0638 5428        b57nd60a - ok

10:36:02.0685 5428        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:36:02.0716 5428        BDESVC - ok

10:36:02.0763 5428        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:36:02.0826 5428        Beep - ok

10:36:02.0919 5428        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:36:02.0997 5428        BFE - ok

10:36:03.0060 5428        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:36:03.0153 5428        BITS - ok

10:36:03.0200 5428        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

10:36:03.0247 5428        blbdrive - ok

10:36:03.0294 5428        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:36:03.0340 5428        bowser - ok

10:36:03.0387 5428        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:36:03.0418 5428        BrFiltLo - ok

10:36:03.0434 5428        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:36:03.0465 5428        BrFiltUp - ok

10:36:03.0481 5428        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:36:03.0559 5428        Browser - ok

10:36:03.0621 5428        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:36:03.0668 5428        Brserid - ok

10:36:03.0684 5428        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:36:03.0730 5428        BrSerWdm - ok

10:36:03.0777 5428        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:36:03.0808 5428        BrUsbMdm - ok

10:36:03.0855 5428        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:36:03.0886 5428        BrUsbSer - ok

10:36:03.0918 5428        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:36:03.0964 5428        BTHMODEM - ok

10:36:04.0011 5428        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:36:04.0058 5428        bthserv - ok

10:36:04.0120 5428        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:36:04.0167 5428        cdfs - ok

10:36:04.0214 5428        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:36:04.0261 5428        cdrom - ok

10:36:04.0308 5428        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:36:04.0386 5428        CertPropSvc - ok

10:36:04.0448 5428        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:36:04.0495 5428        circlass - ok

10:36:04.0557 5428        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:36:04.0588 5428        CLFS - ok

10:36:04.0651 5428        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:36:04.0651 5428        clr_optimization_v2.0.50727_32 - ok

10:36:04.0713 5428        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:36:04.0713 5428        clr_optimization_v2.0.50727_64 - ok

10:36:04.0822 5428        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:36:04.0838 5428        clr_optimization_v4.0.30319_32 - ok

10:36:04.0869 5428        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:36:04.0885 5428        clr_optimization_v4.0.30319_64 - ok

10:36:04.0932 5428        clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

10:36:04.0947 5428        clwvd - ok

10:36:04.0994 5428        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

10:36:05.0025 5428        CmBatt - ok

10:36:05.0056 5428        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:36:05.0072 5428        cmdide - ok

10:36:05.0119 5428        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:36:05.0181 5428        CNG - ok

10:36:05.0290 5428        CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\Windows\system32\drivers\CHDRT64.sys

10:36:05.0353 5428        CnxtHdAudService - ok

10:36:05.0478 5428        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

10:36:05.0493 5428        Compbatt - ok

10:36:05.0524 5428        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:36:05.0571 5428        CompositeBus - ok

10:36:05.0587 5428        COMSysApp - ok

10:36:05.0618 5428        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:36:05.0618 5428        crcdisk - ok

10:36:05.0680 5428        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

10:36:05.0743 5428        CryptSvc - ok

10:36:05.0790 5428        CxAudMsg        (f160b26b26ba4afe8cecc12ed5ac231e) C:\Windows\system32\CxAudMsg64.exe

10:36:05.0805 5428        CxAudMsg - ok

10:36:05.0946 5428        DAZContentManagementService (958ef96991abccfdac0953c4a24081dc) C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe

10:36:05.0961 5428        DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning

10:36:05.0961 5428        DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)

10:36:06.0024 5428        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:36:06.0133 5428        DcomLaunch - ok

10:36:06.0180 5428        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:36:06.0258 5428        defragsvc - ok

10:36:06.0289 5428        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:36:06.0351 5428        DfsC - ok

10:36:06.0414 5428        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:36:06.0460 5428        Dhcp - ok

10:36:06.0476 5428        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:36:06.0523 5428        discache - ok

10:36:06.0585 5428        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:36:06.0601 5428        Disk - ok

10:36:06.0648 5428        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:36:06.0694 5428        Dnscache - ok

10:36:06.0757 5428        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:36:06.0819 5428        dot3svc - ok

10:36:06.0913 5428        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

10:36:06.0928 5428        Dot4 - ok

10:36:06.0975 5428        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

10:36:07.0084 5428        Dot4Print - ok

10:36:07.0147 5428        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

10:36:07.0178 5428        dot4usb - ok

10:36:07.0209 5428        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:36:07.0272 5428        DPS - ok

10:36:07.0334 5428        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:36:07.0381 5428        drmkaud - ok

10:36:07.0443 5428        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:36:07.0490 5428        DXGKrnl - ok

10:36:07.0521 5428        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:36:07.0584 5428        EapHost - ok

10:36:07.0724 5428        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:36:07.0833 5428        ebdrv - ok

10:36:07.0942 5428        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:36:07.0989 5428        EFS - ok

10:36:08.0067 5428        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:36:08.0145 5428        ehRecvr - ok

10:36:08.0161 5428        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:36:08.0223 5428        ehSched - ok

10:36:08.0301 5428        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:36:08.0332 5428        elxstor - ok

10:36:08.0364 5428        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:36:08.0395 5428        ErrDev - ok

10:36:08.0442 5428        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:36:08.0504 5428        EventSystem - ok

10:36:08.0691 5428        EvtEng          (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

10:36:08.0769 5428        EvtEng - ok

10:36:08.0910 5428        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:36:08.0956 5428        exfat - ok

10:36:08.0988 5428        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:36:09.0050 5428        fastfat - ok

10:36:09.0128 5428        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:36:09.0190 5428        Fax - ok

10:36:09.0222 5428        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

10:36:09.0268 5428        fdc - ok

10:36:09.0300 5428        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:36:09.0362 5428        fdPHost - ok

10:36:09.0362 5428        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:36:09.0440 5428        FDResPub - ok

10:36:09.0487 5428        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:36:09.0502 5428        FileInfo - ok

