Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mit GVU Trojaner infiziert (https://www.trojaner-board.de/129331-gvu-trojaner-infiziert.html)

Severin80 11.01.2013 01:57
Mit GVU Trojaner infiziert
 
Hallo,

ich habe mir leider einen GVU Trojaner eingefangen und bin beim googeln (im abgesicherten Modus) auf dieser nette Forum hier gestossen.

Ich versuche mein Problem nun mal mit Hilfe euer Checkliste zu erläutern.

1. defogger konnte ohne Probleme ausgeführt werden.

2. Inhalt der OTL.txt:
Code:
OTL logfile created on: 11.01.2013 00:59:57 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Severin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free
8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
 
Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.23 12:42:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.12.09 13:07:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.01.04 21:28:36 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.01.06 08:27:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.01.06 08:25:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.09.22 16:34:32 | 000,457,944 | R--- | M] (cFos Software GmbH) [Auto | Stopped] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2010.05.06 10:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.11.21 07:53:12 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.22 14:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011.08.22 14:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011.08.22 14:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011.08.22 14:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011.08.22 14:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011.08.22 14:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011.08.22 14:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.03 21:13:50 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.22 16:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2010.03.18 10:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.03.18 10:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.03.18 10:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 5B D7 FF 82 EF CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledAddons: %7B6005d9b1-d115-485a-a92a-3f6453ca3fe2%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6005d9b1-d115-485a-a92a-3f6453ca3fe2}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.03 10:22:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 13:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 09:19:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.17 23:35:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E93ED55EEC68961619079B24652DD030B
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions
[2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.08 13:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions
[2010.11.02 23:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.01.08 13:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\trash
[2012.10.06 09:49:12 | 000,260,260 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi
[2013.01.08 13:41:01 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.11.25 22:03:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.12 22:20:40 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.08.30 22:35:53 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2009.06.15 19:28:18 | 000,002,164 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\bing.xml
[2011.07.20 20:14:43 | 000,001,644 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\minecraft.xml
[2010.07.21 20:27:32 | 000,002,630 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\wiki-aventurica-de.xml
[2012.12.09 13:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.09 13:07:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.09 09:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 09:15:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.09 09:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.09 09:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.09 09:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.09 09:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [HotSwap! Applet] C:\Users\Severin\Desktop\HotSwap!.EXE (KaaKoon)
O4 - HKCU..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C52EDB-5B0F-46A5-A92F-493E65AA4BB9}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.11 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Roaming\Malwarebytes
[2013.01.11 00:18:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.11 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.11 00:17:51 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Local\Programs
[2013.01.11 00:09:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe
[2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.12.20 19:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.20 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.12.12 23:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.11 00:55:22 | 000,000,188 | ---- | M] () -- C:\Users\Severin\defogger_reenable
[2013.01.11 00:54:08 | 000,050,477 | ---- | M] () -- C:\Users\Severin\Desktop\Defogger.exe
[2013.01.11 00:18:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe
[2013.01.11 00:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.11 00:02:34 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.01.10 23:37:10 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 23:35:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.10 23:33:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.10 23:32:15 | 000,001,950 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk
[2013.01.10 23:31:17 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.10 23:31:00 | 000,301,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
[2013.01.10 23:24:04 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Data Migration.lnk
[2013.01.10 23:01:03 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013.01.09 10:16:09 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.09 10:16:09 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 10:16:09 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 10:16:09 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 10:16:09 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 10:16:00 | 001,594,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 22:51:59 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.12.23 22:11:33 | 000,224,001 | ---- | M] () -- C:\Users\Severin\Documents\Scan0005.jpg
[2012.12.23 12:46:17 | 000,001,053 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.23 12:45:53 | 000,001,025 | ---- | M] () -- C:\Users\Severin\Desktop\Dropbox.lnk
[2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.20 20:44:38 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 22:05:06 | 000,325,451 | ---- | M] () -- C:\Users\Severin\Documents\Scan0004.jpg
[2012.12.13 22:05:06 | 000,001,463 | ---- | M] () -- C:\Users\Severin\.recently-used.xbel
[2012.12.13 22:04:31 | 000,269,808 | ---- | M] () -- C:\Users\Severin\Documents\Scan0003.jpg
 
========== Files Created - No Company Name ==========
 
[2013.01.11 00:55:22 | 000,000,188 | ---- | C] () -- C:\Users\Severin\defogger_reenable
[2013.01.11 00:53:54 | 000,050,477 | ---- | C] () -- C:\Users\Severin\Desktop\Defogger.exe
[2013.01.11 00:18:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 23:28:08 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | C] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.10 23:28:04 | 000,265,728 | ---- | C] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
[2013.01.10 23:24:04 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Data Migration.lnk
[2013.01.10 21:10:02 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012.12.23 22:11:33 | 000,224,001 | ---- | C] () -- C:\Users\Severin\Documents\Scan0005.jpg
[2012.12.13 22:05:06 | 000,001,463 | ---- | C] () -- C:\Users\Severin\.recently-used.xbel
[2012.12.13 22:02:19 | 000,325,451 | ---- | C] () -- C:\Users\Severin\Documents\Scan0004.jpg
[2012.12.13 22:02:19 | 000,269,808 | ---- | C] () -- C:\Users\Severin\Documents\Scan0003.jpg
[2012.12.12 22:00:03 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.12.12 22:00:02 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.12.12 21:59:58 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.12.12 21:59:54 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012.12.12 21:59:46 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.12.12 21:59:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.12 21:51:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.25 23:07:35 | 000,000,118 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.27 22:50:53 | 000,010,495 | ---- | C] () -- C:\Users\Severin\Severin_elster_2048.pfx
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.23 17:35:31 | 000,008,203 | ---- | C] () -- C:\Users\Severin\.heldEinstellungen4_1.xml
[2012.02.23 17:35:30 | 000,000,260 | ---- | C] () -- C:\Users\Severin\.dsa4.properties
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.22 10:51:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.22 13:37:48 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2011.08.22 12:59:58 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2011.08.22 12:57:32 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2011.08.22 12:47:18 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2011.08.22 12:47:18 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2011.08.22 12:39:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2011.08.22 12:39:24 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2011.05.21 10:19:19 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini
[2011.05.13 11:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Severin\AppData\Local\{E29A6443-6C23-49EF-A7F8-F9FF89C7FCD1}
[2010.11.20 09:20:03 | 000,036,864 | ---- | C] () -- C:\Users\Severin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.05 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\.minecraft
[2011.10.17 07:19:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Amazon
[2012.01.05 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BF3CC
[2011.07.21 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BFBC2CC
[2012.02.09 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BID
[2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Blender Foundation
[2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service GmbH
[2012.05.01 01:32:22 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\calibre
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Canneverbe Limited
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DAEMON Tools Lite
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DataDesign
[2013.01.10 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Dropbox
[2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\FaceGen
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\fotobuch.de AG
[2012.11.01 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\gtk-2.0
[2011.03.30 06:50:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\IrfanView
[2010.11.04 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Leadertech
[2011.02.13 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LEGO Company
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LetsTrade
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\My Games
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\MyHeritage
[2012.02.17 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia
[2011.07.16 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia Ovi Suite
[2011.05.16 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OfficeRecovery
[2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OpenOffice.org
[2012.12.04 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Origin
[2011.07.16 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\PC Suite
[2011.12.18 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\pdfforge
[2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Poser
[2013.01.09 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Spotify
[2013.01.10 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TeamViewer
[2010.09.24 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010.11.02 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Thunderbird
[2011.11.22 07:57:02 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TrueCrypt
[2013.01.10 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TS3Client
[2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\uTorrent
[2011.07.09 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
Inhalt der Extra.txt:
Code:
OTL Extras logfile created on: 11.01.2013 00:59:57 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Severin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free
8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
 
Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A4DBFF-F734-4594-8060-6EE2A42E0DB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{0942A38A-3AD1-4B72-99AA-611257CDFF54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A41AC16-15F8-4449-9C88-6A31CABA2DB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2239F232-7E0A-4357-8424-5AC4EEDC1C89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{224C43CD-6187-42FC-AC0C-B4418BF22EFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27D8A6AF-C79E-48C8-B10B-DBADCF09EFEF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2E04EB29-5FA1-406E-BD92-CBE08A2AAA76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{396451FC-F3CF-4DE7-81FA-1365D5CA0E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EB0967B-3B8C-4346-857E-DDFFA63A26DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{672BF6B7-DE62-4572-89AB-D60C3F7C0712}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68AEB13D-EB02-442C-8F48-EB2EED3EA3B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{7028702C-7716-45CB-A7EE-31EB7A7120D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{731FBDFC-6298-4714-A019-EB8E06546CE9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A97FF9-0ADC-4934-81E4-8B9DECDD6CC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{77A8704C-C065-4F59-B877-3E95E69ADD93}" = lport=137 | protocol=17 | dir=in | app=system |
"{847FEC26-29CD-423D-AAE5-87063C96F4BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{897C4D1E-A1AD-40A5-9C17-9369B7A77948}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D61ACB5-98D7-4D4A-A293-6C945EE88F4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADA53EC7-9374-440C-AF82-37FF2C058D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCC29598-60FD-411F-968A-90C23D82D97E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF75E53F-6FDB-4C28-88DB-EDAD84D002A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C50B013B-4F68-49BD-867A-A678238D9B1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E152A1EA-B070-4EBC-B5F6-36CEF2A5E091}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE41E141-EA8B-48C0-8F71-090E13C4204B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C54188E-93B5-4265-9681-7C0BDDC007FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{0EB304A5-8AF2-4D44-ADBA-0B1EAE401EFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1170758C-4F1A-44CB-994A-4A7DF308AC4B}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{11F197F0-4098-412C-82F8-6C1DFFB43B03}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{17D54610-493E-45B0-A366-48ED92AF5CE6}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe |
"{1BABBBBB-4FD6-452D-8958-A8EB04A63F26}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{23534EAE-FDEC-4F6A-AA89-F94AE13B5620}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{241EC5D9-1133-4ADC-84A7-E6D835B28AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{298D8EDF-2CF3-4EFE-9513-E68742571B5F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2B6F0405-D037-4B46-B6F0-2337AE7949DC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{31188CF3-83F0-42A8-950C-863417E8F1C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{31F0DB85-5FEA-4DE1-964D-9894AB4CCE05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36282200-282B-437C-891B-29F9179F1777}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe |
"{36B093B3-9FE4-4793-9023-3C6E8BE92230}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{39BE6F2F-973C-4B8F-B401-79E4D2103101}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3D815138-DB76-4945-8706-F6B69DA56B4C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{4490C835-9707-43A2-9106-459E54BF4D6F}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{46F50D4B-5BF1-474B-BF67-AEC46DEA3ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{4C8BF11C-0FF6-4E2E-B2D1-E547A5B6F9AA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4D965DFD-1ED8-49FB-8D53-BA69D68FB25E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50C85BE4-AC08-4F5D-AB08-8B45E85D06C5}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe |
"{55E213B1-2721-4C6E-AF9E-41180B396B86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5C429030-AD5B-487E-8D24-386272768014}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{628B96F7-2B9B-4366-8C8E-00DFA7F77CEF}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe |
"{67E13C61-FAA0-4FE4-A221-5EF04A9E08A3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6A90A517-9866-4D15-812D-C7132A2B4383}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{71963F58-575A-4C00-B95A-F8F71EFA321B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{762CC2DF-0366-4D9B-BC6F-408078CFEB71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7E58FA76-B3D9-400C-9D09-C3990000F793}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{800043D4-6596-4FB8-8B86-F6BCD2ED7D6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{86750DEE-DB9C-49B4-889C-11D9FE47AF19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe |
"{88C2DE66-BF1E-4412-B3EA-0ECAC5925E5B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe |
"{919B59C0-E759-4929-B327-3CFA44D51BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{92F62159-C494-40DD-91A5-CD6CA1F3CEE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95ACFD2C-6D10-4C89-949F-796607431469}" = protocol=6 | dir=out | app=system |
"{97A3CB01-225C-45E1-8609-DD0C7350857D}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{9C4BF8B0-F419-4499-98B6-CA4225A1933C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A2208F1B-F5FE-47DA-A9CE-971ABECF43C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A28961D4-3463-4A2E-9953-B5B8349220D2}" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"{A2C88CE6-B2F9-4871-8EB3-4DB0C5B1E27F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A5BB51F4-FB5C-418E-895B-23C09BA32912}" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5F8A325-FAAE-4FF9-BE1F-BAEB7686E1CE}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe |
"{AA670F91-DE53-46DA-9EFC-FE1B0316EA05}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{AB6EC94F-5FEB-4F48-ABF5-6BD50F389E98}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe |
"{ACDDF320-93DB-4CEF-BAAC-47A619E34138}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{AE30BF6E-B417-41E9-BAE9-EFC8F0DC90D9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{AF672B31-13E1-4470-B68B-4D5332566C79}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe |
"{B15978B9-AC94-48BD-B68F-8FD2A2D18E08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B656A016-E7F6-435F-B4AE-921303B22461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B73E5361-C73F-4F3F-B97D-11706EA14809}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BC96C20A-DE65-460E-9670-56D66FE97133}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{BF488F68-109A-45C9-A815-F987B0A3C1CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFF62C7B-598B-4C98-8342-54BD77F176A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C48682D9-C343-452D-ABEC-8DEF6015AFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C669DA02-E8D0-4DB9-BF94-4B0D7C7E30BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C98F5C19-3818-4AD5-8E0A-C9FBF0A7BE66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB6E6434-BE35-48D7-8E6E-6FAF7725840B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{CB9B6A9F-2859-4492-997F-691957239353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEE2CEBE-AE74-4CF6-B858-D4A351D65966}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{CF5E8A18-B3BE-44DE-A0DF-8CCC8A7BD596}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CFFCC50E-D707-4FB4-9ADD-7951C3964EA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D016CBDC-5607-4CE2-80A9-32C065BB6F29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D2FB00F0-6F41-4F9E-BEC7-A18A5E3CDE70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D90DA6D8-5EE7-49AD-AED3-939B11D03130}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"{D989C2AD-26DC-466A-A91D-24C209101694}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{DAE8B786-458A-4623-921A-0FC639FE9EB7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{DBEF0E6D-0B57-49FB-B58F-B6FDC9842D22}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E7AF22DA-FFCE-4809-B6C7-C9691544B8D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E810411B-BDBC-48E2-8CB8-03415511A328}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe |
"{EA2BBCBF-EE4F-4919-BCE5-8E36611BA5CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{EB753A6F-8E54-49ED-ADE9-0F19B0FFD343}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB0E045-80C0-4E9E-8D13-FEAB29498C87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFBB651D-791F-4F79-882F-FB4F4CF7F171}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe |
"{F1CFA8C5-031D-4BC5-8B8C-AC79CE4D6ECF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3B76E34-11FC-4806-A1DB-7A2C1D65FCC6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{F621C7C4-4B3C-40EE-B1E7-41F703AD2CE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F6FCDFE5-B73A-4E6D-8C9C-04B6B999DC9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{F75C9497-6674-4521-8F8E-3A2B1837CA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB691E44-72A7-406C-9B1B-F6A8623521E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FE8E7C92-0ADD-40A2-B9B8-F9038B7FF8C7}" = protocol=58 | dir=in | app=system |
"TCP Query User{4C9BA945-5013-40E5-BA84-9A6BF3556C7D}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4DDC0131-5D1E-4EF8-AD81-F638C213D097}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{51247B46-7E21-4C06-8A45-E4EC6B9A9BDE}D:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe |
"TCP Query User{56ED6C79-2707-4C5E-A365-34DC808E83D4}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{5D22BF51-4861-4CCC-AC3F-DAB3A1E9D054}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{B66A883C-A554-4B4A-A2C3-62B4A962ED39}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{BDBD4314-63B1-4E30-B2B0-4FFC4767CD24}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BE8ADDEE-DC51-432A-ACB8-96CD7F1F7986}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{C19611A0-284E-4C2B-9F22-78B4580DEF66}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C5B5AD25-D756-4ED4-B344-D742F79438D0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{CE97DEB7-B5E5-4C3A-86C5-8D8E1993A730}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{DD226E22-7234-426D-BE7C-AF393A1F4F40}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{02DC44F8-C2E8-40FB-8701-976BF9D59CED}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{08FD3548-7667-4594-AA94-08D025BCAD62}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2B5EEABA-4EF2-4DEE-8ECE-BABF8449542B}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{5B3DB361-B659-41E5-A31D-7430F5974E74}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{6431705D-1AF2-44B7-B44C-0ACA9254C508}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{665605D3-8578-4A5A-8E06-9F7D60017FA3}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8CE9B30B-EE61-4F11-8A87-C8EB3B9DB9AC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{983585E4-B2F4-4371-8972-9657AD067BCF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9F76C71B-1927-4716-AB96-42081C52DAC7}D:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe |
"UDP Query User{BDF0C3CB-D116-4E3F-B6DF-BB6401E1B7B9}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E26F545E-D569-42E4-B378-F81FBF9A56EC}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{FF0D7133-65E4-4C76-87C6-1D16A3F20DBC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2B8577D-EECF-4062-BEB7-A8BE3FD679ED}" = HP Photosmart 6510 series - Grundlegende Software für das Gerät
"{B6D7EF7F-DE25-4E27-A88F-F43C7D728367}" = Project+ 2.5.1
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{D9710515-1C8F-4AF9-A61D-2E0287915B73}" = Studie zur Verbesserung von HP Photosmart 6510 series Produkten
"{E391E2FF-927F-46A6-8466-C688A2FAF1FB}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"4144-4862-0472-7103" = WorldPainter 0.6.12
"cFosSpeed" = cFosSpeed v6.02
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = Catalyst Control Center
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 2.8.0
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Hilfe
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C1AC5BDC-5441-4671-894D-70B542022652}" = calibre
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4DE3DB4-7734-47E5-8D92-B80146311406}" = Samsung Data Migration
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.35.0.0
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Photo Creations" = HP Photo Creations
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"SFBM" = SoundFont-Bank-Manager
"Steam App 203830" = The Dark Eye: Chains of Satinav
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.5.1.131
"Winload Toolbar" = Winload Toolbar
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"XMedia Recode" = XMedia Recode 3.0.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7d0ab3f03a657c8f" = BC2CC
"af8063ee51cc0619" = BF3CC
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2012 17:57:20 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5891
 
Error - 30.12.2012 04:46:11 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 03.01.2013 18:20:13 | Computer Name = Severin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cfosspeed.exe, Version: 6.2.1722.0,
 Zeitstempel: 0x4c9a0acf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0xdc4  Startzeit der fehlerhaften Anwendung: 0x01cde4944be75e8f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\cFosSpeed\cfosspeed.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: be1b0f63-55f3-11e2-b23d-002185345dc5
 
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078
 
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078
 
Error - 04.01.2013 17:30:18 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
 
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
 
Error - 08.01.2013 09:43:10 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 10.01.2013 19:52:40 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
3. Inhalt von Gmer.txt:
Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-11 01:49:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AAKS-65A7B0 rev.01.03B01 596,17GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Severin\AppData\Local\Temp\kxdirfow.sys


---- Threads - GMER 2.0 ----

Thread  C:\Windows\System32\svchost.exe [1788:1912]                                                                        000007fef8b89688
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1628]                                                      000000006ffefee5
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:772]                                                      0000000077b62e25
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1840]                                                      000000006ffe8f6c
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1936]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1272]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1132]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:208]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1980]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1216]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1020]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1432]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1504]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1184]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1488]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2028]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1484]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1796]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2000]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1292]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1608]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:552]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1224]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1792]                                                      0000000074f827c1
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:316]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:252]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1144]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1968]                                                      0000000077b63e45
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:784]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:284]                                                      0000000073f562ee
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1660]                                                      00000000747ac724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1516]                                                      0000000077b63e45
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:892]                                                      0000000070f632fb
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1376]                                                      00000000763ad864
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1492]                                                      0000000077b63e45
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1788]                                                    000007fefe3d0000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB5 0x35 0xA2 0xF2 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x71 0xAB 0xD4 0xF9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xFD 0xCB 0x2A 0x2A ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xB5 0x35 0xA2 0xF2 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x71 0xAB 0xD4 0xF9 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xFD 0xCB 0x2A 0x2A ...

---- EOF - GMER 2.0 ----
Das müsste erstmal alles sein. Ich hoffe ihr könnt damit etwas anfangen und mir weiterhelfen.

MfG Severin

markusg 11.01.2013 02:00
HI
ist nicht alles, öffne Malwarebytes, Logdateien, poste Berichte mit Funden.

Severin80 11.01.2013 08:55
Guten Morgen,

ich hab den Scan letzte Nacht noch gestartet, hier die Ergebnisse:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.13

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Severin :: SEVERIN-PC [Administrator]

11.01.2013 02:05:16
mbam-log-2013-01-11 (02-05-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 538289
Laufzeit: 57 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 18
E:\Files\Anwendungen\CryptLoad_1.1.4\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.
E:\Files\Anwendungen\cartograph_g_2011_04_20_bins\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Anwendungen\cartograph_g_2011_09_16_bins\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Collage lars und ich sonnenbrille.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Carina und Endrik\DSCF0511.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Carina und Endrik\DSCF0516.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Lars und ich 20.7\090720_184351_6.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\neu\IMAGE0005.BMP.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\neu\IMAGE0007.BMP.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Umbau\PICT2588.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Umbau\PICT2678.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Umbau\PICT3015.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Files\Diverses\von Deike\Weihnachten 2008\PICT2403.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Severin\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Ich hoffe es war richtig, dass ich den Kram schon gelöscht habe.