10:36:09.0518 5428        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:36:09.0580 5428        Filetrace - ok

10:36:09.0612 5428        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:36:09.0643 5428        flpydisk - ok

10:36:09.0674 5428        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:36:09.0690 5428        FltMgr - ok

10:36:09.0768 5428        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:36:09.0846 5428        FontCache - ok

10:36:09.0924 5428        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:36:09.0939 5428        FontCache3.0.0.0 - ok

10:36:09.0986 5428        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:36:10.0002 5428        FsDepends - ok

10:36:10.0048 5428        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:36:10.0064 5428        Fs_Rec - ok

10:36:10.0111 5428        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:36:10.0126 5428        fvevol - ok

10:36:10.0158 5428        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:36:10.0173 5428        gagp30kx - ok

10:36:10.0314 5428        GFNEXSrv        (ba9051d3745fa546de3660f5f2ef84a5) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

10:36:10.0345 5428        GFNEXSrv - ok

10:36:10.0438 5428        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:36:10.0579 5428        gpsvc - ok

10:36:10.0672 5428        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:36:10.0704 5428        gupdate - ok

10:36:10.0719 5428        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:36:10.0750 5428        gupdatem - ok

10:36:10.0782 5428        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

10:36:10.0797 5428        gusvc - ok

10:36:10.0860 5428        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:36:10.0938 5428        hcw85cir - ok

10:36:11.0016 5428        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:36:11.0094 5428        HdAudAddService - ok

10:36:11.0156 5428        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:36:11.0203 5428        HDAudBus - ok

10:36:11.0234 5428        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:36:11.0265 5428        HidBatt - ok

10:36:11.0296 5428        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:36:11.0359 5428        HidBth - ok

10:36:11.0406 5428        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:36:11.0437 5428        HidIr - ok

10:36:11.0468 5428        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:36:11.0546 5428        hidserv - ok

10:36:11.0593 5428        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:36:11.0624 5428        HidUsb - ok

10:36:11.0671 5428        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:36:11.0733 5428        hkmsvc - ok

10:36:11.0764 5428        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:36:11.0811 5428        HomeGroupListener - ok

10:36:11.0858 5428        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:36:11.0920 5428        HomeGroupProvider - ok

10:36:12.0248 5428        hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

10:36:12.0310 5428        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

10:36:12.0310 5428        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

10:36:12.0357 5428        hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

10:36:12.0404 5428        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

10:36:12.0404 5428        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

10:36:12.0451 5428        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:36:12.0482 5428        HpSAMD - ok

10:36:12.0607 5428        HPSLPSVC        (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

10:36:12.0669 5428        HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

10:36:12.0669 5428        HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

10:36:12.0747 5428        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:36:12.0888 5428        HTTP - ok

10:36:12.0903 5428        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:36:12.0919 5428        hwpolicy - ok

10:36:12.0950 5428        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:36:12.0997 5428        i8042prt - ok

10:36:13.0059 5428        iaStor          (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys

10:36:13.0075 5428        iaStor - ok

10:36:13.0215 5428        IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

10:36:13.0246 5428        IAStorDataMgrSvc - ok

10:36:13.0309 5428        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:36:13.0387 5428        iaStorV - ok

10:36:13.0527 5428        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:36:13.0621 5428        idsvc - ok

10:36:14.0354 5428        igfx            (10bb0dc3361c9420cc1b0b2128bb89db) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:36:14.0806 5428        igfx - ok

10:36:14.0962 5428        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:36:14.0994 5428        iirsp - ok

10:36:15.0087 5428        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:36:15.0228 5428        IKEEXT - ok

10:36:15.0306 5428        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

10:36:15.0368 5428        IntcDAud - ok

10:36:15.0415 5428        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:36:15.0430 5428        intelide - ok

10:36:15.0477 5428        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:36:15.0524 5428        intelppm - ok

10:36:15.0555 5428        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:36:15.0680 5428        IPBusEnum - ok

10:36:15.0696 5428        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:36:15.0758 5428        IpFilterDriver - ok

10:36:15.0820 5428        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:36:15.0961 5428        iphlpsvc - ok

10:36:16.0008 5428        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:36:16.0039 5428        IPMIDRV - ok

10:36:16.0070 5428        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:36:16.0117 5428        IPNAT - ok

10:36:16.0132 5428        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:36:16.0164 5428        IRENUM - ok

10:36:16.0164 5428        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:36:16.0179 5428        isapnp - ok

10:36:16.0226 5428        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:36:16.0288 5428        iScsiPrt - ok

10:36:16.0304 5428        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:36:16.0320 5428        kbdclass - ok

10:36:16.0351 5428        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:36:16.0398 5428        kbdhid - ok

10:36:16.0429 5428        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:16.0460 5428        KeyIso - ok

10:36:16.0554 5428        KL1             (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys

10:36:16.0616 5428        KL1 - ok

10:36:16.0647 5428        kl2             (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys

10:36:16.0663 5428        kl2 - ok

10:36:16.0725 5428        KLIF            (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys

10:36:16.0756 5428        KLIF - ok

10:36:16.0803 5428        KLIM6           (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys

10:36:16.0819 5428        KLIM6 - ok

10:36:16.0850 5428        klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys

10:36:16.0881 5428        klmouflt - ok

10:36:16.0928 5428        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:36:16.0975 5428        KSecDD - ok

10:36:17.0006 5428        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:36:17.0022 5428        KSecPkg - ok

10:36:17.0053 5428        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:36:17.0131 5428        ksthunk - ok

10:36:17.0178 5428        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:36:17.0318 5428        KtmRm - ok

10:36:17.0365 5428        L1C             (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys

10:36:17.0396 5428        L1C - ok

10:36:17.0443 5428        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:36:17.0552 5428        LanmanServer - ok

10:36:17.0599 5428        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:36:17.0692 5428        LanmanWorkstation - ok