MfG Sören

markusg 11.01.2013 16:20
hi
gab es weitere ältere Logs mit Funden, dann posten bitte.

Severin80 11.01.2013 18:16
Hallo mal wieder,
nein tut mir leid, mehr habe ich nicht. Sollte irgendwo noch etwas sein?

MfG Severin

markusg 11.01.2013 19:36
hi
ne, muss nicht unbedingt :-)

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Severin80 11.01.2013 23:25
Nabend,

da haben wir uns vorhin knapp verpasst, schade. Aber gut, nun hab ich das Skript ausgeführt, mit folgendem Ergebnis:

Code:
All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
File C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\ProgramData\dsgsdgdsgdsgw.reg not found.
File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
File C:\Users\Severin\wgsdgsdgdsgsd.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Public
 
User: Severin
->Flash cache emptied: 4263846 bytes
 
Total Flash Files Cleaned = 4,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Severin
->Temp folder emptied: 328114825 bytes
->Temporary Internet Files folder emptied: 265008183 bytes
->Java cache emptied: 20089197 bytes
->FireFox cache emptied: 78139336 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1306309186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.905,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01112013_231255

Files\Folders moved on Reboot...
C:\Users\Severin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Hm, du wolltest da anscheinend mehr Dinge löschen, als er löschen konnte. Ich hab aber keine weiteren Reinigungsversuche unternommen gehabt, falls die Frage kommen sollte.

Der Neustart im normalen Modus funktionierte übrigens problemlos.

Kann man eingetlich hier irgendwo nachlesen, was OTL und die ganzen anderen Programme, die ihr so verwendet, eigentlich macht? Ich bin neugierig und würde gerne verstehen, was ich hier tue.

MfG Severin

markusg 13.01.2013 18:28
in den anleitungen der einzlnen programme
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Severin80 13.01.2013 19:43
Nabend,

Hier das Ergebnis:

Code:
19:38:33.0637 4628  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:38:33.0767 4628  ============================================================
19:38:33.0767 4628  Current date / time: 2013/01/13 19:38:33.0767
19:38:33.0767 4628  SystemInfo:
19:38:33.0767 4628 
19:38:33.0767 4628  OS Version: 6.1.7601 ServicePack: 1.0
19:38:33.0767 4628  Product type: Workstation
19:38:33.0768 4628  ComputerName: SEVERIN-PC
19:38:33.0768 4628  UserName: Severin
19:38:33.0768 4628  Windows directory: C:\Windows
19:38:33.0768 4628  System windows directory: C:\Windows
19:38:33.0768 4628  Running under WOW64
19:38:33.0768 4628  Processor architecture: Intel x64
19:38:33.0768 4628  Number of processors: 4
19:38:33.0768 4628  Page size: 0x1000
19:38:33.0768 4628  Boot type: Normal boot
19:38:33.0768 4628  ============================================================
19:38:34.0540 4628  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:34.0546 4628  ============================================================
19:38:34.0546 4628  \Device\Harddisk0\DR0:
19:38:34.0546 4628  MBR partitions:
19:38:34.0546 4628  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7800000
19:38:34.0546 4628  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0x19000000
19:38:34.0546 4628  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20800800, BlocksNum 0x2A056800
19:38:34.0546 4628  ============================================================
19:38:34.0572 4628  C: <-> \Device\Harddisk0\DR0\Partition1
19:38:34.0600 4628  D: <-> \Device\Harddisk0\DR0\Partition2
19:38:34.0634 4628  E: <-> \Device\Harddisk0\DR0\Partition3
19:38:34.0634 4628  ============================================================
19:38:34.0635 4628  Initialize success
19:38:34.0635 4628  ============================================================
19:38:59.0395 3696  ============================================================
19:38:59.0395 3696  Scan started
19:38:59.0395 3696  Mode: Manual; SigCheck; TDLFS;
19:38:59.0395 3696  ============================================================
19:38:59.0920 3696  ================ Scan system memory ========================
19:38:59.0920 3696  System memory - ok
19:38:59.0920 3696  ================ Scan services =============================
19:39:00.0056 3696  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:39:00.0193 3696  1394ohci - ok
19:39:00.0234 3696  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:39:00.0261 3696  ACPI - ok
19:39:00.0288 3696  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
19:39:00.0329 3696  AcpiPmi - ok
19:39:00.0458 3696  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:00.0480 3696  AdobeARMservice - ok
19:39:00.0526 3696  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:00.0563 3696  adp94xx - ok
19:39:00.0606 3696  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
19:39:00.0627 3696  adpahci - ok
19:39:00.0645 3696  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
19:39:00.0662 3696  adpu320 - ok
19:39:00.0690 3696  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
19:39:00.0742 3696  AeLookupSvc - ok
19:39:00.0792 3696  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
19:39:00.0848 3696  AFD - ok
19:39:00.0881 3696  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:39:00.0895 3696  agp440 - ok
19:39:00.0906 3696  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
19:39:00.0953 3696  ALG - ok
19:39:00.0967 3696  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:39:00.0981 3696  aliide - ok
19:39:01.0013 3696  [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:01.0042 3696  AMD External Events Utility - ok
19:39:01.0056 3696  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:39:01.0070 3696  amdide - ok
19:39:01.0091 3696  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
19:39:01.0126 3696  AmdK8 - ok
19:39:01.0363 3696  [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:01.0661 3696  amdkmdag - ok
19:39:01.0693 3696  [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:01.0717 3696  amdkmdap - ok
19:39:01.0744 3696  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:39:01.0787 3696  AmdPPM - ok
19:39:01.0808 3696  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
19:39:01.0830 3696  amdsata - ok
19:39:01.0851 3696  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:01.0876 3696  amdsbs - ok
19:39:01.0894 3696  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
19:39:01.0907 3696  amdxata - ok
19:39:01.0940 3696  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
19:39:02.0008 3696  AppID - ok
19:39:02.0031 3696  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:39:02.0082 3696  AppIDSvc - ok
19:39:02.0117 3696  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
19:39:02.0166 3696  Appinfo - ok
19:39:02.0246 3696  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:02.0265 3696  Apple Mobile Device - ok
19:39:02.0278 3696  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
19:39:02.0298 3696  arc - ok
19:39:02.0311 3696  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:39:02.0330 3696  arcsas - ok
19:39:02.0448 3696  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:39:02.0469 3696  aspnet_state - ok
19:39:02.0503 3696  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:39:02.0516 3696  aswFsBlk - ok
19:39:02.0539 3696  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
19:39:02.0552 3696  aswMonFlt - ok
19:39:02.0592 3696  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:39:02.0604 3696  aswRdr - ok
19:39:02.0646 3696  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:39:02.0673 3696  aswSnx - ok
19:39:02.0685 3696  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
19:39:02.0702 3696  aswSP - ok
19:39:02.0710 3696  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:39:02.0723 3696  aswTdi - ok
19:39:02.0729 3696  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:02.0779 3696  AsyncMac - ok
19:39:02.0802 3696  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
19:39:02.0815 3696  atapi - ok
19:39:02.0854 3696  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:39:02.0867 3696  AtiHDAudioService - ok
19:39:03.0049 3696  [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:03.0176 3696  atikmdag - ok
19:39:03.0215 3696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:03.0292 3696  AudioEndpointBuilder - ok
19:39:03.0302 3696  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:39:03.0342 3696  AudioSrv - ok
19:39:03.0426 3696  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:39:03.0440 3696  avast! Antivirus - ok
19:39:03.0479 3696  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:39:03.0515 3696  AxInstSV - ok
19:39:03.0551 3696  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:03.0588 3696  b06bdrv - ok
19:39:03.0619 3696  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:03.0665 3696  b57nd60a - ok
19:39:03.0775 3696  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc          C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:39:03.0800 3696  BBSvc - ok
19:39:03.0832 3696  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:39:03.0849 3696  BBUpdate - ok
19:39:03.0871 3696  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:39:03.0897 3696  BDESVC - ok
19:39:03.0922 3696  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:39:03.0991 3696  Beep - ok
19:39:04.0040 3696  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
19:39:04.0098 3696  BFE - ok
19:39:04.0121 3696  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:39:04.0198 3696  BITS - ok
19:39:04.0216 3696  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:04.0241 3696  blbdrive - ok
19:39:04.0288 3696  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:39:04.0313 3696  Bonjour Service - ok
19:39:04.0346 3696  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:39:04.0360 3696  bowser - ok
19:39:04.0404 3696  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:04.0448 3696  BrFiltLo - ok
19:39:04.0463 3696  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:04.0481 3696  BrFiltUp - ok
19:39:04.0517 3696  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
19:39:04.0542 3696  Browser - ok
19:39:04.0559 3696  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
19:39:04.0603 3696  Brserid - ok
19:39:04.0619 3696  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:04.0648 3696  BrSerWdm - ok
19:39:04.0659 3696  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:04.0693 3696  BrUsbMdm - ok
19:39:04.0709 3696  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:04.0725 3696  BrUsbSer - ok
19:39:04.0737 3696  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:04.0769 3696  BTHMODEM - ok
19:39:04.0799 3696  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
19:39:04.0845 3696  bthserv - ok
19:39:04.0859 3696  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:39:04.0897 3696  cdfs - ok
19:39:04.0937 3696  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
19:39:04.0962 3696  cdrom - ok
19:39:05.0000 3696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
19:39:05.0070 3696  CertPropSvc - ok
19:39:05.0134 3696  [ BBFFE2A1430FD787C11B7A2DB8987A84 ] cFosSpeed      C:\Windows\system32\DRIVERS\cfosspeed6.sys
19:39:05.0195 3696  cFosSpeed - ok
19:39:05.0235 3696  [ D86C0A0F22E893BAFE4AECEFAC8ECA8E ] cFosSpeedS      C:\Program Files\cFosSpeed\spd.exe
19:39:05.0261 3696  cFosSpeedS - ok
19:39:05.0280 3696  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:39:05.0310 3696  circlass - ok
19:39:05.0328 3696  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:39:05.0349 3696  CLFS - ok
19:39:05.0425 3696  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:05.0446 3696  clr_optimization_v2.0.50727_32 - ok
19:39:05.0477 3696  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:05.0496 3696  clr_optimization_v2.0.50727_64 - ok
19:39:05.0574 3696  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:05.0625 3696  clr_optimization_v4.0.30319_32 - ok
19:39:05.0648 3696  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:05.0661 3696  clr_optimization_v4.0.30319_64 - ok
19:39:05.0683 3696  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:05.0710 3696  CmBatt - ok
19:39:05.0736 3696  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:39:05.0751 3696  cmdide - ok
19:39:05.0778 3696  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG            C:\Windows\system32\Drivers\cng.sys
19:39:05.0813 3696  CNG - ok
19:39:05.0824 3696  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:39:05.0839 3696  Compbatt - ok
19:39:05.0871 3696  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:39:05.0907 3696  CompositeBus - ok
19:39:05.0924 3696  COMSysApp - ok
19:39:05.0938 3696  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:05.0953 3696  crcdisk - ok
19:39:05.0997 3696  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:39:06.0017 3696  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0017 3696  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:39:06.0047 3696  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:39:06.0063 3696  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0063 3696  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:39:06.0108 3696  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:39:06.0149 3696  CryptSvc - ok
19:39:06.0190 3696  [ DF908DFC09A49F6F71A88E1EBFED97D6 ] CT20XUT        C:\Windows\system32\drivers\CT20XUT.SYS
19:39:06.0211 3696  CT20XUT - ok
19:39:06.0224 3696  [ DF908DFC09A49F6F71A88E1EBFED97D6 ] CT20XUT.SYS    C:\Windows\System32\drivers\CT20XUT.SYS
19:39:06.0237 3696  CT20XUT.SYS - ok
19:39:06.0270 3696  [ 8B15225C82E7F6064D4523DF494BF112 ] ctac32k        C:\Windows\system32\drivers\ctac32k.sys
19:39:06.0288 3696  ctac32k - ok
19:39:06.0307 3696  [ 80298AE72BDCF141DE89CF4DD54E286A ] ctaud2k        C:\Windows\system32\drivers\ctaud2k.sys
19:39:06.0325 3696  ctaud2k - ok
19:39:06.0404 3696  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:39:06.0425 3696  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0425 3696  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:39:06.0461 3696  [ 76E301B0465F0F8D4AD50B1E21A429F2 ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
19:39:06.0490 3696  CTEXFIFX - ok
19:39:06.0527 3696  [ 76E301B0465F0F8D4AD50B1E21A429F2 ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
19:39:06.0556 3696  CTEXFIFX.SYS - ok
19:39:06.0567 3696  [ 9DD0C0D2EAABB276229B0FBADBABBCDE ] CTHWIUT        C:\Windows\system32\drivers\CTHWIUT.SYS
19:39:06.0579 3696  CTHWIUT - ok
19:39:06.0583 3696  [ 9DD0C0D2EAABB276229B0FBADBABBCDE ] CTHWIUT.SYS    C:\Windows\System32\drivers\CTHWIUT.SYS
19:39:06.0595 3696  CTHWIUT.SYS - ok
19:39:06.0602 3696  [ 95FE230FB90AAE0240ED6B5882659236 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
19:39:06.0612 3696  ctprxy2k - ok
19:39:06.0628 3696  [ 95DEEDAC0EB4EA39E8E52C82874ECD55 ] ctsfm2k        C:\Windows\system32\drivers\ctsfm2k.sys
19:39:06.0641 3696  ctsfm2k - ok
19:39:06.0679 3696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:39:06.0783 3696  DcomLaunch - ok
19:39:06.0920 3696  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
19:39:06.0987 3696  defragsvc - ok
19:39:07.0027 3696  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:39:07.0083 3696  DfsC - ok
19:39:07.0120 3696  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:39:07.0160 3696  Dhcp - ok
19:39:07.0185 3696  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:39:07.0220 3696  discache - ok
19:39:07.0246 3696  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:39:07.0261 3696  Disk - ok
19:39:07.0292 3696  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:39:07.0333 3696  Dnscache - ok
19:39:07.0365 3696  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
19:39:07.0444 3696  dot3svc - ok
19:39:07.0489 3696  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:39:07.0530 3696  Dot4 - ok
19:39:07.0544 3696  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:39:07.0574 3696  Dot4Print - ok
19:39:07.0593 3696  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
19:39:07.0618 3696  dot4usb - ok
19:39:07.0649 3696  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
19:39:07.0696 3696  DPS - ok
19:39:07.0734 3696  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
19:39:07.0774 3696  drmkaud - ok
19:39:07.0813 3696  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
19:39:07.0840 3696  DXGKrnl - ok
19:39:07.0862 3696  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
19:39:07.0905 3696  EapHost - ok
19:39:07.0973 3696  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
19:39:08.0063 3696  ebdrv - ok
19:39:08.0089 3696  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
19:39:08.0136 3696  EFS - ok
19:39:08.0177 3696  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
19:39:08.0238 3696  ehRecvr - ok
19:39:08.0260 3696  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
19:39:08.0290 3696  ehSched - ok
19:39:08.0317 3696  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
19:39:08.0342 3696  elxstor - ok
19:39:08.0373 3696  [ 1125E333BB0BA07EA83C13AEDA00ECCB ] emupia          C:\Windows\system32\drivers\emupia2k.sys
19:39:08.0385 3696  emupia - ok
19:39:08.0412 3696  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:39:08.0442 3696  ErrDev - ok
19:39:08.0478 3696  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
19:39:08.0549 3696  EventSystem - ok
19:39:08.0563 3696  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
19:39:08.0612 3696  exfat - ok
19:39:08.0631 3696  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
19:39:08.0683 3696  fastfat - ok
19:39:08.0729 3696  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
19:39:08.0786 3696  Fax - ok
19:39:08.0800 3696  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
19:39:08.0817 3696  fdc - ok
19:39:08.0826 3696  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
19:39:08.0876 3696  fdPHost - ok
19:39:08.0886 3696  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:39:08.0932 3696  FDResPub - ok
19:39:08.0947 3696  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:39:08.0961 3696  FileInfo - ok
19:39:08.0970 3696  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
19:39:09.0031 3696  Filetrace - ok
19:39:09.0034 3696  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:09.0059 3696  flpydisk - ok
19:39:09.0087 3696  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:39:09.0104 3696  FltMgr - ok
19:39:09.0147 3696  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
19:39:09.0205 3696  FontCache - ok
19:39:09.0250 3696  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:09.0262 3696  FontCache3.0.0.0 - ok
19:39:09.0273 3696  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
19:39:09.0289 3696  FsDepends - ok
19:39:09.0317 3696  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:39:09.0337 3696  Fs_Rec - ok
19:39:09.0377 3696  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:39:09.0434 3696  fvevol - ok
19:39:09.0457 3696  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:09.0472 3696  gagp30kx - ok
19:39:09.0501 3696  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:09.0512 3696  GEARAspiWDM - ok
19:39:09.0551 3696  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
19:39:09.0612 3696  gpsvc - ok
19:39:09.0687 3696  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:09.0706 3696  gupdate - ok