10:36:17.0724 5428        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:36:17.0833 5428        lltdio - ok

10:36:17.0895 5428        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:36:17.0973 5428        lltdsvc - ok

10:36:17.0989 5428        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:36:18.0036 5428        lmhosts - ok

10:36:18.0207 5428        LMS             (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

10:36:18.0254 5428        LMS - ok

10:36:18.0332 5428        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:36:18.0363 5428        LSI_FC - ok

10:36:18.0379 5428        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:36:18.0410 5428        LSI_SAS - ok

10:36:18.0441 5428        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:36:18.0472 5428        LSI_SAS2 - ok

10:36:18.0488 5428        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:36:18.0519 5428        LSI_SCSI - ok

10:36:18.0535 5428        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:36:18.0597 5428        luafv - ok

10:36:18.0691 5428        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

10:36:18.0722 5428        MBAMProtector - ok

10:36:18.0831 5428        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:36:18.0878 5428        MBAMService - ok

10:36:18.0925 5428        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:36:18.0972 5428        Mcx2Svc - ok

10:36:19.0018 5428        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:36:19.0034 5428        megasas - ok

10:36:19.0081 5428        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:36:19.0112 5428        MegaSR - ok

10:36:19.0159 5428        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

10:36:19.0174 5428        MEIx64 - ok

10:36:19.0502 5428        Microsoft SharePoint Workspace Audit Service - ok

10:36:19.0533 5428        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:36:19.0642 5428        MMCSS - ok

10:36:19.0658 5428        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:36:19.0736 5428        Modem - ok

10:36:19.0752 5428        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:36:19.0798 5428        monitor - ok

10:36:19.0830 5428        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:36:19.0845 5428        mouclass - ok

10:36:19.0923 5428        moufiltr        (21b7acea1bb49c3371dd5427bf309d6a) C:\Windows\system32\DRIVERS\moufiltr.sys

10:36:19.0986 5428        moufiltr - ok

10:36:20.0032 5428        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:36:20.0079 5428        mouhid - ok

10:36:20.0126 5428        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:36:20.0157 5428        mountmgr - ok

10:36:20.0204 5428        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:36:20.0235 5428        mpio - ok

10:36:20.0251 5428        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:36:20.0329 5428        mpsdrv - ok

10:36:20.0407 5428        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:36:20.0516 5428        MpsSvc - ok

10:36:20.0547 5428        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:36:20.0594 5428        MRxDAV - ok

10:36:20.0625 5428        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:36:20.0688 5428        mrxsmb - ok

10:36:20.0734 5428        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:36:20.0812 5428        mrxsmb10 - ok

10:36:20.0828 5428        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:36:20.0890 5428        mrxsmb20 - ok

10:36:20.0922 5428        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:36:20.0953 5428        msahci - ok

10:36:20.0984 5428        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:36:21.0000 5428        msdsm - ok

10:36:21.0046 5428        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:36:21.0093 5428        MSDTC - ok

10:36:21.0124 5428        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:36:21.0171 5428        Msfs - ok

10:36:21.0187 5428        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:36:21.0234 5428        mshidkmdf - ok

10:36:21.0265 5428        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:36:21.0280 5428        msisadrv - ok

10:36:21.0343 5428        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:36:21.0421 5428        MSiSCSI - ok

10:36:21.0421 5428        msiserver - ok

10:36:21.0452 5428        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:36:21.0499 5428        MSKSSRV - ok

10:36:21.0514 5428        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:36:21.0546 5428        MSPCLOCK - ok

10:36:21.0561 5428        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:36:21.0608 5428        MSPQM - ok

10:36:21.0639 5428        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:36:21.0686 5428        MsRPC - ok

10:36:21.0702 5428        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:36:21.0733 5428        mssmbios - ok

10:36:21.0748 5428        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:36:21.0826 5428        MSTEE - ok

10:36:21.0858 5428        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:36:21.0889 5428        MTConfig - ok

10:36:21.0920 5428        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:36:21.0936 5428        Mup - ok

10:36:22.0076 5428        MyWiFiDHCPDNS   (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

10:36:22.0107 5428        MyWiFiDHCPDNS - ok

10:36:22.0170 5428        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:36:22.0294 5428        napagent - ok

10:36:22.0372 5428        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:36:22.0450 5428        NativeWifiP - ok

10:36:22.0560 5428        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:36:22.0638 5428        NDIS - ok

10:36:22.0669 5428        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:36:22.0762 5428        NdisCap - ok

10:36:22.0809 5428        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:36:22.0903 5428        NdisTapi - ok

10:36:22.0934 5428        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:36:23.0012 5428        Ndisuio - ok

10:36:23.0043 5428        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:36:23.0090 5428        NdisWan - ok

10:36:23.0106 5428        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:36:23.0137 5428        NDProxy - ok

10:36:23.0215 5428        Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

10:36:23.0246 5428        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

10:36:23.0246 5428        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

10:36:23.0293 5428        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:36:23.0386 5428        NetBIOS - ok

10:36:23.0418 5428        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:36:23.0464 5428        NetBT - ok

10:36:23.0511 5428        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:23.0527 5428        Netlogon - ok

10:36:23.0589 5428        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:36:23.0745 5428        Netman - ok

10:36:23.0808 5428        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:36:23.0932 5428        netprofm - ok

10:36:24.0010 5428        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:36:24.0042 5428        NetTcpPortSharing - ok

10:36:24.0572 5428        NETwNs64        (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys

10:36:24.0822 5428        NETwNs64 - ok

10:36:24.0978 5428        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:36:25.0009 5428        nfrd960 - ok

10:36:25.0071 5428        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:36:25.0134 5428        NlaSvc - ok

10:36:25.0165 5428        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:36:25.0274 5428        Npfs - ok

10:36:25.0290 5428        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:36:25.0368 5428        nsi - ok

10:36:25.0383 5428        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:36:25.0430 5428        nsiproxy - ok