19:39:09.0737 3696  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:09.0754 3696  gupdatem - ok
19:39:09.0790 3696  [ FB82CE21D7B134DE2D270DB9DA646818 ] ha20x2k        C:\Windows\system32\drivers\ha20x2k.sys
19:39:09.0820 3696  ha20x2k - ok
19:39:09.0852 3696  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
19:39:09.0864 3696  hamachi - ok
19:39:09.0956 3696  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:39:10.0007 3696  Hamachi2Svc - ok
19:39:10.0023 3696  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:39:10.0053 3696  hcw85cir - ok
19:39:10.0102 3696  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:10.0133 3696  HdAudAddService - ok
19:39:10.0159 3696  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:39:10.0190 3696  HDAudBus - ok
19:39:10.0206 3696  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:10.0231 3696  HidBatt - ok
19:39:10.0248 3696  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:39:10.0279 3696  HidBth - ok
19:39:10.0293 3696  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
19:39:10.0322 3696  HidIr - ok
19:39:10.0341 3696  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
19:39:10.0390 3696  hidserv - ok
19:39:10.0436 3696  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:39:10.0458 3696  HidUsb - ok
19:39:10.0485 3696  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:39:10.0532 3696  hkmsvc - ok
19:39:10.0558 3696  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:10.0592 3696  HomeGroupListener - ok
19:39:10.0623 3696  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:10.0651 3696  HomeGroupProvider - ok
19:39:10.0685 3696  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:39:10.0701 3696  HpSAMD - ok
19:39:10.0746 3696  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:39:10.0812 3696  HTTP - ok
19:39:10.0841 3696  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:39:10.0854 3696  hwpolicy - ok
19:39:10.0877 3696  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:39:10.0894 3696  i8042prt - ok
19:39:10.0920 3696  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
19:39:10.0944 3696  iaStorV - ok
19:39:10.0985 3696  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:11.0029 3696  idsvc - ok
19:39:11.0057 3696  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
19:39:11.0077 3696  iirsp - ok
19:39:11.0106 3696  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:39:11.0168 3696  IKEEXT - ok
19:39:11.0185 3696  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:39:11.0199 3696  intelide - ok
19:39:11.0218 3696  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:39:11.0232 3696  intelppm - ok
19:39:11.0266 3696  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
19:39:11.0316 3696  IPBusEnum - ok
19:39:11.0343 3696  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:11.0394 3696  IpFilterDriver - ok
19:39:11.0432 3696  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:39:11.0463 3696  iphlpsvc - ok
19:39:11.0490 3696  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
19:39:11.0525 3696  IPMIDRV - ok
19:39:11.0547 3696  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
19:39:11.0596 3696  IPNAT - ok
19:39:11.0662 3696  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:39:11.0700 3696  iPod Service - ok
19:39:11.0724 3696  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:39:11.0754 3696  IRENUM - ok
19:39:11.0768 3696  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:39:11.0782 3696  isapnp - ok
19:39:11.0796 3696  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:39:11.0815 3696  iScsiPrt - ok
19:39:11.0835 3696  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:11.0850 3696  kbdclass - ok
19:39:11.0882 3696  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:11.0907 3696  kbdhid - ok
19:39:11.0922 3696  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:39:11.0937 3696  KeyIso - ok
19:39:11.0978 3696  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:39:11.0994 3696  KSecDD - ok
19:39:12.0027 3696  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
19:39:12.0043 3696  KSecPkg - ok
19:39:12.0055 3696  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
19:39:12.0096 3696  ksthunk - ok
19:39:12.0127 3696  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
19:39:12.0206 3696  KtmRm - ok
19:39:12.0243 3696  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:39:12.0293 3696  LanmanServer - ok
19:39:12.0327 3696  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:12.0371 3696  LanmanWorkstation - ok
19:39:12.0466 3696  [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:39:12.0493 3696  LBTServ - ok
19:39:12.0542 3696  [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:39:12.0558 3696  LHidFilt - ok
19:39:12.0579 3696  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:39:12.0635 3696  lltdio - ok
19:39:12.0662 3696  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
19:39:12.0713 3696  lltdsvc - ok
19:39:12.0726 3696  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
19:39:12.0763 3696  lmhosts - ok
19:39:12.0767 3696  [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:39:12.0777 3696  LMouFilt - ok
19:39:12.0795 3696  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:12.0810 3696  LSI_FC - ok
19:39:12.0826 3696  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:12.0842 3696  LSI_SAS - ok
19:39:12.0856 3696  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:12.0871 3696  LSI_SAS2 - ok
19:39:12.0887 3696  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:12.0903 3696  LSI_SCSI - ok
19:39:12.0924 3696  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
19:39:12.0973 3696  luafv - ok
19:39:12.0995 3696  [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
19:39:13.0006 3696  LUsbFilt - ok
19:39:13.0032 3696  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
19:39:13.0059 3696  Mcx2Svc - ok
19:39:13.0071 3696  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
19:39:13.0086 3696  megasas - ok
19:39:13.0097 3696  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:13.0115 3696  MegaSR - ok
19:39:13.0141 3696  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
19:39:13.0191 3696  MMCSS - ok
19:39:13.0207 3696  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
19:39:13.0252 3696  Modem - ok
19:39:13.0281 3696  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
19:39:13.0310 3696  monitor - ok
19:39:13.0331 3696  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:39:13.0345 3696  mouclass - ok
19:39:13.0360 3696  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:39:13.0404 3696  mouhid - ok
19:39:13.0437 3696  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:39:13.0452 3696  mountmgr - ok
19:39:13.0500 3696  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:13.0521 3696  MozillaMaintenance - ok
19:39:13.0545 3696  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:39:13.0561 3696  mpio - ok
19:39:13.0573 3696  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:39:13.0609 3696  mpsdrv - ok
19:39:13.0647 3696  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:39:13.0730 3696  MpsSvc - ok
19:39:13.0765 3696  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:39:13.0795 3696  MRxDAV - ok
19:39:13.0822 3696  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:13.0847 3696  mrxsmb - ok
19:39:13.0872 3696  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:13.0899 3696  mrxsmb10 - ok
19:39:13.0925 3696  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:13.0963 3696  mrxsmb20 - ok
19:39:13.0985 3696  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:39:13.0999 3696  msahci - ok
19:39:14.0013 3696  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
19:39:14.0028 3696  msdsm - ok
19:39:14.0040 3696  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
19:39:14.0066 3696  MSDTC - ok
19:39:14.0102 3696  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:39:14.0137 3696  Msfs - ok
19:39:14.0142 3696  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
19:39:14.0184 3696  mshidkmdf - ok
19:39:14.0212 3696  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:39:14.0226 3696  msisadrv - ok
19:39:14.0256 3696  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
19:39:14.0306 3696  MSiSCSI - ok
19:39:14.0310 3696  msiserver - ok
19:39:14.0325 3696  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
19:39:14.0367 3696  MSKSSRV - ok
19:39:14.0418 3696  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:14.0470 3696  MSPCLOCK - ok
19:39:14.0482 3696  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
19:39:14.0527 3696  MSPQM - ok
19:39:14.0557 3696  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
19:39:14.0576 3696  MsRPC - ok
19:39:14.0592 3696  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:39:14.0605 3696  mssmbios - ok
19:39:14.0608 3696  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
19:39:14.0657 3696  MSTEE - ok
19:39:14.0670 3696  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:14.0692 3696  MTConfig - ok
19:39:14.0711 3696  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
19:39:14.0725 3696  Mup - ok
19:39:14.0754 3696  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:39:14.0811 3696  napagent - ok
19:39:14.0835 3696  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
19:39:14.0866 3696  NativeWifiP - ok
19:39:14.0913 3696  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:39:14.0959 3696  NDIS - ok
19:39:14.0974 3696  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:15.0010 3696  NdisCap - ok
19:39:15.0033 3696  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:15.0077 3696  NdisTapi - ok
19:39:15.0116 3696  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:15.0158 3696  Ndisuio - ok
19:39:15.0182 3696  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:15.0226 3696  NdisWan - ok
19:39:15.0252 3696  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
19:39:15.0306 3696  NDProxy - ok
19:39:15.0373 3696  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:39:15.0403 3696  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:15.0403 3696  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:15.0415 3696  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
19:39:15.0469 3696  NetBIOS - ok
19:39:15.0505 3696  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
19:39:15.0548 3696  NetBT - ok
19:39:15.0563 3696  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:39:15.0579 3696  Netlogon - ok
19:39:15.0605 3696  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:39:15.0656 3696  Netman - ok
19:39:15.0683 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0695 3696  NetMsmqActivator - ok
19:39:15.0717 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0728 3696  NetPipeActivator - ok
19:39:15.0741 3696  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:39:15.0805 3696  netprofm - ok
19:39:15.0810 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0821 3696  NetTcpActivator - ok
19:39:15.0825 3696  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0837 3696  NetTcpPortSharing - ok
19:39:15.0859 3696  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:15.0874 3696  nfrd960 - ok
19:39:15.0901 3696  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:39:15.0937 3696  NlaSvc - ok
19:39:15.0988 3696  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd          C:\Windows\system32\drivers\ccdcmbx64.sys
19:39:16.0036 3696  nmwcd - ok
19:39:16.0069 3696  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
19:39:16.0122 3696  nmwcdc - ok
19:39:16.0143 3696  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:39:16.0178 3696  Npfs - ok
19:39:16.0198 3696  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
19:39:16.0256 3696  nsi - ok
19:39:16.0271 3696  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:39:16.0320 3696  nsiproxy - ok
19:39:16.0400 3696  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:39:16.0473 3696  Ntfs - ok
19:39:16.0487 3696  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:39:16.0522 3696  Null - ok
19:39:16.0559 3696  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:39:16.0575 3696  nvraid - ok
19:39:16.0599 3696  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:39:16.0615 3696  nvstor - ok
19:39:16.0637 3696  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:39:16.0653 3696  nv_agp - ok
19:39:16.0679 3696  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:39:16.0702 3696  ohci1394 - ok
19:39:16.0718 3696  [ FA78441F605C39545810F33A08528AEA ] ossrv          C:\Windows\system32\drivers\ctoss2k.sys
19:39:16.0730 3696  ossrv - ok
19:39:16.0740 3696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:39:16.0771 3696  p2pimsvc - ok
19:39:16.0790 3696  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:39:16.0822 3696  p2psvc - ok
19:39:16.0847 3696  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
19:39:16.0862 3696  Parport - ok
19:39:16.0894 3696  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
19:39:16.0909 3696  partmgr - ok
19:39:16.0924 3696  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:39:16.0956 3696  PcaSvc - ok
19:39:16.0994 3696  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:39:17.0095 3696  pccsmcfd - ok
19:39:17.0155 3696  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
19:39:17.0189 3696  pci - ok
19:39:17.0236 3696  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:39:17.0257 3696  pciide - ok
19:39:17.0278 3696  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:17.0297 3696  pcmcia - ok
19:39:17.0315 3696  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
19:39:17.0330 3696  pcw - ok
19:39:17.0344 3696  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:39:17.0414 3696  PEAUTH - ok
19:39:17.0489 3696  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:39:17.0521 3696  PerfHost - ok
19:39:17.0578 3696  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
19:39:17.0657 3696  pla - ok
19:39:17.0683 3696  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:39:17.0715 3696  PlugPlay - ok
19:39:17.0747 3696  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:39:17.0755 3696  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:17.0755 3696  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:17.0766 3696  PnkBstrA - ok
19:39:17.0787 3696  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
19:39:17.0823 3696  PNRPAutoReg - ok
19:39:17.0841 3696  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
19:39:17.0860 3696  PNRPsvc - ok
19:39:17.0892 3696  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
19:39:17.0945 3696  PolicyAgent - ok
19:39:17.0973 3696  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
19:39:18.0027 3696  Power - ok
19:39:18.0054 3696  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:39:18.0090 3696  PptpMiniport - ok
19:39:18.0115 3696  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
19:39:18.0144 3696  Processor - ok
19:39:18.0169 3696  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
19:39:18.0189 3696  ProfSvc - ok
19:39:18.0196 3696  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:18.0213 3696  ProtectedStorage - ok
19:39:18.0244 3696  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:39:18.0289 3696  Psched - ok
19:39:18.0329 3696  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:39:18.0380 3696  ql2300 - ok
19:39:18.0411 3696  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:18.0428 3696  ql40xx - ok
19:39:18.0453 3696  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
19:39:18.0488 3696  QWAVE - ok
19:39:18.0505 3696  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:39:18.0524 3696  QWAVEdrv - ok
19:39:18.0539 3696  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:39:18.0599 3696  RasAcd - ok
19:39:18.0627 3696  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:18.0662 3696  RasAgileVpn - ok
19:39:18.0673 3696  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
19:39:18.0712 3696  RasAuto - ok
19:39:18.0742 3696  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:18.0805 3696  Rasl2tp - ok
19:39:18.0836 3696  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:39:18.0878 3696  RasMan - ok
19:39:18.0894 3696  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:18.0936 3696  RasPppoe - ok
19:39:18.0950 3696  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
19:39:18.0992 3696  RasSstp - ok
19:39:19.0022 3696  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
19:39:19.0067 3696  rdbss - ok
19:39:19.0080 3696  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:19.0110 3696  rdpbus - ok
19:39:19.0118 3696  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:19.0155 3696  RDPCDD - ok
19:39:19.0165 3696  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:39:19.0213 3696  RDPENCDD - ok
19:39:19.0226 3696  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:39:19.0261 3696  RDPREFMP - ok
19:39:19.0305 3696  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:39:19.0334 3696  RdpVideoMiniport - ok
19:39:19.0379 3696  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
19:39:19.0430 3696  RDPWD - ok
19:39:19.0465 3696  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:39:19.0489 3696  rdyboost - ok
19:39:19.0510 3696  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:39:19.0558 3696  RemoteAccess - ok
19:39:19.0587 3696  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:39:19.0639 3696  RemoteRegistry - ok