10:36:25.0555 5428        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:36:25.0664 5428        Ntfs - ok

10:36:25.0789 5428        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:36:25.0882 5428        Null - ok

10:36:25.0929 5428        nusb3hub        (01266516e6e88d183a2b58722eeb4443) C:\Windows\system32\drivers\nusb3hub.sys

10:36:25.0992 5428        nusb3hub - ok

10:36:26.0038 5428        nusb3xhc        (5ec04f55cc5f165f21752712437df638) C:\Windows\system32\drivers\nusb3xhc.sys

10:36:26.0101 5428        nusb3xhc - ok

10:36:26.0163 5428        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:36:26.0194 5428        nvraid - ok

10:36:26.0241 5428        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:36:26.0257 5428        nvstor - ok

10:36:26.0304 5428        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:36:26.0335 5428        nv_agp - ok

10:36:26.0366 5428        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:36:26.0413 5428        ohci1394 - ok

10:36:26.0538 5428        ose64           (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:36:26.0569 5428        ose64 - ok

10:36:26.0974 5428        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:36:27.0099 5428        osppsvc - ok

10:36:27.0240 5428        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:36:27.0333 5428        p2pimsvc - ok

10:36:27.0396 5428        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:36:27.0474 5428        p2psvc - ok

10:36:27.0536 5428        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:36:27.0583 5428        Parport - ok

10:36:27.0630 5428        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:36:27.0661 5428        partmgr - ok

10:36:27.0708 5428        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:36:27.0786 5428        PcaSvc - ok

10:36:27.0817 5428        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:36:27.0864 5428        pci - ok

10:36:27.0895 5428        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:36:27.0910 5428        pciide - ok

10:36:27.0942 5428        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:36:27.0957 5428        pcmcia - ok

10:36:28.0004 5428        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:36:28.0020 5428        pcw - ok

10:36:28.0051 5428        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:36:28.0129 5428        PEAUTH - ok

10:36:28.0238 5428        PEGAGFN         (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys

10:36:28.0269 5428        PEGAGFN - ok

10:36:28.0410 5428        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:36:28.0441 5428        PerfHost - ok

10:36:28.0659 5428        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:36:28.0815 5428        pla - ok

10:36:28.0878 5428        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:36:28.0971 5428        PlugPlay - ok

10:36:29.0049 5428        Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

10:36:29.0080 5428        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

10:36:29.0080 5428        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

10:36:29.0112 5428        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:36:29.0174 5428        PNRPAutoReg - ok

10:36:29.0221 5428        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:36:29.0252 5428        PNRPsvc - ok

10:36:29.0299 5428        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:36:29.0408 5428        PolicyAgent - ok

10:36:29.0455 5428        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:36:29.0564 5428        Power - ok

10:36:29.0642 5428        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:36:29.0720 5428        PptpMiniport - ok

10:36:29.0782 5428        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:36:29.0845 5428        Processor - ok

10:36:29.0876 5428        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

10:36:30.0001 5428        ProfSvc - ok

10:36:30.0032 5428        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:30.0048 5428        ProtectedStorage - ok

10:36:30.0110 5428        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:36:30.0204 5428        Psched - ok

10:36:30.0328 5428        PSI_SVC_2       (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

10:36:30.0360 5428        PSI_SVC_2 - ok

10:36:30.0469 5428        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:36:30.0578 5428        ql2300 - ok

10:36:30.0734 5428        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:36:30.0781 5428        ql40xx - ok

10:36:30.0812 5428        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:36:30.0859 5428        QWAVE - ok

10:36:30.0890 5428        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:36:30.0952 5428        QWAVEdrv - ok

10:36:30.0968 5428        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:36:31.0062 5428        RasAcd - ok

10:36:31.0108 5428        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:36:31.0171 5428        RasAgileVpn - ok

10:36:31.0202 5428        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:36:31.0249 5428        RasAuto - ok

10:36:31.0296 5428        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:36:31.0389 5428        Rasl2tp - ok

10:36:31.0452 5428        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:36:31.0561 5428        RasMan - ok

10:36:31.0608 5428        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:36:31.0670 5428        RasPppoe - ok

10:36:31.0701 5428        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:36:31.0764 5428        RasSstp - ok

10:36:31.0795 5428        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:36:31.0857 5428        rdbss - ok

10:36:31.0888 5428        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

10:36:31.0920 5428        rdpbus - ok

10:36:31.0935 5428        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:36:31.0982 5428        RDPCDD - ok

10:36:32.0013 5428        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:36:32.0076 5428        RDPENCDD - ok

10:36:32.0091 5428        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:36:32.0122 5428        RDPREFMP - ok

10:36:32.0169 5428        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

10:36:32.0263 5428        RDPWD - ok

10:36:32.0310 5428        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:36:32.0341 5428        rdyboost - ok

10:36:32.0544 5428        RegSrvc         (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

10:36:32.0606 5428        RegSrvc - ok

10:36:32.0637 5428        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:36:32.0715 5428        RemoteAccess - ok

10:36:32.0762 5428        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:36:32.0840 5428        RemoteRegistry - ok

10:36:33.0136 5428        Response Hardware (0a3f4b7c7fe0d9681b23623371f5cffb) C:\Program Files (x86)\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe

10:36:33.0168 5428        Response Hardware - ok

10:36:33.0277 5428        RichVideo       (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

10:36:33.0308 5428        RichVideo ( UnsignedFile.Multi.Generic ) - warning

10:36:33.0308 5428        RichVideo - detected UnsignedFile.Multi.Generic (1)

10:36:33.0355 5428        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:36:33.0464 5428        RpcEptMapper - ok

10:36:33.0495 5428        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:36:33.0526 5428        RpcLocator - ok

10:36:33.0573 5428        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:36:33.0651 5428        RpcSs - ok

10:36:33.0714 5428        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:36:33.0792 5428        rspndr - ok

10:36:33.0838 5428        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:33.0870 5428        SamSs - ok

10:36:33.0885 5428        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:36:33.0916 5428        sbp2port - ok

10:36:33.0948 5428        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:36:34.0057 5428        SCardSvr - ok

10:36:34.0072 5428        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:36:34.0135 5428        scfilter - ok

10:36:34.0197 5428        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:36:34.0322 5428        Schedule - ok

10:36:34.0369 5428        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:36:34.0400 5428        SCPolicySvc - ok

10:36:34.0447 5428        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:36:34.0525 5428        SDRSVC - ok

10:36:34.0587 5428        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:36:34.0665 5428        secdrv - ok

10:36:34.0696 5428        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:36:34.0743 5428        seclogon - ok

10:36:34.0790 5428        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:36:34.0852 5428        SENS - ok

10:36:34.0868 5428        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:36:34.0930 5428        SensrSvc - ok

10:36:34.0962 5428        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

10:36:34.0993 5428        Serenum - ok

10:36:35.0024 5428        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

10:36:35.0055 5428        Serial - ok

10:36:35.0102 5428        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:36:35.0118 5428        sermouse - ok

10:36:35.0164 5428        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:36:35.0274 5428        SessionEnv - ok

10:36:35.0305 5428        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:36:35.0352 5428        sffdisk - ok

10:36:35.0398 5428        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:36:35.0445 5428        sffp_mmc - ok

10:36:35.0492 5428        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:36:35.0554 5428        sffp_sd - ok

10:36:35.0586 5428        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:36:35.0632 5428        sfloppy - ok

10:36:35.0695 5428        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:36:35.0820 5428        SharedAccess - ok

10:36:35.0866 5428        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:36:35.0976 5428        ShellHWDetection - ok

10:36:36.0022 5428        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:36:36.0054 5428        SiSRaid2 - ok

10:36:36.0069 5428        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:36:36.0085 5428        SiSRaid4 - ok

10:36:36.0225 5428        SkypeUpdate     (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe

10:36:36.0272 5428        SkypeUpdate - ok

10:36:36.0381 5428        SMARTMouseFilterx64 (3e1cab0ff8311b196069e34fe6b28f8f) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys

10:36:36.0397 5428        SMARTMouseFilterx64 - ok

10:36:36.0459 5428        SMARTVHidMiniVistaAmd64 (3a57e488bfff94fd4548ec62aecbc697) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys

10:36:36.0475 5428        SMARTVHidMiniVistaAmd64 - ok

10:36:36.0506 5428        SMARTVTabletPCx64 (19750003eb04cbf1490919bb67c2ae9c) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys

10:36:36.0537 5428        SMARTVTabletPCx64 - ok

10:36:36.0584 5428        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:36:36.0646 5428        Smb - ok

10:36:36.0693 5428        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:36:36.0756 5428        SNMPTRAP - ok

10:36:36.0771 5428        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:36:36.0802 5428        spldr - ok

10:36:36.0865 5428        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:36:36.0958 5428        Spooler - ok

10:36:37.0130 5428        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:36:37.0286 5428        sppsvc - ok

10:36:37.0426 5428        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:36:37.0504 5428        sppuinotify - ok

10:36:37.0582 5428        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:36:37.0660 5428        srv - ok

10:36:37.0707 5428        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:36:37.0785 5428        srv2 - ok

10:36:37.0832 5428        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:36:37.0910 5428        srvnet - ok

10:36:37.0957 5428        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:36:38.0066 5428        SSDPSRV - ok

10:36:38.0082 5428        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:36:38.0175 5428        SstpSvc - ok

10:36:38.0206 5428        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:36:38.0222 5428        stexstor - ok

10:36:38.0284 5428        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:36:38.0362 5428        stisvc - ok

10:36:38.0409 5428        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:36:38.0440 5428        swenum - ok

10:36:38.0503 5428        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:36:38.0659 5428        swprv - ok

10:36:38.0737 5428        SynTP           (be2b928de9af2848289db7a54c7e2398) C:\Windows\system32\drivers\SynTP.sys

10:36:38.0784 5428        SynTP - ok

10:36:38.0908 5428        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:36:39.0033 5428        SysMain - ok

10:36:39.0142 5428        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:36:39.0205 5428        TabletInputService - ok

10:36:39.0252 5428        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:36:39.0330 5428        TapiSrv - ok

10:36:39.0361 5428        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:36:39.0392 5428        TBS - ok

10:36:39.0642 5428        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:36:39.0766 5428        Tcpip - ok

10:36:40.0078 5428        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:36:40.0141 5428        TCPIP6 - ok

10:36:40.0250 5428        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:36:40.0344 5428        tcpipreg - ok

10:36:40.0375 5428        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:36:40.0390 5428        TDPIPE - ok

10:36:40.0422 5428        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:36:40.0437 5428        TDTCP - ok

10:36:40.0468 5428        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:36:40.0531 5428        tdx - ok

10:36:40.0999 5428        TeamViewer7     (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

10:36:41.0217 5428        TeamViewer7 - ok

10:36:41.0358 5428        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:36:41.0404 5428        TermDD - ok

10:36:41.0467 5428        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:36:41.0592 5428        TermService - ok

10:36:41.0623 5428        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:36:41.0654 5428        Themes - ok

10:36:41.0701 5428        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:36:41.0779 5428        THREADORDER - ok

10:36:41.0794 5428        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:36:41.0872 5428        TrkWks - ok

10:36:41.0919 5428        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:36:42.0013 5428        TrustedInstaller - ok

10:36:42.0044 5428        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:36:42.0138 5428        tssecsrv - ok

10:36:42.0169 5428        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:36:42.0216 5428        TsUsbFlt - ok

10:36:42.0262 5428        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:36:42.0278 5428        TsUsbGD - ok

10:36:42.0325 5428        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:36:42.0403 5428        tunnel - ok

10:36:42.0418 5428        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:36:42.0434 5428        uagp35 - ok

10:36:42.0481 5428        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:36:42.0559 5428        udfs - ok