19:39:19.0661 3696  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:39:19.0712 3696  RpcEptMapper - ok
19:39:19.0733 3696  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:39:19.0765 3696  RpcLocator - ok
19:39:19.0802 3696  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
19:39:19.0843 3696  RpcSs - ok
19:39:19.0866 3696  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:39:19.0924 3696  rspndr - ok
19:39:19.0961 3696  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:19.0987 3696  RTL8167 - ok
19:39:19.0997 3696  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
19:39:20.0013 3696  SamSs - ok
19:39:20.0036 3696  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:39:20.0052 3696  sbp2port - ok
19:39:20.0064 3696  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:39:20.0113 3696  SCardSvr - ok
19:39:20.0136 3696  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:39:20.0190 3696  scfilter - ok
19:39:20.0236 3696  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:39:20.0301 3696  Schedule - ok
19:39:20.0333 3696  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
19:39:20.0367 3696  SCPolicySvc - ok
19:39:20.0429 3696  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:39:20.0463 3696  SDRSVC - ok
19:39:20.0481 3696  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:39:20.0524 3696  secdrv - ok
19:39:20.0552 3696  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:39:20.0600 3696  seclogon - ok
19:39:20.0610 3696  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:39:20.0648 3696  SENS - ok
19:39:20.0655 3696  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:39:20.0685 3696  SensrSvc - ok
19:39:20.0699 3696  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
19:39:20.0716 3696  Serenum - ok
19:39:20.0729 3696  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:39:20.0759 3696  Serial - ok
19:39:20.0779 3696  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:39:20.0796 3696  sermouse - ok
19:39:20.0857 3696  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:39:20.0898 3696  ServiceLayer - ok
19:39:20.0935 3696  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:39:20.0973 3696  SessionEnv - ok
19:39:21.0002 3696  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
19:39:21.0032 3696  sffdisk - ok
19:39:21.0046 3696  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:39:21.0070 3696  sffp_mmc - ok
19:39:21.0073 3696  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
19:39:21.0097 3696  sffp_sd - ok
19:39:21.0114 3696  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:21.0130 3696  sfloppy - ok
19:39:21.0153 3696  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:39:21.0203 3696  SharedAccess - ok
19:39:21.0231 3696  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:21.0291 3696  ShellHWDetection - ok
19:39:21.0311 3696  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:21.0326 3696  SiSRaid2 - ok
19:39:21.0338 3696  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:21.0353 3696  SiSRaid4 - ok
19:39:21.0396 3696  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
19:39:21.0434 3696  Smb - ok
19:39:21.0460 3696  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:39:21.0478 3696  SNMPTRAP - ok
19:39:21.0499 3696  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
19:39:21.0513 3696  spldr - ok
19:39:21.0550 3696  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
19:39:21.0605 3696  Spooler - ok
19:39:21.0686 3696  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:39:21.0818 3696  sppsvc - ok
19:39:21.0839 3696  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
19:39:21.0890 3696  sppuinotify - ok
19:39:21.0951 3696  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
19:39:21.0988 3696  sptd - ok
19:39:22.0021 3696  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
19:39:22.0053 3696  srv - ok
19:39:22.0088 3696  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:39:22.0107 3696  srv2 - ok
19:39:22.0123 3696  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:39:22.0146 3696  srvnet - ok
19:39:22.0171 3696  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
19:39:22.0224 3696  SSDPSRV - ok
19:39:22.0243 3696  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
19:39:22.0283 3696  SstpSvc - ok
19:39:22.0329 3696  Steam Client Service - ok
19:39:22.0354 3696  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:39:22.0375 3696  stexstor - ok
19:39:22.0420 3696  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:39:22.0458 3696  StillCam - ok
19:39:22.0506 3696  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:39:22.0563 3696  stisvc - ok
19:39:22.0588 3696  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:39:22.0608 3696  swenum - ok
19:39:22.0641 3696  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
19:39:22.0709 3696  swprv - ok
19:39:22.0759 3696  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
19:39:22.0829 3696  SysMain - ok
19:39:22.0856 3696  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:22.0893 3696  TabletInputService - ok
19:39:22.0934 3696  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
19:39:22.0950 3696  taphss - ok
19:39:22.0982 3696  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
19:39:23.0055 3696  TapiSrv - ok
19:39:23.0067 3696  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
19:39:23.0117 3696  TBS - ok
19:39:23.0172 3696  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
19:39:23.0245 3696  Tcpip - ok
19:39:23.0283 3696  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:39:23.0321 3696  TCPIP6 - ok
19:39:23.0338 3696  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:39:23.0371 3696  tcpipreg - ok
19:39:23.0406 3696  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:39:23.0439 3696  TDPIPE - ok
19:39:23.0470 3696  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
19:39:23.0499 3696  TDTCP - ok
19:39:23.0532 3696  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
19:39:23.0584 3696  tdx - ok
19:39:23.0704 3696  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:39:23.0774 3696  TeamViewer8 - ok
19:39:23.0819 3696  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn  C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:39:23.0836 3696  teamviewervpn - ok
19:39:23.0861 3696  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:39:23.0876 3696  TermDD - ok
19:39:23.0913 3696  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
19:39:23.0966 3696  TermService - ok
19:39:23.0988 3696  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:39:24.0020 3696  Themes - ok
19:39:24.0041 3696  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
19:39:24.0077 3696  THREADORDER - ok
19:39:24.0092 3696  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:39:24.0144 3696  TrkWks - ok
19:39:24.0183 3696  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt      C:\Windows\system32\drivers\truecrypt.sys
19:39:24.0198 3696  truecrypt - ok
19:39:24.0246 3696  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:24.0310 3696  TrustedInstaller - ok
19:39:24.0343 3696  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:24.0387 3696  tssecsrv - ok
19:39:24.0440 3696  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:39:24.0471 3696  TsUsbFlt - ok
19:39:24.0510 3696  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:39:24.0557 3696  tunnel - ok
19:39:24.0581 3696  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:39:24.0597 3696  uagp35 - ok
19:39:24.0623 3696  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:39:24.0675 3696  udfs - ok
19:39:24.0703 3696  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
19:39:24.0722 3696  UI0Detect - ok
19:39:24.0733 3696  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:39:24.0749 3696  uliagpkx - ok
19:39:24.0776 3696  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
19:39:24.0802 3696  umbus - ok
19:39:24.0813 3696  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:39:24.0829 3696  UmPass - ok
19:39:24.0847 3696  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:39:24.0910 3696  upnphost - ok
19:39:24.0942 3696  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:39:24.0970 3696  upperdev - ok
19:39:24.0996 3696  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:25.0028 3696  usbccgp - ok
19:39:25.0065 3696  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:39:25.0103 3696  usbcir - ok
19:39:25.0128 3696  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
19:39:25.0150 3696  usbehci - ok
19:39:25.0187 3696  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:39:25.0225 3696  usbhub - ok
19:39:25.0239 3696  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
19:39:25.0257 3696  usbohci - ok
19:39:25.0271 3696  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:39:25.0290 3696  usbprint - ok
19:39:25.0333 3696  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:39:25.0354 3696  usbser - ok
19:39:25.0417 3696  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:39:25.0456 3696  UsbserFilt - ok
19:39:25.0475 3696  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:25.0501 3696  USBSTOR - ok
19:39:25.0522 3696  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:25.0538 3696  usbuhci - ok
19:39:25.0558 3696  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
19:39:25.0596 3696  UxSms - ok
19:39:25.0604 3696  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:39:25.0621 3696  VaultSvc - ok
19:39:25.0658 3696  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:39:25.0672 3696  vdrvroot - ok
19:39:25.0715 3696  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
19:39:25.0768 3696  vds - ok
19:39:25.0786 3696  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:25.0805 3696  vga - ok
19:39:25.0815 3696  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
19:39:25.0856 3696  VgaSave - ok
19:39:25.0888 3696  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
19:39:25.0907 3696  vhdmp - ok
19:39:25.0920 3696  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:39:25.0935 3696  viaide - ok
19:39:25.0946 3696  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:39:25.0960 3696  volmgr - ok
19:39:25.0988 3696  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
19:39:26.0008 3696  volmgrx - ok
19:39:26.0019 3696  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
19:39:26.0038 3696  volsnap - ok
19:39:26.0072 3696  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
19:39:26.0088 3696  vpcbus - ok
19:39:26.0122 3696  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:39:26.0159 3696  vpcnfltr - ok
19:39:26.0177 3696  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
19:39:26.0210 3696  vpcusb - ok
19:39:26.0253 3696  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
19:39:26.0276 3696  vpcvmm - ok
19:39:26.0310 3696  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
19:39:26.0328 3696  vsmraid - ok
19:39:26.0401 3696  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
19:39:26.0485 3696  VSS - ok
19:39:26.0511 3696  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:39:26.0538 3696  vwifibus - ok
19:39:26.0562 3696  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
19:39:26.0626 3696  W32Time - ok
19:39:26.0640 3696  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:39:26.0665 3696  WacomPen - ok
19:39:26.0705 3696  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:39:26.0750 3696  WANARP - ok
19:39:26.0758 3696  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:39:26.0793 3696  Wanarpv6 - ok
19:39:26.0832 3696  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:39:26.0878 3696  wbengine - ok
19:39:26.0894 3696  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:39:26.0920 3696  WbioSrvc - ok
19:39:26.0954 3696  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
19:39:26.0997 3696  wcncsvc - ok
19:39:27.0013 3696  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:27.0031 3696  WcsPlugInService - ok
19:39:27.0048 3696  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:39:27.0062 3696  Wd - ok
19:39:27.0104 3696  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:39:27.0148 3696  Wdf01000 - ok
19:39:27.0159 3696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:39:27.0194 3696  WdiServiceHost - ok
19:39:27.0197 3696  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
19:39:27.0220 3696  WdiSystemHost - ok
19:39:27.0249 3696  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
19:39:27.0280 3696  WebClient - ok
19:39:27.0311 3696  [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:39:27.0354 3696  Wecsvc - ok
19:39:27.0372 3696  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
19:39:27.0446 3696  wercplsupport - ok
19:39:27.0459 3696  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:39:27.0511 3696  WerSvc - ok
19:39:27.0536 3696  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:27.0571 3696  WfpLwf - ok
19:39:27.0582 3696  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:39:27.0597 3696  WIMMount - ok
19:39:27.0604 3696  WinDefend - ok
19:39:27.0641 3696  [ E32EEC5A7F8D3B57C9C18A93B67137E8 ] Windows7FirewallService C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
19:39:27.0662 3696  Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
19:39:27.0662 3696  Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
19:39:27.0664 3696  WinHttpAutoProxySvc - ok
19:39:27.0719 3696  [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
19:39:27.0759 3696  Winmgmt - ok
19:39:27.0831 3696  [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM          C:\Windows\system32\WsmSvc.dll
19:39:27.0911 3696  WinRM - ok
19:39:27.0965 3696  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:27.0985 3696  WinUsb - ok
19:39:28.0021 3696  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
19:39:28.0082 3696  Wlansvc - ok
19:39:28.0108 3696  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
19:39:28.0124 3696  WmiAcpi - ok
19:39:28.0138 3696  [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:39:28.0164 3696  wmiApSrv - ok
19:39:28.0193 3696  WMPNetworkSvc - ok
19:39:28.0200 3696  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:39:28.0218 3696  WPCSvc - ok
19:39:28.0244 3696  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:39:28.0265 3696  WPDBusEnum - ok
19:39:28.0287 3696  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
19:39:28.0330 3696  ws2ifsl - ok
19:39:28.0348 3696  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:39:28.0384 3696  wscsvc - ok
19:39:28.0411 3696  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:39:28.0439 3696  WSDPrintDevice - ok
19:39:28.0443 3696  WSearch - ok
19:39:28.0508 3696  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:39:28.0607 3696  wuauserv - ok
19:39:28.0633 3696  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:39:28.0659 3696  WudfPf - ok
19:39:28.0685 3696  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:28.0715 3696  WUDFRd - ok
19:39:28.0740 3696  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
19:39:28.0772 3696  wudfsvc - ok
19:39:28.0787 3696  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
19:39:28.0826 3696  WwanSvc - ok
19:39:28.0839 3696  ================ Scan global ===============================
19:39:28.0859 3696  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:39:28.0891 3696  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:39:28.0913 3696  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:39:28.0944 3696  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:39:28.0969 3696  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:39:28.0985 3696  [Global] - ok
19:39:28.0985 3696  ================ Scan MBR ==================================
19:39:28.0990 3696  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:39:29.0253 3696  \Device\Harddisk0\DR0 - ok
19:39:29.0254 3696  ================ Scan VBR ==================================
19:39:29.0257 3696  [ 2B2FCCCB3093449100FF0F5F590D4AF3 ] \Device\Harddisk0\DR0\Partition1
19:39:29.0258 3696  \Device\Harddisk0\DR0\Partition1 - ok
19:39:29.0294 3696  [ BF78523CFA1A5DA6AD35E18E01259135 ] \Device\Harddisk0\DR0\Partition2
19:39:29.0296 3696  \Device\Harddisk0\DR0\Partition2 - ok
19:39:29.0314 3696  [ 521A615D93809E1EA86DF87CEFB8C5AA ] \Device\Harddisk0\DR0\Partition3
19:39:29.0316 3696  \Device\Harddisk0\DR0\Partition3 - ok
19:39:29.0316 3696  ============================================================
19:39:29.0316 3696  Scan finished
19:39:29.0316 3696  ============================================================
19:39:29.0327 5904  Detected object count: 6
19:39:29.0327 5904  Actual detected object count: 6
19:39:51.0066 5904  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0066 5904  Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0068 5904  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0068 5904  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0069 5904  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0069 5904  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0071 5904  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0071 5904  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0073 5904  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0073 5904  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0074 5904  Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0074 5904  Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Bin in ca. ner halben Stunde wieder hier, falls es noch weitergehen sollte.