10:36:42.0606 5428        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:36:42.0637 5428        UI0Detect - ok

10:36:42.0684 5428        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:36:42.0715 5428        uliagpkx - ok

10:36:42.0777 5428        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:36:42.0824 5428        umbus - ok

10:36:42.0855 5428        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

10:36:42.0902 5428        UmPass - ok

10:36:43.0167 5428        UNS             (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

10:36:43.0261 5428        UNS - ok

10:36:43.0432 5428        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:36:43.0542 5428        upnphost - ok

10:36:43.0604 5428        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:36:43.0666 5428        usbccgp - ok

10:36:43.0713 5428        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:36:43.0776 5428        usbcir - ok

10:36:43.0807 5428        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

10:36:43.0869 5428        usbehci - ok

10:36:43.0916 5428        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys

10:36:43.0963 5428        usbhub - ok

10:36:43.0994 5428        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:36:44.0025 5428        usbohci - ok

10:36:44.0088 5428        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:36:44.0150 5428        usbprint - ok

10:36:44.0197 5428        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:36:44.0259 5428        usbscan - ok

10:36:44.0306 5428        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:36:44.0368 5428        USBSTOR - ok

10:36:44.0415 5428        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:36:44.0462 5428        usbuhci - ok

10:36:44.0524 5428        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

10:36:44.0587 5428        usbvideo - ok

10:36:44.0618 5428        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:36:44.0696 5428        UxSms - ok

10:36:44.0727 5428        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:44.0758 5428        VaultSvc - ok

10:36:44.0821 5428        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:36:44.0852 5428        vdrvroot - ok

10:36:44.0946 5428        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:36:45.0070 5428        vds - ok

10:36:45.0102 5428        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:36:45.0133 5428        vga - ok

10:36:45.0164 5428        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:36:45.0258 5428        VgaSave - ok

10:36:45.0289 5428        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:36:45.0320 5428        vhdmp - ok

10:36:45.0382 5428        vhidmini        (c2c95d62c90ca809240112b41c1765f2) C:\Windows\system32\DRIVERS\walvhid.sys

10:36:45.0429 5428        vhidmini - ok

10:36:45.0460 5428        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:36:45.0492 5428        viaide - ok

10:36:45.0523 5428        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:36:45.0554 5428        volmgr - ok

10:36:45.0616 5428        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:36:45.0663 5428        volmgrx - ok

10:36:45.0726 5428        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:36:45.0788 5428        volsnap - ok

10:36:45.0835 5428        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:36:45.0866 5428        vsmraid - ok

10:36:46.0006 5428        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:36:46.0162 5428        VSS - ok

10:36:46.0381 5428        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:36:46.0443 5428        vwifibus - ok

10:36:46.0474 5428        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:36:46.0537 5428        vwififlt - ok

10:36:46.0537 5428        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:36:46.0568 5428        vwifimp - ok

10:36:46.0646 5428        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:36:46.0755 5428        W32Time - ok

10:36:46.0802 5428        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:36:46.0849 5428        WacomPen - ok

10:36:46.0896 5428        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:36:46.0989 5428        WANARP - ok

10:36:47.0005 5428        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:36:47.0036 5428        Wanarpv6 - ok

10:36:47.0176 5428        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:36:47.0254 5428        WatAdminSvc - ok

10:36:47.0395 5428        watchmi         (878c947c69ee89e4dbff9dbd6155c15d) C:\Program Files (x86)\watchmi\TvdService.exe

10:36:47.0426 5428        watchmi ( UnsignedFile.Multi.Generic ) - warning

10:36:47.0426 5428        watchmi - detected UnsignedFile.Multi.Generic (1)

10:36:47.0566 5428        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:36:47.0722 5428        wbengine - ok

10:36:47.0847 5428        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:36:47.0910 5428        WbioSrvc - ok

10:36:47.0972 5428        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:36:48.0066 5428        wcncsvc - ok

10:36:48.0066 5428        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:36:48.0112 5428        WcsPlugInService - ok

10:36:48.0175 5428        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:36:48.0206 5428        Wd - ok

10:36:48.0253 5428        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:36:48.0315 5428        Wdf01000 - ok

10:36:48.0331 5428        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:36:48.0456 5428        WdiServiceHost - ok

10:36:48.0471 5428        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:36:48.0502 5428        WdiSystemHost - ok

10:36:48.0565 5428        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:36:48.0658 5428        WebClient - ok

10:36:48.0705 5428        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:36:48.0799 5428        Wecsvc - ok

10:36:48.0814 5428        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:36:48.0877 5428        wercplsupport - ok

10:36:48.0908 5428        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:36:48.0955 5428        WerSvc - ok

10:36:49.0002 5428        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:36:49.0095 5428        WfpLwf - ok

10:36:49.0111 5428        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:36:49.0126 5428        WIMMount - ok

10:36:49.0204 5428        WinDefend - ok

10:36:49.0220 5428        WinHttpAutoProxySvc - ok

10:36:49.0282 5428        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:36:49.0392 5428        Winmgmt - ok

10:36:49.0548 5428        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:36:49.0719 5428        WinRM - ok

10:36:49.0922 5428        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:36:50.0047 5428        Wlansvc - ok

10:36:50.0172 5428        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:36:50.0187 5428        wlcrasvc - ok

10:36:50.0374 5428        wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:36:50.0484 5428        wlidsvc - ok

10:36:50.0640 5428        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:36:50.0686 5428        WmiAcpi - ok

10:36:50.0749 5428        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:36:50.0811 5428        wmiApSrv - ok

10:36:50.0905 5428        WMPNetworkSvc - ok

10:36:50.0936 5428        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:36:50.0983 5428        WPCSvc - ok

10:36:51.0030 5428        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:36:51.0076 5428        WPDBusEnum - ok

10:36:51.0108 5428        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:36:51.0201 5428        ws2ifsl - ok

10:36:51.0217 5428        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

10:36:51.0264 5428        wscsvc - ok

10:36:51.0264 5428        WSearch - ok

10:36:51.0310 5428        WTService - ok

10:36:51.0451 5428        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

10:36:51.0622 5428        wuauserv - ok

10:36:51.0763 5428        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:36:51.0856 5428        WudfPf - ok

10:36:51.0888 5428        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:36:51.0950 5428        WUDFRd - ok

10:36:51.0981 5428        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:36:52.0044 5428        wudfsvc - ok

10:36:52.0075 5428        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:36:52.0153 5428        WwanSvc - ok

10:36:52.0215 5428        MBR (0x1B8)     (34f69c8dde583a7ea224e5ea68df00f5) \Device\Harddisk0\DR0

10:36:54.0961 5428        \Device\Harddisk0\DR0 - ok

10:36:54.0992 5428        Boot (0x1200)   (e0dd80e82f082b64deb6bf06854dee7c) \Device\Harddisk0\DR0\Partition0

10:36:55.0008 5428        \Device\Harddisk0\DR0\Partition0 - ok

10:36:55.0023 5428        Boot (0x1200)   (a30316692566a15b0303b2be7fca3054) \Device\Harddisk0\DR0\Partition1

10:36:55.0023 5428        \Device\Harddisk0\DR0\Partition1 - ok

10:36:55.0054 5428        Boot (0x1200)   (c82934e15d84e3fb811a596678fbc9da) \Device\Harddisk0\DR0\Partition2

10:36:55.0054 5428        \Device\Harddisk0\DR0\Partition2 - ok

10:36:55.0054 5428        ============================================================

10:36:55.0054 5428        Scan finished

10:36:55.0054 5428        ============================================================

10:36:55.0086 7000        Detected object count: 8

10:36:55.0086 7000        Actual detected object count: 8

10:37:28.0985 7000        DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:28.0985 7000        DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:28.0985 7000        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:28.0985 7000        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:28.0985 7000        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:28.0985 7000        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:28.0985 7000        HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:28.0985 7000        HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:29.0000 7000        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:29.0000 7000        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:29.0000 7000        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:29.0000 7000        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:29.0000 7000        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:29.0000 7000        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:29.0000 7000        watchmi ( UnsignedFile.Multi.Generic ) - skipped by user

10:37:29.0000 7000        watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:37:34.0507 4924        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

und hier der cf-log:

Code:

ComboFix 12-06-12.03 - Steffen 13.06.2012  11:08:53.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4007.2424 [GMT 2:00]

ausgeführt von:: c:\users\Steffen\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\AutocompletePro

c:\program files (x86)\AutocompletePro\InstTracker.exe

c:\programdata\Roaming

c:\windows\system32\ICON.ico

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))

.

.

2012-06-13 09:22 . 2012-06-13 09:22        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-06-12 22:15 . 2012-06-12 22:15        --------        d-----w-        C:\_OTL

2012-06-12 13:13 . 2012-06-12 13:18        --------        d-----w-        c:\users\Steffen\AppData\Roaming\HpUpdate

2012-06-12 13:13 . 2012-06-12 13:13        --------        d-----w-        c:\windows\Hewlett-Packard

2012-06-11 12:34 . 2012-06-11 12:34        --------        d-----w-        c:\windows\Sun

2012-06-11 12:02 . 2012-06-11 12:02        --------        d-----w-        c:\program files (x86)\ESET

2012-06-08 15:29 . 2012-06-08 15:29        --------        d-----w-        c:\users\Steffen\AppData\Roaming\Malwarebytes

2012-06-08 15:29 . 2012-06-08 15:29        --------        d-----w-        c:\programdata\Malwarebytes

2012-06-08 15:29 . 2012-06-08 15:29        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-08 15:29 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-07 20:20 . 2012-06-07 20:20        --------        d-----w-        c:\users\Steffen\AppData\Roaming\YourFileDownloader

2012-06-05 23:01 . 2012-06-05 23:01        --------        d-----w-        c:\users\Steffen\AppData\Roaming\Rovio

2012-06-05 23:01 . 2012-06-05 23:01        --------        d-----w-        c:\program files (x86)\Rovio

2012-06-05 07:25 . 2012-06-05 07:25        --------        d-----w-        c:\users\Steffen\AppData\Roaming\DAPE

2012-06-05 07:24 . 2012-06-08 07:49        --------        d-----w-        c:\program files (x86)\Deepnet Explorer

2012-06-05 07:24 . 2012-06-05 07:27        --------        d-----w-        c:\users\Steffen\AppData\Roaming\Deepnet Explorer

2012-06-04 13:04 . 2012-06-04 13:04        --------        d-----w-        c:\users\Steffen\AppData\Local\HP

2012-06-04 13:01 . 2012-06-04 13:07        --------        d-----w-        c:\users\Steffen\AppData\Roaming\HP

2012-06-04 13:01 . 2012-06-04 13:01        --------        d-----w-        c:\programdata\WEBREG

2012-06-04 12:57 . 2012-06-04 12:57        --------        d-----w-        c:\users\Steffen\AppData\Roaming\Yahoo!

2012-06-04 12:57 . 2012-06-04 12:57        --------        d-----w-        c:\programdata\Yahoo! Companion

2012-06-04 12:57 . 2012-06-04 12:57        --------        d-----w-        c:\program files (x86)\Yahoo!