markusg 13.01.2013 21:10
hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Severin80 13.01.2013 22:49
Kaum hört man auf seine Mails alle 5 min zu checken und guckt TV, kommt ne Antwort *g*

Ok, hier mein Combofix Log:

Code:
ComboFix 13-01-13.01 - Severin 13.01.2013  22:21:14.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.2332 [GMT 1:00]
ausgeführt von:: c:\users\Severin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-13 bis 2013-01-13  ))))))))))))))))))))))))))))))
.
.
2013-01-13 21:30 . 2013-01-13 21:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-11 22:26 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C752FA1-CB07-43B7-A192-7114628FE9A1}\mpengine.dll
2013-01-11 22:12 . 2013-01-11 22:12        --------        d-----w-        C:\_OTL
2013-01-10 23:18 . 2013-01-10 23:18        --------        d-----w-        c:\users\Severin\AppData\Roaming\Malwarebytes
2013-01-10 23:18 . 2013-01-10 23:18        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-10 23:18 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-10 23:18 . 2013-01-10 23:18        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-10 23:17 . 2013-01-10 23:17        --------        d-----w-        c:\users\Severin\AppData\Local\Programs
2013-01-10 22:24 . 2013-01-10 22:24        --------        d-----w-        c:\program files (x86)\Samsung
2013-01-10 21:03 . 2013-01-11 23:21        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-01-09 08:32 . 2012-11-09 05:45        750592        ----a-w-        c:\windows\system32\win32spl.dll
2013-01-09 08:32 . 2012-11-09 04:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-01-09 08:32 . 2012-11-01 05:43        2002432        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-09 08:32 . 2012-11-01 05:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2013-01-09 08:32 . 2012-11-01 04:47        1389568        ----a-w-        c:\windows\SysWow64\msxml6.dll
2013-01-09 08:32 . 2012-11-01 04:47        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2013-01-09 08:32 . 2012-11-20 05:48        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-09 08:32 . 2012-11-20 04:51        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2013-01-09 08:31 . 2012-11-23 03:13        68608        ----a-w-        c:\windows\system32\taskhost.exe
2013-01-09 08:31 . 2012-11-23 03:26        3149824        ----a-w-        c:\windows\system32\win32k.sys
2012-12-21 13:16 . 2012-12-16 17:11        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-21 13:16 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-21 13:16 . 2012-12-16 14:45        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-21 13:16 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-20 18:56 . 2012-12-20 18:56        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 09:07 . 2010-11-03 17:35        67599240        ----a-w-        c:\windows\system32\MRT.exe
2012-12-20 19:45 . 2010-11-04 17:24        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-12-20 19:45 . 2010-11-04 07:26        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-12-20 19:44 . 2010-11-04 07:26        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-12-13 07:20 . 2012-04-14 19:40        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 07:20 . 2011-06-13 08:45        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 07:06 . 2012-12-12 20:52        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 20:52        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 20:52        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 20:52        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 20:52        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 20:52        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 20:52        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 20:52        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 20:52        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 20:52        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 20:52        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 20:52        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 20:52        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 20:52        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 20:52        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 20:52        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 20:52        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:52        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:52        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:52        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:52        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:52        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 20:19        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:19        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 20:19        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 20:19        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2010-11-02 22:38        59728        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-05-13 05:52        984144        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-11-02 22:38        370288        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-11-02 22:38        71600        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-11-02 22:38        25232        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-11-02 22:38        41224        ----a-w-        c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-11-02 22:38        227648        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-01-14 07:07        285328        ----a-w-        c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-12-12 20:50        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-12 20:50        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-12 20:50        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45        2355224        ----a-w-        c:\program files (x86)\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HotSwap! Applet"="c:\users\Severin\Desktop\HotSwap!.EXE" [2009-01-10 103936]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-12-06 1354736]
"Spotify Web Helper"="c:\users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-04 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"Windows7FirewallControl"="c:\program files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-04-09 753664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-22 25600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-5-5 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-22 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-22 94808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-03 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-22 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-22 94808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29257555
*NewlyCreated* - 73943673
*Deregistered* - 29257555
*Deregistered* - 73943673
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 21:25]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 21:25]
.
2013-01-13 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        133400        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        162552        ----a-w-        c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2010-09-22 1245912]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3078376766-442276371-979753471-1001\Software\SecuROM\License information*]
"datasecu"=hex:fc,3d,7c,44,2a,f5,dd,08,7e,74,b0,3f,7a,d0,b9,2d,df,45,bc,f0,af,
  ca,ae,d7,2c,b3,84,b3,6d,7d,50,26,d5,e4,16,cf,09,27,a0,b4,eb,da,b8,84,a4,67,\
"rkeysecu"=hex:ea,54,87,05,f9,c9,85,3d,fe,ed,bf,d8,93,40,ca,e8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13  22:43:33
ComboFix-quarantined-files.txt  2013-01-13 21:43
.
Vor Suchlauf: 9 Verzeichnis(se), 13.393.481.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 13.240.115.200 Bytes frei
.
- - End Of File - - B48286F69BF3309BFCD72686960C3966

markusg 14.01.2013 20:29
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Severin80 14.01.2013 23:31
Oha, das war stellenweise gar nicht so einfach. Bei den Creative und HP Geschichten (Sounkarte und Drucker) bin ich mir nicht sicher, was ich davon wirklich nutze und was nicht. Ausserdem weiß ich grade nicht mehr für was ich Microsoft .NET installiert hatte. Acrobat, CD Burner und Java scheint in alt und neu dabei zu sein.
Gut und bei manchen Spielen kann man sich über "notwendig" auch streiten. *g*

Hier ist nun erstmal die Liste:

Code:
7-Zip 4.65 (x64 edition)        Igor Pavlov                                03.11.2010        3,98MB        4.65.00.0                        notwendig
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated                13.02.2011                10.0.22.87                        notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated                13.12.2012        6,00MB        11.5.502.135                        notwendig (aber einer von beiden reicht wohl)
Adobe Reader X (10.1.5) - Deutsch        Adobe Systems Incorporated        09.01.2013        122MB        10.1.5                                notwendig
Amazon MP3-Downloader 1.0.9                                                17.10.2011                                                notwendig
AMD Catalyst Install Manager        Advanced Micro Devices, Inc.                11.07.2012        26,2MB        8.0.877.0                        notwendig
Apple Application Support        Apple Inc.                                30.07.2012        61,0MB        2.1.9                                unnötig
Apple Mobile Device Support        Apple Inc.                                30.07.2012        24,9MB        5.2.0.6                                unnötig
Apple Software Update        Apple Inc.                                        14.10.2011        2,38MB        2.1.3.127                        unnötig
avast! Free Antivirus        AVAST Software                                        03.11.2012                7.0.1474.0                        notwendig
Battlefield 3™        Electronic Arts                                                03.11.2011                1.4.0.0                                notwendig
Battlefield: Bad Company™ 2        Electronic Arts                                04.11.2010        5,73GB        1.0.0.0                                notwendig
Battlelog Web Plugins        EA Digital Illusions CE AB                        22.11.2012                2.1.2                                notwendig
BC2CC        i3D.net                                                                26.02.2011                2.3.1.0                                notwendig
BF3CC        i3D                                                                05.01.2012                0.3.0.25                        notwendig
Bing Bar        Microsoft Corporation                                        27.08.2012        464KB        7.1.391.0                        unnötig
Bonjour        Apple Inc.                                                        14.10.2011        2,04MB        3.0.0.10                        unnötig
Bulk Image Downloader v4.35.0.0        Antibody Software                        09.02.2012        13,6MB                                        unnötig
Burnout(TM) Paradise The Ultimate Box        Electronic Arts                        16.11.2011        3,38GB        1.1.0.0                                notwendig
calibre        Kovid Goyal                                                        01.05.2012        126MB        0.8.49                                unnötig
CCleaner        Piriform                                                19.12.2012                3.26                                notwendig
CDBurnerXP        CDBurnerXP                                                12.12.2010        15,7MB        4.3.8.2474                        notwendig
CDBurnerXP        CDBurnerXP                                                23.12.2012        16,9MB        4.5.0.3685                        notwendig (aber einer von beiden reicht wohl)
cFosSpeed v6.02        cFos Software GmbH, Bonn                                02.11.2010                6.02                                notwendig
Creative ALchemy        Creative Technology Limited                        06.01.2011                1.41                                notwendig
Creative Audio Control Panel        Creative Technology Limited                11.11.2011                2.00                                notwendig
Creative Konsole Starter        Creative Technology Limited                06.01.2011                                                notwendig
Creative MediaSource 5        Creative Technology Limited                        06.01.2011                5.26                                notwendig
Creative Software AutoUpdate        Creative Technology Limited                11.11.2011                1.40                                notwendig
Creative Sound Blaster Properties x64 Edition                                11.11.2011                                                notwendig       
Creative WaveStudio 7        Creative Technology Limited                        06.01.2011                7.12                                notwendig
Driver Sweeper Version 2.8.0        Phyxion.net                                05.01.2011        14,0MB        2.8.0                                unnötig
Dropbox        Dropbox, Inc.                                                        23.12.2012                1.6.10                                notwendig
Envisioneer Express 5.0        Cadsoft Corporation                                07.07.2012        331MB        5.0                                unnötig
ESN Sonar        ESN Social Software AB                                        08.11.2012                0.70.0                                unbekannt
GIMP 2.6.8                                                                03.11.2010                                                notwendig
Google Earth        Google                                                        22.11.2011        92,7MB        6.1.0.5001                        unnötig
Google SketchUp 8        Google, Inc.                                        06.07.2012        71,9MB        3.0.14358                        unnötig
GPL Ghostscript        Artifex Software Inc.                                        23.12.2011                9.04                                notwendig
HP Photo Creations        HP Photo Creations                                22.12.2011        40,0MB        1.0.0.5192                        notwendig
HP Photosmart 6510 series - Grundlegende Software für das Gerät        Hewlett-Packard Co.        22.12.2011        164MB        24.0.342.0        notwendig
HP Photosmart 6510 series Hilfe        Hewlett Packard                                22.12.2011        8,71MB        140.0.2.2                        notwendig
HP Product Detection        HP                                                08.05.2012        1,86MB        11.14.0001                        notwendig
HP Update        Hewlett-Packard                                                20.12.2011        3,98MB        5.003.001.001                        notwendig
IrfanView (remove only)        Irfan Skiljan                                        03.11.2010        1,50MB        4.27                                notwendig
iTunes        Apple Inc.                                                        30.07.2012        182MB        10.6.3.25                        notwendig
IZArc 4.1.2        Ivan Zahariev                                                21.11.2010        13,3MB        4.1.2                                unnötig
Java 7 Update 7 (64-bit)        Oracle                                        02.09.2012        127MB        7.0.70                                notwendig
Java 7 Update 9        Oracle                                                        03.09.2012        128MB        7.0.90                                unnötig
Java(TM) 6 Update 24 (64-bit)        Oracle                                        25.04.2011        90,7MB        6.0.240                                unnötig
JavaFX 2.1.1        Oracle Corporation                                        09.07.2012        20,8MB        2.1.1                                unbekannt
JDownloader        AppWork UG (haftungsbeschränkt)                                06.11.2010                                                unnötig
LEGO Digital Designer        LEGO A/S                                        13.02.2011                                                unnötig
Logitech SetPoint 6.15        Logitech                                        04.11.2010        39,0MB        6.15.25                                notwendig
LogMeIn Hamachi        LogMeIn, Inc.                                                20.12.2012                2.1.0.294                        notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        11.01.2013        18,4MB        1.70.0.1100                notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        03.11.2010        38,8MB        4.0.30319                        notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        03.11.2010        2,93MB        4.0.30319        notwendig
Microsoft .NET Framework 4 Extended        Microsoft Corporation                20.11.2010        51,9MB        4.0.30319                        notwendig
Microsoft Silverlight        Microsoft Corporation                                14.05.2012        80,3MB        4.1.10329.0                        notwendig
Microsoft SQL Server Compact 4.0 x64 DEU        Microsoft Corporation        17.04.2012        20,4MB        4.0.8482.1                        unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        09.07.2011        300KB        8.0.61001                        unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        02.11.2010        2,52MB        9.0.21022        unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        04.11.2010        786KB        9.0.30729        unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        09.07.2011        788KB        9.0.30729.6161        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        25.07.2012        1,46MB        9.0.30411        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.09.2011        238KB        9.0.30729        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        02.11.2010        596KB        9.0.30729.4148        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        09.07.2011        600KB        9.0.30729.6161        unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        30.09.2011        13,8MB        10.0.40219        unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        30.09.2011        15,0MB        10.0.40219        unbekannt
Minutor        Sean Kasun                                                        01.04.2012        253KB        1.6.0                                notwendig
MozBackup 1.4.9        Pavel Cvrcek                                                02.11.2010                                                notwendig
Mozilla Firefox 18.0 (x86 de)        Mozilla                                        11.01.2013        43,4MB        18.0                                notwendig
Mozilla Maintenance Service        Mozilla                                        12.01.2013        330KB        17.0.2                                notwendig
Mozilla Thunderbird 17.0.2 (x86 de)        Mozilla                                12.01.2013        43,3MB        17.0.2                                notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation                        17.07.2011        1,27MB        4.20.9870.0                        unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation                        17.07.2011        1,33MB        4.20.9876.0                        unbekannt
Nokia Connectivity Cable Driver        Nokia                                        17.02.2012        3,94MB        7.1.69.0                        notwendig
Nokia Suite        Nokia                                                        20.03.2012                3.3.89.0                        notwendig
OpenAL                                                                        02.11.2010                                                unbekannt
OpenOffice.org 3.4        OpenOffice.org                                        25.07.2012        346MB        3.4.9590                        notwendig
Origin        Electronic Arts, Inc.                                                08.03.2012                8.5.0.4554                        notwendig
PC Connectivity Solution        Nokia                                        17.02.2012        20,8MB        11.5.29.0                        notwendig
PDFCreator        Frank Heindörfer, Philip Chinery                        18.12.2011                1.2.3                                notwendig
Project+ 2.5.1        PHOENIX CONTACT GmbH & Co. KG                                25.11.2012        237MB        2.5.158.1                        unnötig
PunkBuster Services        Even Balance, Inc.                                03.11.2011                0.991                                notwendig
QuickPar 0.9        Peter B. Clements                                        21.11.2010                0.9                                unnötig
Recuva        Piriform                                                        10.12.2010                1.38                                unnötig
Samsung Data Migration        Samsung                                                10.01.2013                0.9.1.23                        notwendig
Sid Meier's Civilization 4        Firaxis Games                                03.11.2010                1.74                                notwendig
Sid Meier's Civilization 4 - Beyond the Sword        Firaxis Games                03.11.2010                3.19                                notwendig
SoundFont-Bank-Manager        Creative Technology Limited                        03.11.2010                3.21                                unbekannt
Spotify        Spotify AB                                                        05.01.2013                0.8.5.1333.g822e0de8                notwendig
Steam        Valve Corporation                                                22.06.2012        37,4MB        1.0.0.0                                notwendig
Studie zur Verbesserung von HP Photosmart 6510 series Produkten        Hewlett-Packard Co.        22.12.2011        8,28MB        24.0.342.0        unnötig
Sweet Home 3D version 3.5        eTeks                                        07.07.2012        99,5MB                                        notwendig
TeamSpeak 3 Client        TeamSpeak Systems GmbH                                04.11.2010                                                notwendig
TeamViewer 8        TeamViewer                                                10.01.2013                8.0.16642                        notwendig
The Dark Eye: Chains of Satinav                                                22.06.2012                                                notwendig
TrueCrypt        TrueCrypt Foundation                                        21.11.2011                7.1                                notwendig
Unity Web Player (All users)        Unity Technologies ApS                        13.02.2011        12,0MB                                        unbekannt
VLC media player 2.0.4        VideoLAN                                        25.11.2012                2.0.4                                notwendig
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        17.02.2012                08/22/2008 7.0.0.0                notwendig
Windows7FirewallControl (i386)        3.5.1.131        Sphinx Software                02.11.2010                3.5.1.131                        notwendig
Winload Toolbar                                                                14.01.2011                                                unbekannt
WinRAR                                                                        03.11.2010                                                notwendig
WISO Mein Geld 2011 Professional        Buhl Data Service GmbH                03.11.2010                                                notwendig
WISO Steuer-Sparbuch 2011        Buhl Data Service GmbH                        21.05.2011                18.00.6928                        notwendig
WISO Steuer-Sparbuch 2012        Buhl Data Service GmbH                        05.05.2012                19.03.7334                        notwendig
WorldPainter 0.6.12        pepsoft.org        05.04.2012                        0.6.12                                                        notwendig
XMedia Recode 3.0.0.5        Sebastian Dörfler                                08.07.2011                3.0.0.5                                notwendig

markusg 15.01.2013 20:51
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bing
Bulk
calibre
Envisioneer
ESN
Google : beide
IZArc
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
LEGO
Project+
QuickPar
Recuva
Studie
Unity
Winload

Öffne CCleaner, analysieren starten, PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Severin80 15.01.2013 22:41
Nabend,

hier das Ergebnis von AdwCleaner:
Code:
# AdwCleaner v2.105 - Datei am 15/01/2013 um 22:38:18 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Severin - SEVERIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Severin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Severin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\prefs.js

Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2319825.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.CurrentServerDate", "14-1-2011");
Gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 14 2011 21:20:47 GMT+0100");
Gefunden : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 14 2011 21:20:51 GMT+0100");
Gefunden : user_pref("CT2319825.FirstServerDate", "14-1-2011");
Gefunden : user_pref("CT2319825.FirstTime", true);
Gefunden : user_pref("CT2319825.FirstTimeFF3", true);
Gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2319825.Initialize", true);
Gefunden : user_pref("CT2319825.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2319825.InstalledDate", "Fri Jan 14 2011 21:20:45 GMT+0100");
Gefunden : user_pref("CT2319825.InvalidateCache", false);
Gefunden : user_pref("CT2319825.IsGrouping", false);
Gefunden : user_pref("CT2319825.IsMulticommunity", false);
Gefunden : user_pref("CT2319825.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2319825.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Fri Jan 14 2011 21:20:54 GMT+0100");
Gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2319825.LastLogin_2.5.8.6", "Fri Jan 14 2011 21:20:46 GMT+0100");
Gefunden : user_pref("CT2319825.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2319825.Locale", "de");
Gefunden : user_pref("CT2319825.LoginCache", 4);
Gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2319825.RadioIsPodcast", false);
Gefunden : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 14 2011 21:20:47 GMT+0100");
Gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gefunden : user_pref("CT2319825.RadioMediaID", "11949532");
Gefunden : user_pref("CT2319825.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gefunden : user_pref("CT2319825.RadioStationName", "1Live");
Gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gefunden : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Fri Jan 14 2011 21:20:46 GMT+0100");
Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Fri Jan 14 2011 21:20:44 GMT+0100");
Gefunden : user_pref("CT2319825.SettingsLastUpdate", "1295011672");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Fri Jan 14 2011 21:20:44 GMT+0100");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2319825.Uninstall", true);
Gefunden : user_pref("CT2319825.UserID", "UN90558805066316415");
Gefunden : user_pref("CT2319825.WeatherNetwork", "");
Gefunden : user_pref("CT2319825.WeatherPollDate", "Fri Jan 14 2011 21:20:51 GMT+0100");
Gefunden : user_pref("CT2319825.WeatherUnit", "C");
Gefunden : user_pref("CT2319825.alertChannelId", "715912");
Gefunden : user_pref("CT2319825.backendstorage.id", "33303134393832");
Gefunden : user_pref("CT2319825.clientLogIsEnabled", true);
Gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2319825.myStuffEnabled", true);
Gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.myheritage.com/?orig=ds&q=[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 14 2011 21:20:47 GMT+0100");

*************************

AdwCleaner[R1].txt - [7746 octets] - [15/01/2013 22:38:18]

########## EOF - C:\AdwCleaner[R1].txt - [7806 octets] ##########
Sollte ich eigentlich auch alles was der CCleaner gefunden hat löschen. Sah ja nur noch nach Resten aus. Ich habs aber erstmal nicht gemacht, weil du das nicht geschrieben hattest.
Mal so interessehalber, wieviele Schritte kommen eigentlich?

MfG Severin


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129