2012-06-04 12:56 . 2012-06-04 12:56        --------        d-----w-        c:\programdata\HP Product Assistant

2012-06-04 12:55 . 2012-06-04 12:55        --------        d-----w-        c:\windows\SysWow64\spool

2012-06-04 12:54 . 2012-06-04 12:54        --------        d-----w-        c:\program files (x86)\Common Files\Hewlett-Packard

2012-06-04 12:54 . 2012-06-04 12:54        --------        d-----w-        c:\program files (x86)\Common Files\HP

2012-06-04 12:52 . 2012-06-12 13:14        --------        d-----w-        c:\program files (x86)\HP

2012-06-04 12:50 . 2012-06-04 13:02        --------        d-----w-        c:\programdata\HP

2012-06-04 12:50 . 2009-07-08 10:51        861184        ----a-w-        c:\windows\system32\hpowiav1.dll

2012-06-04 12:50 . 2009-07-08 10:51        730624        ----a-w-        c:\windows\system32\hpotscl1.dll

2012-06-04 12:50 . 2009-07-08 10:51        642360        ----a-w-        c:\windows\system32\hpzids40.dll

2012-06-04 12:50 . 2009-07-08 10:51        498176        ----a-w-        c:\windows\system32\hpovst01.dll

2012-05-19 18:02 . 2012-05-19 18:02        --------        d-----w-        c:\users\Steffen\.gimp-2.6

2012-05-18 01:03 . 2012-05-18 01:03        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-05-16 14:03 . 2012-05-16 14:03        --------        d-----w-        c:\program files (x86)\Free Notes & Office Ink

2012-05-16 14:02 . 2004-10-22 00:17        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2012-05-16 14:02 . 2004-10-22 00:17        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2012-05-16 14:02 . 2004-10-22 00:16        180224        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2012-05-16 14:02 . 2004-10-22 00:16        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2012-05-16 14:02 . 2004-10-22 00:18        749568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2012-05-16 14:02 . 2012-05-16 14:02        192644        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2012-05-16 14:02 . 2012-05-16 14:02        323716        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2012-05-16 14:01 . 2012-05-16 14:01        --------        d-----w-        c:\program files (x86)\Power Presenter RE II

2012-05-16 13:57 . 2012-05-16 13:57        --------        d-----w-        c:\programdata\InstallShield

2012-05-16 13:57 . 2005-06-10 02:44        81920        ----a-r-        c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe

2012-05-16 13:57 . 2005-06-10 02:44        368640        ----a-r-        c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll

2012-05-16 13:57 . 2005-06-10 02:44        278528        ----a-r-        c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe

2012-05-16 13:55 . 1999-10-15 10:50        1056768        ------w-        c:\windows\SysWow64\ROBOEX32.DLL

2012-05-16 13:55 . 2006-07-22 17:37        49152        ------w-        c:\windows\SysWow64\INETWH32.dll

2012-05-16 13:55 . 2012-05-16 13:55        --------        d-----w-        c:\program files (x86)\Ulead Systems

2012-05-16 13:55 . 2012-05-16 13:55        --------        d-----w-        c:\program files (x86)\Common Files\Ulead Systems

2012-05-16 13:55 . 2005-06-10 02:44        618496        ----a-r-        c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe

2012-05-16 13:53 . 2012-05-16 13:55        --------        d-----w-        c:\programdata\Ulead Systems

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-11 09:04 . 2012-05-11 08:34        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-11 09:04 . 2011-08-29 19:22        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-11 09:04 . 2012-05-11 09:04        8769696        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-08 08:08 . 2012-03-24 23:49        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-08 08:08 . 2012-03-24 23:49        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-31 06:05 . 2012-05-10 20:50        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-10 20:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-10 20:50        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-10 20:50        3146240        ----a-w-        c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-10 20:44        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-03-17 07:58 . 2012-05-10 20:44        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]

"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-02-03 506712]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

"SMART Board Service"="c:\program files (x86)\SMART Technologies\Classroom Teacher\SMARTBoardService.exe" [2010-08-23 5347728]

"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\Classroom Teacher\SMARTSNMPAgent.exe" [2010-08-23 1662352]

"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

.

c:\users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Arbeitsplatz.lnk - c:\program files (x86)\SMART Technologies\Classroom Teacher\DesktopMenu.exe [2010-8-23 1947024]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

SMART-Board-Werkzeuge.lnk - c:\program files (x86)\SMART Technologies\Classroom Teacher\SMARTBoardTools.exe [2010-8-23 12375952]

watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-12-24 300416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 257696]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]

S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-07 159752]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]

S2 Response Hardware;Response-Hardware;c:\program files (x86)\SMART Technologies\Classroom Teacher\ResponseHardwareService.exe [2010-08-23 30608]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]

S2 WTService;WTService;c:\windows\system32\atwtusb.exe [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]

S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]

S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 09:04]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 18:52]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 18:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"MacrokeyManager"="WTMKM.exe" [2010-12-24 7319784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Free YouTube to MP3 Converter - c:\users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\qan3l8td.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - 

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_7_

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - f2d3d60c00000000000078929c4e2633

FF - user.js: extensions.BabylonToolbar_i.hardId - f2d3d60c00000000000078929c4e2633

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15498

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:21

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-ExpressFiles - c:\program files (x86)\ExpressFiles\ExpressFiles.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-DarkWave Studio - c:\program files (x86)\ExperimentalScene\DarkWave Studio\Uninstall.exe

AddRemove-ExpressFiles - c:\program files (x86)\ExpressFiles\uninstall.exe

AddRemove-Uncompressor - c:\program files (x86)\Uncompressor\Uninstall\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\PHotkey\ASLDRSrv.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\PHotkey\PHotkey.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\PHotkey\MsgTranAgt.exe

c:\program files (x86)\PHotkey\POSD.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-06-13  11:41:39 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-06-13 09:41

.

Vor Suchlauf: 11 Verzeichnis(se), 339.883.147.264 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 339.492.274.176 Bytes frei

.

- - End Of File - - 96953E3A1708A0969043C4783FA41C84

Zitat:

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

Hast du wirklich Kasperksy und AntVir gleichzeitig installiert? :wtf:

Ne, Kaspersky war eine vorinstallierte Testversion, die ist mittlerweile abgelaufen, hab ich noch nich deinstalliert. Daraufhin hab ich dann zum Hauptschutz Avira installiert.

Man muss sowas doch trotzdem VORHER deinstallieren :wtf: